Skip to content

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.
  • Labs icon Lab
  • A Cloud Guru
Google Cloud Platform icon

Preventing Deletion of an Amazon S3 Bucket Using a Resource-Based Policy

In this hands-on lab, you are a software engineer working for a new startup that is launching an online bookstore for rare and antique books. The founder, Kia, needs your help with protecting her data. Since her technical lead is out sick, she's calling on you for assistance. In order to protect the book data stored in S3, you will use a resource-based policy in AWS Identity & Access Management (IAM) to prevent an Amazon S3 bucket from being deleted.

Google Cloud Platform icon

Path Info

Clock icon Intermediate
Clock icon 30m
Clock icon Oct 09, 2020

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.

Table of Contents

  1. Challenge

    Use the AWS Policy Generator to Generate a Resource Policy

    1. Navigate to AWS Policy Generator.
    2. Set the following values:
      • Select Type of Policy: S3 Bucket Policy
      • Effect: Deny
      • Principal: *
      • AWS Service: Amazon S3
      • Actions: DeleteBucket
      • Amazon Resource Name (ARN): *
    3. Click Add Statement.
    4. Click Generate Policy.
    5. Copy the newly generated policy JSON document to the clipboard.
  2. Challenge

    Attach a Resource Policy to an S3 Bucket

    1. Navigate back to the AWS Management Console.
    2. Navigate to S3.
    3. There should be an existing bucket. Click on the bucket name.
    4. Click the Permissions tab.
    5. Scroll down to the Bucket policy section and click Edit.
    6. Paste the previously generated policy in the Policy section.
    7. Copy the Bucket ARN number.
    8. In the bucket policy, locate "Resource" in line 11 and replace * with the copied Bucket ARN number.
    9. Click Save changes.
  3. Challenge

    Test the Resource Policy

    1. Navigate back to S3.
    2. Click on the bucket name.
    3. Click Delete.
    4. In the Delete bucket section, copy the bucket name and paste it in the confirm deletion field.
    5. Click Delete bucket. (NOTE: You will encounter a permission denied message.)
    6. Click Create bucket.
    7. Set a Bucket name as "mytestforacg".
    8. Click Create bucket.
    9. Select the newly created bucket mytestforacg and click Delete.
    10. In the Delete bucket section enter the bucket name, mytestforacg and click Delete Bucket. (NOTE: This bucket should be successfully deleted.)

The Cloud Content team comprises subject matter experts hyper focused on services offered by the leading cloud vendors (AWS, GCP, and Azure), as well as cloud-related technologies such as Linux and DevOps. The team is thrilled to share their knowledge to help you build modern tech solutions from the ground up, secure and optimize your environments, and so much more!

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Provided environment for hands-on practice

We will provide the credentials and environment necessary for you to practice right within your browser.

Guided walkthrough

Follow along with the author’s guided walkthrough and build something new in your provided environment!

Did you know?

On average, you retain 75% more of your learning if you get time for practice.

Start learning by doing today

View Plans