This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Lost all permissions on bucket, cannot delete it

Posted on 12-09-2024 07:20 AM
pwolfe
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hello all,

Had a bit of a terraform disaster on some buckets that were using authoritative IAM policies. It seems that all accounts that did access to the bucket now do not. Including the owner and org admin accounts.

I've also tried using the org admin account to reset the policy but can't even view the current policy.

Is there any backdoor to reset a bucket to project default IAM?

0 1 212
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
Joy_S
Staff
Reply posted on --/--/---- --:-- AM

Hi @pwolfe 

Unfortunately, there isn't a "backdoor" way to reset IAM policies without the proper permissions but you may try the following workarounds:

  1. Use the gcloud Command Line: The gcloud CLI may help in cases where the Console is limited. If you have the necessary permissions at the project or organization level, you can try to reset the IAM policy using: 
    gcloud storage buckets update BUCKET_NAME --project=YOUR_PROJECT_ID --no-iam-policy
  2. Leverage the Google Cloud Console (if possible): If the IAM policies on the bucket are still linked to the project, try resetting the IAM policy from the project settings:
    1. Go to the IAM & Admin section of your Google Cloud Console.
    2. Check the IAM policies at the project level and ensure that the right roles are assigned for the necessary accounts to access the resources.
  3. Terraform State Recovery: SinceTerraform is involved, you may check the Terraform state file to understand what changes were applied. You might be able to restore previous state configurations by running:   
    terraform plan
terraform apply
    This can help Terraform realize the changes it needs to revert, but you’ll need to ensure your state file isn’t corrupted and properly synced with the infrastructure.

If none of the above steps work and you’re still unable to access or modify the bucket IAM policies you can contact Google Cloud Support to further look into your case. When contacting them, please provide comprehensive details and include screenshots. This will help them better understand and address your issue.

Was this helpful? If so, please accept this answer as “Solution”. If you need additional assistance, reply here within 2 business days and I’ll be happy to help.

 

0 Likes
Top Labels in this Space
Top Solution Authors
View all