Last active
December 13, 2015 20:38
-
-
Save lightpriest/4971525 to your computer and use it in GitHub Desktop.
Remove "Everyone" permission from every key on a S3 bucket.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Remove "Everyone" from every key on a S3 bucket. | |
| # | |
| # Environment variables (see boto for more information): AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY | |
| # | |
| # -b, --bucket: The bucket to scan. | |
| # -l, --log: Only log level is INFO, to list the keys being checked and changed. | |
| # | |
| # Run: remove-everyone.py -b BUCKET -l INFO | |
| import argparse, boto, logging | |
| parser = argparse.ArgumentParser(description='Remove "Everyone" permission for all keys under a bucket') | |
| parser.add_argument('-b', '--bucket', help='The bucket to remove from') | |
| parser.add_argument('-l', '--log', default='WARNING') | |
| args = parser.parse_args() | |
| # Set the log level from arguments | |
| loglevel = getattr(logging, args.log.upper(), None) | |
| if not isinstance(loglevel, int): | |
| raise ValueError('Invalid log level: %s' % args.log) | |
| logging.basicConfig(level=loglevel) | |
| s3 = boto.connect_s3() | |
| bucket = s3.get_bucket(args.bucket) | |
| for key in bucket.get_all_keys(): | |
| logging.info("Checking 'Everyone' permission for %s" % key) | |
| acl = key.get_acl() | |
| # Filter all of the public grants, identified by URI: http://acs.amazonaws.com/groups/global/AllUsers | |
| original = acl.acl.grants | |
| acl.acl.grants = filter(lambda g: g.uri != "http://acs.amazonaws.com/groups/global/AllUsers", acl.acl.grants) | |
| if len(original) != len(acl.acl.grants): | |
| logging.info("REMOVE 'Everyone' permission for %s" % key) | |
| key.set_acl(acl) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment