I'm on the process of exploring VPC Enpoints and I've created a problem for myself. In my process using cloudformation I've spawned a bucket with the following bucket policy:
ArtifactBucketPolicy:
Description: Setting Amazon S3 bucket policy for AWS CodePipeline access
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref ArtifactsBucket
PolicyDocument:
Id: SSEAndSSLPolicy
Statement:
- Action: s3:*
Condition:
StringNotEquals:
aws:SourceVpce:
Fn::ImportValue:
!Sub project-03:dev:${AWS::Region}:VPC:ID
Effect: Deny
Principal: '*'
Resource:
- !Sub 'arn:${AWS::Partition}:s3:::${ArtifactsBucket}'
- !Sub 'arn:${AWS::Partition}:s3:::${ArtifactsBucket}/*'
Sid: VPCe
Version: 2012-10-17
and now I'm trying to delete the bucket but even as an admin or root I cannot access the bucket to change the policy or do anything to it.
I've attempted to launch an EC2 in both the private and public subnet with a full admin role attached to it, and ran the following commands:
aws s3 rm s3://BUCKET_NAME/
aws s3api delete-bucket --bucket BUCKET_NAME
but I get the following error
An error occurred (AccessDenied) when calling the ListObjectsV2 operation: Access Denied
I've also made sure that the VPC Endpoint is being used since when I run
sudo traceroute -n -T -p 443 s3.amazonaws.com
and outputs
traceroute to s3.amazonaws.com (52.216.130.45), 30 hops max, 60 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 52.216.130.45 0.662 ms 0.848 ms 0.723 ms
which I believe to mean that the endpoint is being used.
I've logged into the ec2 instances using session manager, and through ssh but still no luck.
Question:
Is there any way for me to delete this bucket?
CodePudding user response:
Based on the comments, to solution was obtained by following AWS guidlines: