En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

Is there any possibility to lock between policies ?

0

Let's say there is an S3 bucket, which was created by a User through Cloudformation. And the bucket policy is such that there is an explicit "Deny" to delete the Bucket by anyone, including the Root User.

So, is the bucket locked ? Will the bucket not be deleted by normal means , especially, when the Bucket policy or the IAM policy given to the user) cannot be changed by a developer (who is not an admin) ?

Sujets
StockageSécurité, identité et conformité
Balises
Simple service de stockage AmazonGestion des identités et des accès AWSPolitiques IAM
Langue
English
AB
demandé il y a un mois406 vues
1 réponse
0

So, is the bucket locked ? Will the bucket not be deleted by normal means , especially, when the Bucket policy or the IAM policy given to the user) cannot be changed by a developer (who is not an admin) ?

If deletion is explicitly prohibited by the bucket policy, the IAM user cannot delete it.
For example, unless you specify a user who can be deleted using the "Condition" key as shown below, you will not be able to delete it.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Deny",
      "Principal":"*",
      "Action": [
        "s3:DeleteBucket",
        "s3:PutBucketPolicy"
      ],
      "Resource": "arn:aws:s3:::s3-bucket-name",
      "Condition": {
        "StringNotEquals": {"aws:username": "admin"}
      }
    }
  ]
}
profile picture
EXPERT
Riku_Kobayashi
répondu il y a un mois
profile pictureAWS
EXPERT
ben-from-aws
vérifié il y a un mois

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents