NavigationContentFooter
Jump toSuggest an edit

I lost access to a bucket after applying a bucket policy

Reviewed on 15 December 2023Published on 15 December 2023
Security & Identity (IAM)

To perform certain actions described below, you must either be the Owner of the Organization in which the actions will be performed or an IAM user with the necessary permissions.

Problem

When creating and applying a bucket policy to a bucket, you may lose access to the resources within the bucket if your bucket policy was not set properly.

Bucket policies automatically deny actions to users who are not explicitly allowed by a statement.

Important
  • You will lose access to your bucket if you are not the owner of the Organization, and if you are not explicitly allowed by the bucket policy.
  • The owner of the Organization always has the right to put and delete bucket policies, even if he is not allowed to perform other bucket operations by the bucket policy.
  • Each bucket can have only one bucket policy.
  • Pushing a new bucket policy to a bucket overwrites any existing bucket policy.

Cause

If you are not explicitly allowed access to the resources in your bucket, you may see one of the following messages:

  • [CLI] - An error occurred (AccessDenied) when calling the ListObjectsV2 operation: Access Denied

  • [Console] - Failed to update bucket. Retry.

  • [Console] - Failed to load data. Try refreshing the page.

Solution

If you have the permission to apply a bucket policy, you can also delete it. To regain access to the resources stored in your bucket, you can either:

  • delete the current bucket policy using the command below. The bucket will become available to every users with IAM permissions.
    aws s3api delete-bucket-policy --bucket <BUCKET_NAME>
  • apply a new bucket policy in the bucket to allow yourself (or the desired principal) to perform the desired storage operations.
Note

Refer to the bucket policies overview for more information on the different elements of a bucket policy.

Cloud Products & Resources
  • Scaleway Console
  • Compute
  • Storage
  • Network
  • IoT
  • AI
Dedicated Products & Resources
  • Dedibox Console
  • Dedibox Servers
  • Network
  • Web Hosting
Scaleway
  • Scaleway.com
  • Blog
  • Careers
  • Scaleway Learning
Follow us
FacebookTwitterSlackInstagramLinkedin
ContractsLegal NoticePrivacy PolicyCookie PolicyDocumentation license
© 1999-2024 – Scaleway SAS