Thursday, July 14, 2016

AWS s3 bucket encryption audit (Updated)

Tool, mentioned in my previous blog post article got some new functionality:

1. batch mode.

$ python --bucket com-company-prod-data-backup --profile prod-read

will check the bucket mentioned and give you the option to save to file or print report on screen

$ --bucket com-company-prod-data-backup --profile prod-read  --file test_results.txt 

will check the bucket mentioned and save report to the file. Very useful for the large buckets with thousands of objects

2. Interactive mode.

run tool, specifying just AWS profile name, and it will scan your account for s3 bucket available and let you choose one for detailed audit.

$ python --profile staging

3. Ability to check if encryption is enforced on the bucket level using AWS bucket policy.

Whatever way you start the tool, it will verify if bucket/buckets has s3 server side encryption enforced: