Unable to Delete Empty Elastic Beanstalk S3 Bucket

For those who are doing AWS work among the different projects, you will most likely do some storage on S3 (Simple Storage Service) for templates and logs.  Each AWS service has the ability to write its configuration and logs to S3 and is usually a part of the setup wizard.

Sometimes the permissions set by the AWS wizard may leave you with some challenges.  A common and simple example is when using AWS Elastic Beanstalk.  When you clear out an Elastic Beanstalk configuration, the S3 bucket is left behind because it is not deleted as part of the removal process.

Normally, we just select the bucket and then you can empty it and delete it.  This is what happens instead.  First, select your bucket:

s3-eb-bucket-name

Once selected, we  then choose the Delete Bucket option from the Actions button:

01-s3-delete-bucket-button

Then we are disappointed by seeing this error message:

03-s3-delete-bucket-error

Access Denied?!  That shouldn’t be the case.  I’m using an account that does have enhances privileges, and have even attempted it using the root level account for my entire AWS environment.  NOTE:  It’s not recommended to use the root account, but I did try it to prove the point.

Fixing the S3 Bucket Access Denied Issue

The issue is a simple one as it turns out.  Open up the properties for the bucket and click the Edit bucket policy button:

04-s3-edit-bucket-policy-button

When the bucket is created by the system, it is created with a specific bucket policy that has been set to deny the s3:DeleteBucket action: 05-s3-deny-perms

That’s a safety measure so that we don’t accidentally remove the contents which could be driving an active Elastic Beanstalk configuration.  Change the Deny effect to Allow in the JSON editor and save the policy:

06-s3-allow-perms

Once you’ve saved the policy, go ahead with the Delete bucket process under the Actions menu again, and you will see a much more appropriate response.  This time you will see a Done result in the results window.

07-s3-delete-bucket-success

This is one of those oddities around saving ourselves from ourselves by making sure we don’t accidentally delete things.  Sometimes we really do want to delete stuff 🙂

10 thoughts on “Unable to Delete Empty Elastic Beanstalk S3 Bucket”

  1. Thank you – finally got this to work!! Did what I thought was the same thing so many times …. then on the last time, it worked! Lots to learn about AWS!

    Reply
    • Lynette P
      The same thing happened to me. I thought that I had changed the setting a couple of times and it didn’t work. After reading this article, I tried again and it worked!! Must be some magic going on.

      Reply
  2. Thanks mate. Was wondering why I couldn’t delete the bucket (even though I tried as root as the last resort). Saved me a lot of trouble and time.

    Reply

Leave a Reply to Lynette P. Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.