S3 global policy is not removing the policy but in cloud watch logs its say it removed but actually not removing

[kumar0705]

policies:

• name: kumar-s3-global-policy
  description: looks for s3 bucket policies containing cross account permissions to accounts
  resource: s3

  filters:

  • and:
    • type: has-statement
      statements:
      • Effect: Allow
        Action: 's3:'
        Principal: ''
        Resource: "arn:aws:s3:::{bucket_name}

  actions:

  • type: remove-statements
    statement_ids: matched
  • type: notify
    template: custodiandefault.html
    priority_header: 2
    to:
    • resource-owner
      subject: "[cloud-custodian {{ account }}] Publicly Exposed S3 Buckets discovered [{{ region }}]"
      violation_desc: "one or more statements in the bucket policy allowed access from AWS accounts"
      action_desc: "these statements have been removed from the bucket policy"
      questions_email: [email protected]
      questions_slack: general
      transport:
      type: sqs
      queue: queue url removed here
      mode:
      type: cloudtrail
      events:
    • source: s3.amazonaws.com
      event: PutBucketPolicy
      ids: "requestParameters.bucketName"
      role: role removed here