Able to overwrite objects even after denying s3:PutOverwriteObject in S3 group policy
Applies to
- StorageGRID 11.7
- S3 group policy
Issue
After creating S3 group policy with deny effect on s3:PutOverwriteObject, the PUT operations is able to overwrite the objects in the bucket.
S3 Group policy:
{
"Statement": [
{
"Sid": "Deny PUT overwrites",
"Effect": "Deny",
"Action": "s3:PutOverwriteObject",
"Resource": [
"arn:aws:s3:::*"
]
}
]
}