Search code examples

Can't access S3 bucket as root

I've created a bucket with the following policy:

     'Version': '2008-10-17',
     'Statement': [{
         'Sid': 'eb-58950a8c-feb6-11e2-89e0-0800277d041bc',
         'Effect': 'Deny',
         'Principal': {
           'AWS': '*'
         'Action': '*',
         'Resource': bucket.attrArn

which restricts any action on the bucket.

Now I can't do anything with it as any user (which is expected) but also as root (which is a surprise for me). I have Organizations and SCP with full access attached to a root account.

Is there a way to delete the bucket now or should I reach out to support?


  • I was able to delete bucket policy (and access bucket afterwards) with root account and aws cli. To do so you need:

    • get access keys for root account
    • run aws s3api delete-bucket-policy --bucket bucket-name as root

    from the Administrator account I got An error occurred (AccessDenied) when calling the DeleteBucketPolicy operation: Access Denied