1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
0
So, is the bucket locked ? Will the bucket not be deleted by normal means , especially, when the Bucket policy or the IAM policy given to the user) cannot be changed by a developer (who is not an admin) ?
If deletion is explicitly prohibited by the bucket policy, the IAM user cannot delete it.
For example, unless you specify a user who can be deleted using the "Condition" key as shown below, you will not be able to delete it.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Principal":"*",
"Action": [
"s3:DeleteBucket",
"s3:PutBucketPolicy"
],
"Resource": "arn:aws:s3:::s3-bucket-name",
"Condition": {
"StringNotEquals": {"aws:username": "admin"}
}
}
]
}
Contenus pertinents
- demandé il y a un an
- demandé il y a 7 mois
- demandé il y a un an
- AWS OFFICIELA mis à jour il y a 7 mois
- AWS OFFICIELA mis à jour il y a 5 mois
- AWS OFFICIELA mis à jour il y a 2 ans
Just to clarify, the root user can still delete the bucket policy (https://repost.aws/knowledge-center/s3-accidentally-denied-access) but an IAM user would not be able to, as stated by Riku's answer.