1 files changed, 17 insertions, 5 deletions

diff --git a/test/s3/iam/s3_iam_framework.go b/test/s3/iam/s3_iam_framework.go
index aee70e4a1..92e880bdc 100644
--- a/test/s3/iam/s3_iam_framework.go
+++ b/test/s3/iam/s3_iam_framework.go
@@ -333,7 +333,7 @@ func (t *BearerTokenTransport) extractPrincipalFromJWT(tokenString string) strin
 		// This is safe because the actual validation happens server-side
 		return []byte("dummy-key"), nil
 	})
-	
+
 	// Even if parsing fails due to signature verification, we might still get claims
 	if claims, ok := token.Claims.(jwt.MapClaims); ok {
 		// Try multiple possible claim names for the principal ARN
@@ -348,7 +348,7 @@ func (t *BearerTokenTransport) extractPrincipalFromJWT(tokenString string) strin
 			}
 		}
 	}
-	
+
 	return ""
 }
 
@@ -693,13 +693,25 @@ func (f *S3IAMTestFramework) CreateBucketWithCleanup(s3Client *s3.S3, bucketName
 
 	if err != nil {
 		// If bucket already exists, clean it up first
-		if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == "BucketAlreadyExists" {
+		if awsErr, ok := err.(awserr.Error); ok && (awsErr.Code() == "BucketAlreadyExists" || awsErr.Code() == "BucketAlreadyOwnedByYou") {
 			f.t.Logf("Bucket %s already exists, cleaning up first", bucketName)
 
-			// Empty the existing bucket
+			// First try to delete the bucket completely
 			f.emptyBucket(s3Client, bucketName)
+			_, deleteErr := s3Client.DeleteBucket(&s3.DeleteBucketInput{
+				Bucket: aws.String(bucketName),
+			})
+			if deleteErr != nil {
+				f.t.Logf("Warning: Failed to delete existing bucket %s: %v", bucketName, deleteErr)
+			}
 
-			// Don't need to recreate - bucket already exists and is now empty
+			// Now create it fresh
+			_, err = s3Client.CreateBucket(&s3.CreateBucketInput{
+				Bucket: aws.String(bucketName),
+			})
+			if err != nil {
+				return fmt.Errorf("failed to recreate bucket after cleanup: %v", err)
+			}
 		} else {
 			return err
 		}