AWS Fun Times

[deanwebb]

"Could you please delete this S3 instance I created by mistake?"

***

THREE HOURS LATER

***

Finally found the guy that has root access with his email and he was able to log in and delete the S3 bucket.

ZERO help from Amazon's automated AI-augmented help system. It offered up code that had been deprecated and would do things bit by bit, instead of calling out a full solution. At the end of the day, none of those things worked and we had to get someone to log on as root, which was another ordeal in and of itself.

Amazon Web Services I now consider to have poor support and self-defeating security mechanisms. When the creator of an object, let alone a full admin, can't delete a simple S3 bucket that was created by mistake, there is a serious flaw in their processes and policies.

[Otanx]

Sounds like there is a misconfiguration in the IAM system. I can see valid use cases for someone that can create or write to S3 not being allowed to delete. However, I will agree with you on the lack of support from AWS. I never get responses to emails. I had two users locked out of training. Emailed support, and never heard back. Luckily it wasn't important training, and a few weeks later it just started working. If you are not big enough to have a named point of contact the team monitoring the generic email addresses seem to not exist. Same with their documentation which is what the AI support is using. They change things so fast that the documentation is always outdated.

-Otanx

[deanwebb]

Indeed. We need documentation about what works, but if updating docs isn't a sprint activity for the devs, then it's good-bye docs, casualties of the sprint cycle.