AWS Organizations member accounts can now use a simple process through AWS Identity and Access Management (IAM) to regain access to accidentally locked Amazon S3 buckets. With this capability, you can repair misconfigured S3 bucket policies while improving your organization’s security and compliance posture.
IAM now provides centralized management of long-term root credentials, helping you prevent unintended access and improving your account security at scale in your organization. You can also perform a curated set of root-only tasks, using short-lived and privileged root sessions. For example, you can centrally delete an S3 bucket policy in just a few steps. First, navigate to the Root access management page in the IAM console, select an account, and choose Take privileged action. Next, select Delete bucket policy and select your chosen S3 bucket.
AWS Organization member accounts can use this capability in all AWS Regions, including the AWS GovCloud (US) Regions and AWS China Regions. Customers can use this new capability via the IAM console or programmatically using the AWS CLI or SDK. For more information, visit the AWS News Blog and IAM documentation.
Source:: Amazon AWS