我的账户有几百个存储桶,我需要展示所有存储桶的加密状态。我想通过CLI完成这个任务,我看到有一个“get-bucket-encryption”命令操作,但我不知道如何运行它以针对所有存储桶而不仅仅是特定存储桶。
我的账户有几百个存储桶,我需要展示所有存储桶的加密状态。我想通过CLI完成这个任务,我看到有一个“get-bucket-encryption”命令操作,但我不知道如何运行它以针对所有存储桶而不仅仅是特定存储桶。
for bucket_name in $(aws s3api list-buckets --query "Buckets[].Name" --output text); do
echo ${bucket_name}
encryption_info=$(aws s3api get-bucket-encryption \
--bucket ${bucket_name} 2>/dev/null)
if [[ $? != 0 ]]; then
echo " - no-encryption"
else
echo " - ${encryption_info}"
fi
done
get-bucket-encryption
会返回错误,因此我假设任何错误都意味着没有加密。在这个稍早之前的问题上,我想要补充一个python3的答案。
和上面提到的Nodejs一样,它也假定您拥有正确的设置凭据以及安装了boto3
SDK。
import boto3, botocore.exceptions
def main():
client = boto3.client('s3')
bucket_list = client.list_buckets()
encrypted_buckets = []
unencrypted_buckets = []
for item in bucket_list['Buckets']:
try:
encryption_info = client.get_bucket_encryption(
Bucket=item['Name']
)
encrypted_buckets.append([item['Name'],(encryption_info['ServerSideEncryptionConfiguration'])])
except botocore.exceptions.ClientError as error:
if error.response['Error']['Code'] == 'ServerSideEncryptionConfigurationNotFoundError':
unencrypted_buckets.append(item['Name'])
print("Encrypted Buckets - Encryption Type")
for item in encrypted_buckets:
print(item)
print("\nUnencrypted Buckets")
for item in unencrypted_buckets:
print(item)
if __name__ == "__main__":
main()
aws s3api list-buckets --query "Buckets[].Name" | jq -r ".[]" | xargs -I {} bash -c "echo {}; aws s3api get-bucket-encryption --bucket {} | jq -r '.ServerSideEncryptionConfiguration.Rules[0].ApplyServerSideEncryptionByDefault.SSEAlgorithm'"
aws-sdk
,则应运行以下内容。const AWS = require('aws-sdk');
const s3 = new AWS.S3();
s3.listBuckets(function(err, data) {
if (err) console.log(err, err.stack);
let bucketData = data.Buckets;
let bucketLength = data.Buckets.length;
for (let i = 0; i < bucketLength; i++) {
var params = {
Bucket: `${bucketData[i].Name}` /* required */
};
s3.getBucketEncryption(params, function(err, data) {
try { // first it will print all non encypted buckets and then vice versa
if(err){
console.log(bucketData[i].Name) // Non Encrypted Bucket List
}
if (data) {
console.log(bucketData[i].Name); // Encrpted Bucket List
}
} catch (err) {}
});
}
});