Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Is there any possibility to lock between policies ?

0

Let's say there is an S3 bucket, which was created by a User through Cloudformation. And the bucket policy is such that there is an explicit "Deny" to delete the Bucket by anyone, including the Root User.

So, is the bucket locked ? Will the bucket not be deleted by normal means , especially, when the Bucket policy or the IAM policy given to the user) cannot be changed by a developer (who is not an admin) ?

Argomenti
ArchiviazioneSicurezza, identità e conformità
Tag
Servizio di archiviazione semplice di AmazonGestione identità e accesso AWSPolitiche IAM
Lingua
English
AB
posta un mese fa406 visualizzazioni
1 Risposta
0

So, is the bucket locked ? Will the bucket not be deleted by normal means , especially, when the Bucket policy or the IAM policy given to the user) cannot be changed by a developer (who is not an admin) ?

If deletion is explicitly prohibited by the bucket policy, the IAM user cannot delete it.
For example, unless you specify a user who can be deleted using the "Condition" key as shown below, you will not be able to delete it.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Deny",
      "Principal":"*",
      "Action": [
        "s3:DeleteBucket",
        "s3:PutBucketPolicy"
      ],
      "Resource": "arn:aws:s3:::s3-bucket-name",
      "Condition": {
        "StringNotEquals": {"aws:username": "admin"}
      }
    }
  ]
}
profile picture
ESPERTO
Riku_Kobayashi
con risposta un mese fa
profile pictureAWS
ESPERTO
ben-from-aws
verificato un mese fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente