- Newest
- Most votes
- Most comments
Hello.
I think the IAM policy itself works because "AdministratorAccess" is set in the policy.
It's hard to say without seeing the error message, but is it possible that the bucket policy is refusing to delete the object?
If the Deny statement in the bucket policy is set to deny "DeleteObject", object deletion will fail even if the "AdministratorAccess" policy is set.
https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-policies.html
Also, in addition to the bucket policy, please check whether there are any policies set that restrict S3 operations using the IAM user's permission boundary.
Normally, it will be "not set" as shown in the image below, but if something is set, please check the settings.
https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
By the way, are you using the correct IAM user?
Is it possible that you are using the wrong IAM user and the IAM policy is not set?
If you can use the AWS CLI, you can use the command below to check the IAM user associated with the access key you are currently using.
aws sts get-caller-identity
In this case there are no bucket policies set to deny,
There are also not any permission boundaries set for the user,
I also confirmed that it is the correct user.
The weird thing is that we have a second AWS account which is used as a test environment and the "prod" account is our client's account, and the test account works fine, which has the same setup as the prod one. Very confused as to what else is missing, I do appreciate the help!
Relevant content
- asked 2 years ago
- asked a year ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 5 months ago
Does the bucket name you are specifying in your code match the one in your PROD account? Also, make sure that the keys and names of the objects you are trying to delete also match.