No Plugins; Monolithic
Join us to discuss the challenges, solutions and best practices for in-house JavaScript code sharing. Tuesday, 12/17 at 10am PT/1pm ET.Sign up here »

s3audit

1.2.0 • Public • Published

s3audit

Checks the settings for all S3 buckets in an AWS account for public access

oclif License

For an introduction, read Securing S3 buckets with s3audit

Install

Download and install the latest release from GitHub

Or install the NPM package:

$ npm install -g s3audit

Usage

Node

AWS credentials will be taken from environment variables. It is recommended to run this in combination with AWS Vault

Arguments

s3audit --bucket=s3-bucket=name
s3audit --format=console
s3audit --format=csv
s3audit --enable-check=policy --enable-check=acl
s3audit --disable-check=logging --enable-check=logging

IAM Role

You should use a role which is allowed these actions for all buckets in your account:

s3:ListAllMyBuckets,
s3:GetBucketAcl,
s3:GetBucketLogging,
s3:GetBucketPolicy,
s3:GetBucketPublicAccessBlock,
s3:GetBucketVersioning,
s3:GetBucketWebsite,
s3:GetEncryptionConfiguration
$ aws-vault exec <profile> -- s3audit
 
  ❯ Checking 1 bucket
    ❯ s3audit-demo
      ❯ Bucket public access configuration
        ✖ BlockPublicAcls is set to false
        ✖ IgnorePublicAcls is set to false
        ✖ BlockPublicPolicy is set to false
        ✖ RestrictPublicBuckets is set to false
      ✖ Server side encryption is not enabled
      ✖ Object versioning is not enabled
      ✖ MFA Delete is not enabled
      ✔ Static website hosting is disabled
      ✔ Bucket policy doesn't allow a wildcard entity
      ✔ Bucket ACL doesn't allow access to "Everyone" or "Any authenticated AWS user"
      ✖ Logging is not enabled

Keywords

Install

npm i s3audit

DownloadsWeekly Downloads

1

Version

1.2.0

License

Apache-2.0

Unpacked Size

45.1 kB

Total Files

13

Last publish

Collaborators

  • avatar
  • avatar
  • avatar
  • avatar