This pertains to the lab in Chapter 3 (Bucket Policies) of the AWS Certified Security – Specialty 2020 course. I set up the bucket policy with the Explicit Deny as an Admin. I then logged out and back in as a normal S3 user with limited permissions ("Allow" access to the bucket) I had previously added the contradictory deny policy to. The result is that I was denied any sort of access and the point that Explicit Deny policies will always trump an Allow policy was proven.
However, in the next lesson (Ch, 3 (ACL Policies) I was logged in as a Root user in order to delete the policy but even there I was denied access to the bucket! How is this possible? How can I delete the policy or the bucket?
this query, I too cnnot delete the explicit deny bucket policy applied to the bucket, hence cannot delete the bucket. Pls HELP
You’ll need to do this through AWS CLI using root access keys.
Follow the instructions at https://aws.amazon.com/premiumsupport/knowledge-center/s3-accidentally-denied-access/
IMPORTANT: As mentioned in that article, don’t forget to remove the root profile from AWS CLI.