diff options
| author | Christian Cleberg <hello@cleberg.net> | 2025-06-20 13:55:54 -0500 |
|---|---|---|
| committer | Christian Cleberg <hello@cleberg.net> | 2025-06-20 13:55:54 -0500 |
| commit | 785f42901f34aaf356f316c691e3f56138c8608d (patch) | |
| tree | 5b8f7a6e33a6af410e511137fdd51b6fa60d0f83 /sections/s3.py | |
| download | aws-summary-report-785f42901f34aaf356f316c691e3f56138c8608d.tar.gz aws-summary-report-785f42901f34aaf356f316c691e3f56138c8608d.tar.bz2 aws-summary-report-785f42901f34aaf356f316c691e3f56138c8608d.zip | |
initial commit
Diffstat (limited to 'sections/s3.py')
| -rw-r--r-- | sections/s3.py | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/sections/s3.py b/sections/s3.py new file mode 100644 index 0000000..c2c53e6 --- /dev/null +++ b/sections/s3.py @@ -0,0 +1,47 @@ +# s3.py +import boto3 +from tabulate import tabulate + + +def get_section(config): + profile = config["aws"].get("profile") + session = boto3.Session(profile_name=profile if profile else None) + client = session.client("s3") + + buckets = client.list_buckets()["Buckets"] + rows = [] + + for bucket in buckets: + name = bucket["Name"] + public = "Unknown" + encrypted = "No" + + try: + acl = client.get_bucket_acl(Bucket=name) + public = any( + grant["Grantee"].get("URI", "").endswith("AllUsers") + for grant in acl["Grants"] + ) + except Exception: + public = "Error" + + try: + enc = client.get_bucket_encryption(Bucket=name) + rules = enc["ServerSideEncryptionConfiguration"]["Rules"] + if rules: + encrypted = "Yes" + except client.exceptions.ClientError: + encrypted = "No" + + rows.append([name, "Yes" if public else "No", encrypted]) + + table = tabulate( + rows, headers=["Bucket", "Public", "Encrypted"], tablefmt="simple_grid" + ) + lines = [ + "S3 Bucket Access Summary:", + f"[https://{config['aws'].get('region')}.console.aws.amazon.com/s3/home]", + table, + ] + + return "\n".join(lines) |