NavigationContentFooter
Jump toSuggest an edit

I lost access to a bucket after applying a bucket policy

Reviewed on 03 July 2024Published on 15 December 2023

Before you start

To complete the actions presented below, you must have:

  • Owner status or IAM permissions allowing you to perform actions in the intended Organization

Problem

When creating and applying a bucket policy to a bucket, you may lose access to the resources within the bucket if your bucket policy was not set properly.

Bucket policies automatically deny actions to users who are not explicitly allowed by a statement.

Important
  • You will lose access to your bucket if you are not the owner of the Organization, and if you are not explicitly allowed by the bucket policy.
  • The owner of the Organization always has the right to put and delete bucket policies, even if he is not allowed to perform other bucket operations by the bucket policy.
  • Each bucket can have only one bucket policy.
  • Pushing a new bucket policy to a bucket overwrites any existing bucket policy.

Cause

If you are not explicitly allowed access to the resources in your bucket, you may see one of the following messages:

  • [CLI] - An error occurred (AccessDenied) when calling the ListObjectsV2 operation: Access Denied

  • [CLI] - 403 AccessDenied

  • [Console] - Failed to update bucket. Retry.

  • [Console] - Failed to load data. Try refreshing the page.

Solution

If you have permission to apply a bucket policy, you can also edit it or delete it using the Scaleway console.

  1. Click Object Storage on the left side menu of the console. The Object Storage dashboard displays.

  2. Click the Bucket policies tab.

  3. Click the name of the bucket policy applied to the lost bucket.

  4. Either edit it to grant yourself access, or delete it and create a new one

Note

Refer to the bucket policies overview for more information on the different elements of a bucket policy.

Going further

  • Refer to the bucket policies overview for more information on the different elements of a bucket policy.

  • If you did not manage to identify the error and solve it by yourself, open a support ticket, and provide as many details as possible, along with the necessary information below:

    • Object Storage Endpoint (e.g. s3.fr-par.scw.cloud)
    • Bucket name
    • Object name (if the request concerns an object)
    • Request type (PUT, GET, etc.)
    • HTTP status code
    • Date and time (timestamp)
    • User-agent (SDK, client, console, etc.)
    • Transaction ID (if possible)
    • Log / trace of the error (if possible)
Was this page helpful?
API DocsScaleway consoleDedibox consoleScaleway LearningScaleway.comPricingBlogCareers
© 2023-2024 – Scaleway