How do I create an amazon S3 policy that prevents deleting buckets?

Question

How do I create an amazon S3 policy that prevents deleting buckets? Currently I have this Json. But I want to disable the possibility of deleting buckets.

How do I do that?

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:*",
                "s3-object-lambda:*"
            ],
            "Resource": "*"
        }
    ]
}

References:

S3: How to grant access to multiple buckets?

s3 Policy has invalid action - s3:ListAllMyBuckets

score 1 · Answer 1 · answered Jun 05 '22 at 16:44

1

Try this policy:

{
  "Id": "Policy1654447414913",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1654447407349",
      "Action": [
        "s3:DeleteBucket"
      ],
      "Effect": "Deny",
      "Resource": "arn:aws:s3:::your-example-bucket",
      "Principal": {
        "AWS": [
          "*"
        ]
      }
    }
  ]
}

Don't forget to attach it to the bucket.

The policy was generated with AWS Policy Generator.

answered Jun 05 '22 at 16:44

baduker

19,152
9
33
56

I didnt know about the policy generator, hopefully it can also help others. Thank you – KenobiBastila Jun 05 '22 at 16:47

score 1 · Answer 2 · answered Jun 05 '22 at 21:01

1

S3 buckets can only be deleted if they're empty so what you're wanting may be redundant depending on your use-case.

answered Jun 05 '22 at 21:01

Majdie Gideir

126
5

I tried deleting a bucket with files and it worked. How do you prevent that? – KenobiBastila Jun 06 '22 at 17:37
1

I'm not sure how you've done this as it's in the documentation that you can't delete a bucket with objects in: https://docs.aws.amazon.com/AmazonS3/latest/userguide/delete-bucket.html – Majdie Gideir Jun 07 '22 at 19:34

How do I create an amazon S3 policy that prevents deleting buckets?

2 Answers2