Does s3 lifecycle rules overwrite Deny Delete Bucket or DeleteObject policy is s3 bucket?

1
votes

I have an S3 lifecycle policy that will delete the entire objects inside the bucket.

Are S3 lifecycle deletion rules restricted by S3 Bucket Policy?

I would like to prevent the deletion of S3 buckets storing any log files and the deletion of and log files using the Deny Delete Bucket or DeleteObject policy attached to the s3 buckets.

Below is my policy I have created:

 "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "S3BucketDenyDelete",
            "Effect": "Deny",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:DeleteBucket",
            "Resource": "arn:aws:s3:::"
        },
        {
            "Sid": "S3ObjectDenyDelete",
            "Effect": "Deny",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:DeleteObject",
            "Resource": "arn:aws:s3:::/*"
       }

Will attaching the Deny Delete and Delete object policy still enable the s3 lifecycle rule configuration to remove the objects in the bucket?

1
amazon-web-servicesamazon-s3s3-lifecycle-policy

1 Answers

1
votes

I tested the proccess out of adding a lifecycle policy with Deny Delete and Delete object policy added to s3 bucket.

The s3 lifecycle rules will overwrite the Deny Delete Bucket or DeleteObject policy and you objects will be deleted from the s3 bcuket