I incorrectly configured my bucket policy to deny all users access to my Amazon Simple Storage Service (Amazon S3) bucket. How can I get access to my bucket again?

Warning: This procedure uses AWS account root user credentials (access keys), which AWS recommends using only for emergency or recovery scenarios. Avoid using root user credentials unless necessary. For more information, see Lock Away Your AWS Account Root User Access Keys.

To get access to your bucket again, sign in as the root user, and then delete the bucket policy. To delete the bucket policy using the AWS Command Line Interface (AWS CLI), follow these steps:

1.    Create access keys for the root user.

2.    Configure the AWS CLI with the root user's credentials.

Important: If you configured named profiles on the AWS CLI, then you must create another profile for the root user's credentials.

3.    Delete the bucket policy. If you created a profile for the root user, run the following AWS CLI command. Be sure to enter the root user's profile as the value for --profile:

aws s3api delete-bucket-policy --bucket BUCKETNAME --profile root_profile

If your AWS CLI is configured with the root user's credentials without using a profile, you can run this command:

aws s3api delete-bucket-policy --bucket BUCKETNAME

After you delete the policy, you (the bucket owner) can access the bucket again and set the correct policy. As an AWS security best practice, be sure to do the following after you correct the bucket policy:


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2019-02-01