Last active
August 1, 2017 19:19
-
-
Save ruanbekker/d1c7247bfc18de04e84d10869c924d0d to your computer and use it in GitHub Desktop.
Get All S3 Bucket Names that is Public Readable, and if so set to Private
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import boto3 | |
| GROUPS_ALLUSERS = 'http://acs.amazonaws.com/groups/global/AllUsers' | |
| GLOBAL_AUTHUSERS = 'http://acs.amazonaws.com/groups/global/AuthenticatedUsers' | |
| s3 = boto3.client('s3') | |
| list_buckets = s3.list_buckets()['Buckets'] | |
| available_buckets = [] | |
| results = [] | |
| # get bucket names | |
| for bucket_name in list_buckets: | |
| available_buckets.append(bucket_name['Name']) | |
| # get bucket-acls | |
| for each_bucket in available_buckets: | |
| try: | |
| acl = s3.get_bucket_acl(Bucket=each_bucket) | |
| for grant in acl['Grants']: | |
| if 'URI' not in grant['Grantee']: | |
| continue | |
| if grant['Grantee']['URI'] in [GROUPS_ALLUSERS, GLOBAL_AUTHUSERS]: | |
| results.append(each_bucket) | |
| continue | |
| if grant['Permission'] == 'READ': | |
| continue | |
| except Exception as e: | |
| continue | |
| if len(results) > 0: | |
| for public_buckets in results: | |
| print("Public Bucket: " + public_buckets) | |
| print("Removing Public Access on: " + public_bucket) | |
| s3.put_bucket_acl(Bucket=public_bucket, ACL='private') | |
| else: | |
| print("No Public Readable Buckets Found") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment