From 785f42901f34aaf356f316c691e3f56138c8608d Mon Sep 17 00:00:00 2001
From: Christian Cleberg <hello@cleberg.net>
Date: Fri, 20 Jun 2025 13:55:54 -0500
Subject: initial commit

---
 sections/s3.py | 47 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100644 sections/s3.py

(limited to 'sections/s3.py')

diff --git a/sections/s3.py b/sections/s3.py
new file mode 100644
index 0000000..c2c53e6
--- /dev/null
+++ b/sections/s3.py
@@ -0,0 +1,47 @@
+# s3.py
+import boto3
+from tabulate import tabulate
+
+
+def get_section(config):
+    profile = config["aws"].get("profile")
+    session = boto3.Session(profile_name=profile if profile else None)
+    client = session.client("s3")
+
+    buckets = client.list_buckets()["Buckets"]
+    rows = []
+
+    for bucket in buckets:
+        name = bucket["Name"]
+        public = "Unknown"
+        encrypted = "No"
+
+        try:
+            acl = client.get_bucket_acl(Bucket=name)
+            public = any(
+                grant["Grantee"].get("URI", "").endswith("AllUsers")
+                for grant in acl["Grants"]
+            )
+        except Exception:
+            public = "Error"
+
+        try:
+            enc = client.get_bucket_encryption(Bucket=name)
+            rules = enc["ServerSideEncryptionConfiguration"]["Rules"]
+            if rules:
+                encrypted = "Yes"
+        except client.exceptions.ClientError:
+            encrypted = "No"
+
+        rows.append([name, "Yes" if public else "No", encrypted])
+
+    table = tabulate(
+        rows, headers=["Bucket", "Public", "Encrypted"], tablefmt="simple_grid"
+    )
+    lines = [
+        "S3 Bucket Access Summary:",
+        f"[https://{config['aws'].get('region')}.console.aws.amazon.com/s3/home]",
+        table,
+    ]
+
+    return "\n".join(lines)
-- 
cgit v1.2.3-70-g09d2