BucketPolicy / Action / delete
This implementation of the DELETE action uses the policy subresource to delete the policy of a specified bucket. If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the
DeleteBucketPolicypermissions on the specified bucket and belong to the bucket owner’s account to use this operation.
If you don’t have
DeleteBucketPolicypermissions, Amazon S3 returns a
403 Access Deniederror. If you have the correct permissions, but you’re not using an identity that belongs to the bucket owner’s account, Amazon S3 returns a
405 Method Not Allowederror.
To ensure that bucket owners don’t inadvertently lock themselves out of their own buckets, the root principal in a bucket owner’s Amazon Web Services account can perform the
DeleteBucketPolicyAPI actions, even if their bucket policy explicitly denies the root principal’s access. Bucket owner root principals can only be blocked from performing these API actions by VPC endpoint policies and Amazon Web Services Organizations policies.
For more information about bucket policies, see Using Bucket Policies and UserPolicies.
The following operations are related to
See also: AWS API Documentation
response = bucket_policy.delete( ExpectedBucketOwner='string' )
ExpectedBucketOwner (string) – The account ID of the expected bucket owner. If the bucket is owned by a different account, the request fails with the HTTP status code
403 Forbidden(access denied).