amazon-web-servicesamazon-ec2aws-organizations

Can't access S3 bucket as root


I've created a bucket with the following policy:

{
     'Version': '2008-10-17',
     'Statement': [{
         'Sid': 'eb-58950a8c-feb6-11e2-89e0-0800277d041bc',
         'Effect': 'Deny',
         'Principal': {
           'AWS': '*'
         },
         'Action': '*',
         'Resource': bucket.attrArn
       }]
   }

which restricts any action on the bucket.

Now I can't do anything with it as any user (which is expected) but also as root (which is a surprise for me). I have Organizations and SCP with full access attached to a root account.

Is there a way to delete the bucket now or should I reach out to support?


Solution

  • I was able to delete bucket policy (and access bucket afterwards) with root account and aws cli. To do so you need:

    from the Administrator account I got An error occurred (AccessDenied) when calling the DeleteBucketPolicy operation: Access Denied