如何解锁或删除无意中被存储桶策略锁定的 AWS S3 存储桶?

How do I unlock or delete an AWS S3 bucket that inadvertently locked with a bucket policy?

我是 AWS 账户所有者,管理员(IAM 和 root 密码 - 我知道不推荐,但有一些依赖 root pw 的遗留应用程序)。我最近添加了一个存储桶策略,该策略随后使存储桶锁定为我无法访问:

$ aws s3 rb s3://<my-bucket> --force
A client error (AccessDenied) occurred when calling the ListObjects operation:   Access Denied
Completed 1 part(s) with ... file(s) remaining
remove_bucket failed: s3://<my-bucket>/ A client error (AccessDenied) occurred when calling the DeleteBucket operation: Access Denied

我尝试了 CLI 和 AWS S3 控制台,但只收到错误:Sorry! You do not have permissions to view this bucket.

这个桶完全是空的,这让我松了一口气,但我需要使用这个特定的名称,但因为我无法用它做任何事情而卡住了。

我希望我不是唯一经历过这种困境的人。

(P.S。- 我会 post 我使用的确切存储桶策略,但我是使用控制台创建它的,如果我怀疑我输入的某些部分不正确,我无法理解 copy/paste 在这里为您提供...)

此致,杰夫。

由于您是root用户,我认为这种方法可能会有所帮助:

第 1 步:创建 IAM 用户。

第 2 步:创建具有删除存储桶权限的策略并将其与第 1 步中创建的 IAM 用户相关联。

第 3 步:将用户关联到您的 s3 存储桶。

使用创建的用户凭据登录并尝试删除存储桶。

如果您以 root 用户身份登录,请转到 S3 管理控制台并找到存储桶。

Select 列表中的桶没有打开它。

单击 "actions",然后单击 "properties"。

删除 "permissions" 部分中的存储桶策略。

然后使用 "actions" 菜单删除存储桶。

直接来自 AWS 支持:

Hello,

G** here with AWS Support. I understand that your bucket policy for S3 bucket ‘s3-bucket-name’ prevents access, or removal of bucket. There are a couple of ways you can delete the bucket policy as follows and then delete the bucket itself:

  1. Log into the AWS S3 Console with root credentials. Please note that the root account is different than an account with ‘Administrator Access’ [1]. The root account should have access to modify/delete this bucket policy. Unfortunately, I have noticed that this is a fickle option which only works sometimes. OR
  2. (Option works all of the time) Delete bucket policy through AWS cli as follows (Linux and Windows options):

Via Linux: $ export AWS_DEFAULT_REGION= us-east-1 $ export AWS_ACCESS_KEY_ID="ROOT_KEY_ID" $ export AWS_SECRET_ACCESS_KEY="ROOT_SECRET_KEY" $ aws s3api delete-bucket-policy --bucket s3-bucket-name

Via Windows: set AWS_DEFAULT_REGION= us-east-1 set AWS_ACCESS_KEY_ID="ROOT_KEY_ID" set AWS_SECRET_ACCESS_KEY="ROOT_SECRET_KEY" aws s3api delete-bucket-policy --bucket s3-bucket-name

If so, could you please provide the output for the following after setting up your root account credentials: $ aws s3api delete-bucket-policy --bucket s3-bucket-name --debug

Note that these are both using root account credentials. Please attempt these methods and let me know if you have any issue. I hope this information was helpful. Please feel free to reach out to me with any additional questions or concerns.

[1] Root Account vs IAM User - http://docs.aws.amazon.com/es_es/general/latest/gr/root-vs-iam.html

Best regards, G**

选项 2 对我有用。

干杯!