Unable to delete S3 object

0

I am having some trouble deleting an object in S3 via the AWS .NET SDK. The create works fine, but attempting to delete throws an Access Denied error.

Here is the code I am using to try and delete the object:

var request = new DeleteObjectRequest
{
    BucketName = bucketName,
    Key = key
};

var response = await client.DeleteObjectAsync(request);

Here are the policies attached to the user: Enter image description here

I appreciate any help, I am learning all the specifics of AWS and this is the first time I have encountered this issue

asked a month ago44 views
2 Answers
0

Hello.

I think the IAM policy itself works because "AdministratorAccess" is set in the policy.
It's hard to say without seeing the error message, but is it possible that the bucket policy is refusing to delete the object?
If the Deny statement in the bucket policy is set to deny "DeleteObject", object deletion will fail even if the "AdministratorAccess" policy is set.
https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-policies.html

Also, in addition to the bucket policy, please check whether there are any policies set that restrict S3 operations using the IAM user's permission boundary.
Normally, it will be "not set" as shown in the image below, but if something is set, please check the settings.
https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
a

By the way, are you using the correct IAM user?
Is it possible that you are using the wrong IAM user and the IAM policy is not set?
If you can use the AWS CLI, you can use the command below to check the IAM user associated with the access key you are currently using.

aws sts get-caller-identity
profile picture
EXPERT
answered a month ago
  • Does the bucket name you are specifying in your code match the one in your PROD account? Also, make sure that the keys and names of the objects you are trying to delete also match.

0

In this case there are no bucket policies set to deny, Enter image description here

There are also not any permission boundaries set for the user, Enter image description here

I also confirmed that it is the correct user.

The weird thing is that we have a second AWS account which is used as a test environment and the "prod" account is our client's account, and the test account works fine, which has the same setup as the prod one. Very confused as to what else is missing, I do appreciate the help!

answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions