With IAM, you can centrally manage users, security credentials such as access keys, and permissionsthat control which AWS resources users can access. In some cases, you might have an IAM user with full access to IAM and Amazon S3. If the IAM userassigns a bucket policy to an Amazon S3 bucket and doesn't specify the root user as a principal, the root user is denied access to that bucket. However, as the root user, you can still access the bucketby modifying the bucket policy to allow root user access. Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/iam-troubleshooting.html#testing2