Last active
June 11, 2019 21:51
-
-
Save david-sanabria/027aee8dd7d9034a784c9e8bdf344600 to your computer and use it in GitHub Desktop.
A simple BASH script that pulls all S3 Buckets out of S3 using the credentials that are configured # for your AWS command line. Requires you to have configured the AWS command line tool (AWS CLI) with your credentials.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # audit-s3-buckets.sh | |
| # David Sanabria, @Philozopher, 30-May-2019 | |
| # CC-BY-SA | |
| # https://creativecommons.org/licenses/by-sa/4.0 | |
| # | |
| # This script pulls all S3 Buckets out of S3 using the credentials that are configured | |
| # for your AWS command line. | |
| # | |
| # USEFUL AWS DOCUMENTATION: | |
| # More variables are available at Amazon: | |
| # https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketOps.html | |
| # AWS CLI for IAM - Getting/setting IAM properties from the terminal | |
| # https://docs.aws.amazon.com/cli/latest/reference/iam/ | |
| # AWS CLI - Getting Started (Setting Up) | |
| # https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html | |
| # AWS CLI - Configuring for "Switch Role" | |
| # https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html | |
| # | |
| # You can specify the --profile to use when running all AWS commands. This may require you | |
| # to enter your MFA if the role is configured to require it. This is configured to | |
| # pull the first argument from your command line | |
| if [ "$#" -eq '1' ]; | |
| then | |
| USE_IAM_PROFILE="--profile $1" | |
| echo "Using AWS config profile [$1]" | |
| elif [ "$#" -gt '1' ]; | |
| then | |
| echo "Usage $0 [aws-config-profile-name]" >2 | |
| exit 1 | |
| fi | |
| [ "$?" -eq '0' ] || exit | |
| echo "S3-BUCKET PROPERTY \"METRICS\"" | |
| for BUCKET in $( aws s3api list-buckets --output text | grep BUCKETS | awk '{print $3}' ) | |
| do | |
| if [ -z "$( aws s3api head-bucket --bucket $BUCKET )" ]; | |
| then | |
| echo "$BUCKET get-bucket-location \"$(aws s3api get-bucket-location --bucket $BUCKET $USE_IAM_PROFILE --output text 2>&1)\"" | |
| echo "$BUCKET get-bucket-encryption \"$(aws s3api get-bucket-encryption --bucket $BUCKET $USE_IAM_PROFILE --output text 2>&1)\"" | |
| echo "$BUCKET get-public-access-block \"$(aws s3api get-public-access-block --bucket $BUCKET $USE_IAM_PROFILE --output text 2>&1)\"" | |
| echo "$BUCKET get-bucket-logging \"$(aws s3api get-bucket-logging --bucket $BUCKET $USE_IAM_PROFILE --output text 2>&1)\"" | |
| else | |
| echo "$BUCKET Unable to 'Head' bucket. No Access? [$?]" | |
| fi | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This script is a very simple way of demonstrating the AWS CLI in a way that non-programmers should be able to read, understand, and potentially use for your own needs.
This script is not a "How to write great BASH" example; of course I could just loop on an array of properties, but then I might scare away non-technical folks (e.g. managers, oversight, etc) who do are not programmers, but still have need of this information.