This action deletes an Amazon S3 on Outposts bucket policy. To delete an S3 bucket policy, see DeleteBucketPolicy in the Amazon S3 API Reference .
This implementation of the DELETE action uses the policy subresource to delete the policy of a specified Amazon S3 on Outposts bucket. If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the
s3-outposts:DeleteBucketPolicy permissions on the specified Outposts bucket and belong to the bucket owner’s account to use this action. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide .
If you don’t have
DeleteBucketPolicy permissions, Amazon S3 returns a
403 Access Denied error. If you have the correct permissions, but you’re not using an identity that belongs to the bucket owner’s account, Amazon S3 returns a
405 Method Not Allowed error.
As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this action, even if the policy explicitly denies the root user the ability to perform this action.
For more information about bucket policies, see Using Bucket Policies and User Policies .
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of
x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of
s3-control . For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the
x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following actions are related to
See also: AWS API Documentation
delete-bucket-policy --account-id <value> --bucket <value> [--cli-input-json | --cli-input-yaml] [--generate-cli-skeleton <value>] [--debug] [--endpoint-url <value>] [--no-verify-ssl] [--no-paginate] [--output <value>] [--query <value>] [--profile <value>] [--region <value>] [--version <value>] [--color <value>] [--no-sign-request] [--ca-bundle <value>] [--cli-read-timeout <value>] [--cli-connect-timeout <value>] [--cli-binary-format <value>] [--no-cli-pager] [--cli-auto-prompt] [--no-cli-auto-prompt]
The account ID of the Outposts bucket.
Specifies the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format
arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket
my-outpostowned by account
us-west-2, use the URL encoding of
arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.
Reads arguments from the JSON string provided. The JSON string follows the format provided by
--generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value
input, prints a sample input JSON that can be used as an argument for
--cli-input-json. Similarly, if provided
yaml-input it will print a sample input YAML that can be used with
--cli-input-yaml. If provided with the value
output, it validates the command inputs and returns a sample output JSON for that command. The generated JSON skeleton is not stable between versions of the AWS CLI and there are no backwards compatibility guarantees in the JSON skeleton generated.
Turn on debug logging.
Override command’s default URL with the given URL.
By default, the AWS CLI uses SSL when communicating with AWS services. For each SSL connection, the AWS CLI will verify SSL certificates. This option overrides the default behavior of verifying SSL certificates.
Disable automatic pagination.
The formatting style for command output.
A JMESPath query to use in filtering the response data.
Use a specific profile from your credential file.
The region to use. Overrides config/env settings.
Display the version of this tool.
Turn on/off color output.
Do not sign requests. Credentials will not be loaded if this argument is provided.
The CA certificate bundle to use when verifying SSL certificates. Overrides config/env settings.
The maximum socket read time in seconds. If the value is set to 0, the socket read will be blocking and not timeout. The default value is 60 seconds.
The maximum socket connect time in seconds. If the value is set to 0, the socket connect will be blocking and not timeout. The default value is 60 seconds.
The formatting style to be used for binary blobs. The default format is base64. The base64 format expects binary blobs to be provided as a base64 encoded string. The raw-in-base64-out format preserves compatibility with AWS CLI V1 behavior and binary values must be passed literally. When providing contents from a file that map to a binary blob
fileb:// will always be treated as binary and use the file contents directly regardless of the
cli-binary-format setting. When using
file:// the file contents will need to properly formatted for the configured
Disable cli pager for output.
Automatically prompt for CLI input parameters.
Disable automatically prompt for CLI input parameters.