I accidentally denied everyone access to my Amazon S3 bucket. How do I regain access?

Last updated: 2021-09-16

I incorrectly configured my bucket policy to deny all users access to my Amazon Simple Storage Service (Amazon S3) bucket. How can I get access to my bucket again?

Resolution

To get access to your bucket again, sign in to the Amazon S3 console as the AWS account root user, and then delete the bucket policy.

Warning: Do not use the root user for everyday tasks. Limit the use of these credentials to only the tasks that require you to sign in as the root user. Note that root credentials aren't the same as an AWS Identity Access Management (IAM) user or role with full administrator access. Also, IAM policies with allow or deny permissions can't be attached to the root account.

Follow these steps:

1.    Sign in to the AWS Management Console as the account root user.

2.    Open the Amazon S3 console.

3.    Navigate to the bucket that all users are locked out of.

4.    Choose the Permissions tab.

5.    Choose Bucket Policy.

6.    Choose Delete.

7.    On the Delete bucket policy page, confirm that you want to delete the bucket policy by entering delete into the text field.

8.    Choose Delete again.

9.    Sign out of the AWS Management Console.

10.    (Optional) As a best practice, the account administrator can rotate the root user password.

After the root user deletes the bucket policy, an IAM user (with bucket access) can apply a new bucket policy with the correct permissions. For more information, see Bucket policy examples and How do I add an S3 bucket policy?


Did this article help?


Do you need billing or technical support?