How to fix 'Access Denied' while deleting empty S3 Elastic Beanstalk?

Question

I've noticed some Elastic Beanstalk is drawing about $20 to $30 every month on my AWS account and it turns out it is an empty S3 bucket.

I tried deleting it but it returns "Access Denied" error.

I also tried to use life cycle to remove it, but it also didn't work. Here is how I set up the life cycle:

I set it to remove 1 day after creation

Answer 1

go to buckets--> permissions --> click on edit bucket policy and then then delete the policy then you can easily able to delete bucket

Answer 2

The bucket can be deleted only in the following 3 steps:

1. Select the bucket to be deleted then click on Permission section in opened drawer window

2. Click on Bucket Policy button

3. Replace Deny word with Allow in the object that has "Action": "s3:Deletebucket" line then click on Save button

Thereafter you can delete the bucket.

Figure for step 1:

Figure for step 2:

Figure for step 3:

Answer 3

Very short and simple approach would be (if you are sure that you no longer require the bucket) is to remove the bucket policy and then try to delete the bucket. Works in all cases. As the bucket is created by Elastic Beanstalk and configured policy will not allow any changes/delete by other users. Removing policy will allow you to perform action.

Answer 4

By default, Elastic Beanstalk set some policies on your bucket that prevents the delete operation on the bucket to prevent accidental deletion of the bucket.

I highlighted the operation in red in the image below.

Step to delete the bucket:

• Click on the bucket name
• Click on the Permissions tab between Properties and Management tab
• Click on the Bucket Policy tab
• Once you are in the bucket policy tab, click the delete button on the policy

Once complete, you go back to the list of the buckets and try to delete the bucket now.

DONE

Happy Coding

Answer 5

I also came across the same error while deleting the bucket created by EBS "Access Denied" because by default EBS denies DELETE operation on s3 bucket create by it as it is used by EBS for storing logs of application any other pieces of information. To delete it you have to change the bucket's policy Steps:- Bucket => Properties => Permissions => Bucket Policy edit the bucket policy where "Action": "s3:DeleteBucket" change the "Effect": "Deny" to "Effect": "Allow"

Answer 6

This is Elastic beanstalk resection to save your accidental deletion. you can solve this issues by following 2 steps.

1. Grantee permission to upload and delete
2. Edit bucket policy by bucket => Properties => Permissions => Edit bucket policy and set allow "Effect": "Allow" from "Effect": "Deny"

Check below screenshot for more help.

Permission SCreenshot:

Bucket Policy

Answer 7

Elastic beanstalk added this restriction automatically as it creates the bucket. To remove it you will first have to empty the bucket out.

Once done, select the bucket --> Properties --> Permissions --> Edit bucket policy.

You will now see the permissions Elastic Beanstalk automatically added to that bucket. Scroll to where you find the "Action": "s3:DeleteBucket", above that Change "Effect": "Deny" to "Effect": "Allow"

Once done, save change and delete the bucket.

Answer 8

Check the bucket policy on the S3 bucket. The bucket name seems to be the standard bucket that beanstalk creates to store your application versions, logs etc. To prevent accidental deletion of the bucket, the bucket policy denies delete permission. You can update the permissions on the S3 bucket policy to allow delete from your root account. Most likely your bucket policy currently does not allow deletion of the bucket. Then you will be able to delete the bucket.

Read more about S3 bucket permissions here: http://docs.aws.amazon.com/AmazonS3/latest/UG/EditingBucketPermissions.html