s3audit-ts
This is an open source project published by The Scale Factory.
We currently consider this project to be hibernating. For our replacement (implemented in Rust), see s3audit-rs.
As a hibernated project, that means weβre no longer prioritising it, we are currently doing minimal maintenance for the benefit of the few customers we support who still use them.
βΉοΈ Weβre not regularly patching these projects, or actively watching for issues or PRs. Weβll periodically make updates or respond to contributions if one of the team has some spare time to invest.
Checks the settings for all S3 buckets in an AWS account for public access
For an introduction, read Securing S3 buckets with s3audit
Install
Download and install the latest release from GitHub
Or install the NPM package:
$ npm install -g s3auditUsage
Node
AWS credentials will be taken from environment variables. It is recommended to run this in combination with AWS Vault
Arguments
s3audit --bucket=s3-bucket=name
s3audit --format=console
s3audit --format=csv
s3audit --enable-check=policy --enable-check=acl
s3audit --disable-check=logging --enable-check=logging
IAM Role
You should use a role which is allowed these actions for all buckets in your account:
s3:ListAllMyBuckets,
s3:GetBucketAcl,
s3:GetBucketLogging,
s3:GetBucketPolicy,
s3:GetBucketPublicAccessBlock,
s3:GetBucketVersioning,
s3:GetBucketWebsite,
s3:GetEncryptionConfiguration
$ aws-vault exec <profile> -- s3audit
β― Checking 1 bucket
β― s3audit-demo
β― Bucket public access configuration
β BlockPublicAcls is set to false
β IgnorePublicAcls is set to false
β BlockPublicPolicy is set to false
β RestrictPublicBuckets is set to false
β Server side encryption is not enabled
β Object versioning is not enabled
β MFA Delete is not enabled
β Static website hosting is disabled
β Bucket policy doesn't allow a wildcard entity
β Bucket ACL doesn't allow access to "Everyone" or "Any authenticated AWS user"
β Logging is not enabled