TrackIt – Cloud Consulting & S/W Development
  • Home
  • Solutions
    • Media & EntertainmentMedia & Entertainment
    • HPC – High Performance ComputingHigh Performance Computing
    • Software DevSoftware Development; Serverless, CI/CD, UI/UX, API Integration
    • Migrate to AWS
    • DevOpsDevOps, AWS Cloud Consulting
    • StorageData Storage
    • Financial Services
  • Services
    • AWS Services
      • AWS Well-Architected Framework
      • Focus on Video AI/ML
      • Chime SDK
      • DevOps Guru
      • Virtual Desktop/Studio in the Cloud
      • Amazon API Gateway
      • AWS Lambda
      • Amazon DynamoDB
      • Amazon EKS
      • Amazon OpenSearch
      • Amazon CloudFront
      • AWS Elemental MediaConvert
    • Hammerspace Integration
    • Focus on Penetration Testing
    • Autodesk Service Provider
  • Resources
    • Blogs
    • White Papers
    • Case Studies
    • Press Releases
    • Trainings and Workshops – Unlock TrackIt’s Power
  • Tools & Apps
    • TrackIt Cost Management App
    • Tagbot
    • AI Video Reviewer
    • Trackflix
  • Managed Services
  • About Us
header image

TrackIt Blogs

Read the latest cloud technology news and learn new tips and tricks to get the most out of your cloud.

  • Contact Us

Categories

Automation AWS data rooms Data Storage DevOps DevTools Monitoring Optimization Services TrackIt

Tags

ami API Aurora aws AWS EC2 AWS S3 AWS Studio in the Cloud chargify Ci Cd Pipeline Circleci cloud Cloud Computing Cognito consul cost optimization dedicated Demonstration DevOps docker Dynamodb ec2 ESXi github Hammerspace hashicorp high availability HP Anyware HPA Tech Retreat 2023 HPTeradici json Marketing Media Workflows nomad open source packer pfSense Postgres public cloud reduce cost Remote Serverless terraform tutorial Video Windows Containers

Mar. 07, 2018

Thibaut Cornolti —

Analyze Your AWS s3 Bucket Permission and Detect Security Problems

The last few months, thousands of s3 buckets have been discovered as public buckets. A total of 10% of AWS s3 buckets are public-configured buckets. We know it can be a lot of work to manually check every bucket. That’s why we are going to explain to you how to analyze every bucket easily and automatically in a few minutes to avoid a potentially dangerous data exposure. A�

S3 ACL Viewer

S3 ACL Viewer is a tool available here, allowing you to analyze your buckets. A�

Configuration of AWS IAM

The tool needs access to your AWS account.

– Go to AWS IAM

– Click on Users on the left-side menu

– Click onA�Add user Add your AWS IAM user in order to analyze your AWS S3 bucket – Choose a username and checkA�Programmatic access programmatic access – Click onA�Next: Permissions

– Click onA�Attach existing policies directly

– CheckA�AmazonS3ReadOnlyAccess attach existing directly – Click onA�Next: Review

– Click onA�Create user

– Copy the credentialsA�Access key ID andA�Secret access key

– Create ~/.aws/credentials file and put the credentials you copied here in this format:

[default]
aws_access_key_id = <your access key ID goes here>
aws_secret_access_key = <your secret_access_key goes here>

Use Existing Configured IAM User

Use your existing credentials or profile if you have a file ~/.aws/credentials like this:

[default]
aws_access_key_id = <your access key ID goes here>
aws_secret_access_key = <your secret_access_key goes here>
[my_profile_name]
aws_access_key_id = <your access key ID goes here>
aws_secret_access_key = <your secret_access_key goes here>

And pass the profile name in argument (default if nothing):


gt; ./s3-acl-viewer -p my_profile_name

(Optional) Configure the Google Spreadsheet Report

If you want to generate a report on Google Spreadsheet, follow the first step of the instructions to setup credentials and API access. A�

Installation

Clone the repository by typing:


gt; git clone git@github.com:trackit/s3-acl-viewer.git


gt; cd s3-acl-viewer

Usage


gt; ./s3-acl-viewer -h
usage: s3-acl-viewer [-h] [–auth_host_name AUTH_HOST_NAME]
[–noauth_local_webserver]
[–auth_host_port [AUTH_HOST_PORT [AUTH_HOST_PORT …]]]
[–logging_level {DEBUG,INFO,WARNING,ERROR,CRITICAL}]
[-p [PROFILE [PROFILE …]]] [-n NAME] [-g] [-x] [-c] [-s]

optional arguments:
-h, –help show this help message and exit
–auth_host_name AUTH_HOST_NAME
Hostname when running a local web server.
–noauth_local_webserver
Do not run a local web server.
–auth_host_port [AUTH_HOST_PORT [AUTH_HOST_PORT …]]
Port web server should listen on.
–logging_level {DEBUG,INFO,WARNING,ERROR,CRITICAL}
Set the logging level of detail.
-p [PROFILE [PROFILE …]], –profile [PROFILE [PROFILE …]]
aws profiles. [default] by default.
-n NAME, –name NAME spreadsheet name. [s3_report] by default.
-g, –gspread create a google spreadsheet.
-x, –xlsx create a xlsx spreadsheet.
-c, –csv create a csv file.
-s, –silent disable printing.
Note:A�Arguments –auth_host_name, -noauth_local_webserver, –auth_host_port and –loging_level are generated by the Google Spreadsheet implementation. A�

Generate a Report

If you want to generate a report in CSV, XLSX and Google Spreadsheet and if you want to print that report, type:

./s3-acl-viewer -gxc -p my_profile_1 my_profile_2

-g meansA�Upload the report on my Google Drive in the Google Spreadsheet format. You need to configure the API as explained above.

-x meansA�Create a .xlsx file (Microsoft Excel).

-c meansA�Create a standard .csv file.

-p my_profile_1 my_profile_2 meansA�Generate the report by analyzing that account.

The command will produce print report as standard output, gspread report with the Google Spreadsheet flag, xlsx report with the Microsoft Excel flag, and csv report with the CSV flag.

About TrackIt

TrackIt, an Amazon Web Services Advanced Consulting Partner based in Marina del Rey, CA, offers a range of cloud management, consulting, and software development solutions. Their expertise includes Modern Software Development, DevOps, Infrastructure-As-Code, Serverless, CI/CD, and Containerization, with a focus on Media & Entertainment workflows, High-Performance Computing environments, and data storage.

TrackIt excels in cutting-edge software design, particularly in the areas of containerization, serverless architectures, and pipeline development. The company’s team of experts can help you design and deploy a custom solution tailored to your specific needs.

In addition to cloud management and modern software development services, TrackIt also provides an open-source AWS cost management tool to help users optimize their costs and resources on the platform. With its innovative approach and expertise, TrackIt is the ideal partner for organizations seeking to maximize the potential of their cloud infrastructure.

AWS s3 bucket permission - logo trackit
Previous Next

AWS Advanced Consulting Partner - Cloud Management, Consulting, and Software Development Solutions

Quick links

    • Home
    • Solutions
    • Services
    • White Papers
    • Blog
    • About Us

Tools & Apps

    • TrackIt AI Video Reviewer
    • Trackflix
    • TrackIt App
    • Tagbot

get in touch

    • Phone: +1 323-230-0042
    • Email: info@trackit.io

    • TrackIt 578 Washington Blvd #260 Marina Del Rey, CA 90292
  • @TrackIt 2022