1回答
- 新しい順
- 投票が多い順
- コメントが多い順
0
So, is the bucket locked ? Will the bucket not be deleted by normal means , especially, when the Bucket policy or the IAM policy given to the user) cannot be changed by a developer (who is not an admin) ?
If deletion is explicitly prohibited by the bucket policy, the IAM user cannot delete it.
For example, unless you specify a user who can be deleted using the "Condition" key as shown below, you will not be able to delete it.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Principal":"*",
"Action": [
"s3:DeleteBucket",
"s3:PutBucketPolicy"
],
"Resource": "arn:aws:s3:::s3-bucket-name",
"Condition": {
"StringNotEquals": {"aws:username": "admin"}
}
}
]
}
Just to clarify, the root user can still delete the bucket policy (https://repost.aws/knowledge-center/s3-accidentally-denied-access) but an IAM user would not be able to, as stated by Riku's answer.