stackoom
  简体   繁体   中英

AWS S3 Bucket created with force_delete=true fails to delete with Access Denied via terraform

 原文  2022-12-28 22:41:05       amazon-s3/ terraform

Question

I create an s3 bucket via terraform for the purpose of storing VPC Flow Logs:

resource "aws_s3_bucket" "bucket" {
  bucket                      = local.bucket_name
  force_destroy               = true
  tags                        = var.tags
}

After the bucket is created, and flow-log service is created, there are a few entries under "/AWSLogs/..."

after I remove the flow-log service I attempt the terraform destroy, but it fails with the following entry, one for each object:

deleting: S3 object (AWSLogs/.../...98d659c.log.gz) version (null): AccessDenied: Access Denied

there are no policies, because they get deleted first.

ACLs are bucket owner and s3 log delivery group have full access, the rest are turned off. and owner is set to data.aws_canonical_user_id.current.id

1 answers

solution1
 0  2022-12-28 22:59:02

ACL permissions are not quite enough. The IAM role you are using requires the s3:DeleteObject* permissions.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Delete a bucket in S3 Cloudfront give Access denied response created through AWS CDK Python for S3 bucket origin without public Access AWS S3 Bucket - Access Denied on Sub-Pages AWS Lambda S3 Access Denied how to delete files from amazon s3 bucket? aws cloudformation snippet for S3 Bucket to apply LifecycleConfiguration to delete all existing versions How to delete files recursively from an S3 bucket Terraform - Enabling Access Load balancer logs InvalidConfigurationRequest: Access Denied for bucket Limited access to AWS S3 bucket: Wordpress links User wise restricted access of s3 bucket media URL (AWS)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM