How to find all public objects of any of my owned S3 buckets?
How can one find all public objects of any of the current account owned S3 buckets?
Either trough the aws s3
command line, through the console or through some specialized AWS service.
Good question!
The most out of the box method would be Trusted Advisor comes with a security check for S3 Buckets "Checks buckets in Amazon Simple Storage Service (Amazon S3) that have open access permissions or allow access to any authenticated AWS user. Bucket permissions that grant List access can result in higher than expected charges if objects in the bucket are listed by unintended users at a high frequency. Bucket permissions that grant Upload/Delete access create potential security vulnerabilities by allowing users that to add, modify, or remove items in a bucket."
Trusted Advisor: https://docs.aws.amazon.com/awssupport/latest/user/trusted-advisor-check-reference.html https://aws.amazon.com/blogs/aws/amazon-s3-block-public-access-another-layer-of-protection-for-your-accounts-and-buckets/
This is typically done via the S3 Block Public Access controls as listed above. However if you're looking for a more granular level on the objects themselves, you could iterate through on the objects to GetObjectACL. To be truly public, this would have to work in conjunction with the S3 Block Public Access.
On a side note, AWS recommends not using ACLs in general. Check out this newer feature of Object Ownership: https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html.
Maybe you should try something like that:
#!/bin/bash
my_buckets=$(aws s3 ls | awk '{print $3}')
for bucket in $my_buckets; do
for key in $(aws s3 ls --recursive s3://$bucket/ | awk '{print $4}'); do
object_acl=$(aws s3api get-object-acl --bucket $bucket --key $key)
result_found=$(echo $object_acl | grep "AllUsers")
if [ ! -z "$result_found" ] ; then
echo $bucket
echo $key;
echo $object_acl;
fi;
done
done
Relevant questions
How do we select the entire contents of a bucket (all images), and bulk copy URL list for all the objects?
asked 2 months agounable to access S3 log files owned by "s3-log-service"
asked 3 years agoS3 Bucket Public Access Settings
asked 3 years agoHow can customers find out the S3 bucket with the highest cost or sort the cost for each S3 bucket?
Accepted Answerasked 2 years agoS3 Storage of 705 MB
Accepted Answerasked 4 months agoHow to find all public objects of any of my owned S3 buckets?
Accepted Answerasked 6 months agoS3 + SSO permission to list a predefined list of buckets.
asked 7 days agogrant access to one role in another account to all objects in an S3 bucket?
asked 10 months agoDoes changing a s3 lifecycle policy change all older objects in an s3 bucket?
asked 2 months agoSet the access permission of objects in S3 buckets
asked 4 months ago