You Locked Yourself Entirely Out Of Your S3 Bucket, Now What?

Summary

The article provides a solution for regaining access to an Amazon S3 bucket after accidentally locking oneself out with an incorrect bucket policy.

Abstract

The author shares a personal experience of mistakenly setting a bucket policy that resulted in complete inaccessibility to an S3 bucket, including the inability to view or edit objects and policies within it. Despite the lockout, the bucket continued to incur storage charges. The article highlights AWS's provision that allows the root user of an account to override the bucket policy and regain control. The solution involves logging in as the root user, navigating to the affected bucket, and modifying or deleting the restrictive policy to restore access. The author reassures readers that such mistakes are common and AWS support is available for assistance, including potential charge reversals for one-time incidents. The article concludes with a reminder to engage with the community by clapping, following, and exploring additional content and newsletters from PlainEnglish.io.

Opinions

The author acknowledges that locking oneself out of an S3 bucket is a common mistake among AWS users.
AWS has anticipated such user errors and provides a mechanism for the root user to bypass bucket policies to resolve access issues.
The author expresses confidence in AWS support's willingness to help and potentially offer refunds for inadvertent charges, especially for non-repeated offenses.
The article conveys a sense of community and encourages reader engagement through clapping, following, and exploring more content from PlainEnglish.io.

You aren’t the first one to do it

Recently, I had a situation where I was adjusting a bucket policy on one of my buckets, and I unintentionally made the mistake of completely locking everyone out of my bucket.

Unfortunately, this bucket was storing some objects, so I was still accruing storage charges regardless of whether I could access it. This is quite a pickle to be in because you cannot edit or view your objects, your bucket policy, or do anything else.

Luckily, whenever you make a mistake in the cloud, you can rest assured that you are not the first one. For this particular situation, AWS has reserved the rights for the root user on an account to edit a bucket policy regardless of what the policy actually says.

It’s a simple fix; all you need to do is log in to your account as the root user, navigate to the bucket in question, and while everything else is still locked down, you’ll notice that you can view and edit the policy.

Just edit your policy to give access again (or delete it and start over with a new policy), and the problem is solved!

Now, if you log back in as your regular IAM user, you can go in and do what you need to with your bucket. Or, in my case, delete the stored objects as I no longer needed them.

Hopefully this helps you out if you find yourself in this situation. As I mentioned earlier, you are not the first person to make a given mistake, so there is certainly a way to fix anything you break.

Worst case scenario, AWS support is quite friendly when it comes to accidentally accruing charges (as long as you are not a repeat offender), so you can just reach out to them to plead your case and ask for a refund.

You Locked Yourself Entirely Out Of Your S3 Bucket, Now What?

You aren’t the first one to do it

In Plain English