1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
So, is the bucket locked ? Will the bucket not be deleted by normal means , especially, when the Bucket policy or the IAM policy given to the user) cannot be changed by a developer (who is not an admin) ?
If deletion is explicitly prohibited by the bucket policy, the IAM user cannot delete it.
For example, unless you specify a user who can be deleted using the "Condition" key as shown below, you will not be able to delete it.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Principal":"*",
"Action": [
"s3:DeleteBucket",
"s3:PutBucketPolicy"
],
"Resource": "arn:aws:s3:::s3-bucket-name",
"Condition": {
"StringNotEquals": {"aws:username": "admin"}
}
}
]
}
Just to clarify, the root user can still delete the bucket policy (https://repost.aws/knowledge-center/s3-accidentally-denied-access) but an IAM user would not be able to, as stated by Riku's answer.