{"id":13821354,"url":"https://github.com/trackit/s3-acl-viewer","last_synced_at":"2025-05-12T14:54:39.294Z","repository":{"id":89793011,"uuid":"124142866","full_name":"trackit/s3-acl-viewer","owner":"trackit","description":"Tool to generate a report about AWS S3 bucket permissions. CSV, Excel and Google Spreadsheet output available.","archived":false,"fork":false,"pushed_at":"2019-12-19T14:11:40.000Z","size":17,"stargazers_count":9,"open_issues_count":0,"forks_count":3,"subscribers_count":9,"default_branch":"master","last_synced_at":"2025-03-31T23:33:45.489Z","etag":null,"topics":["aws","aws-s3","security"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/trackit.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-03-06T21:48:36.000Z","updated_at":"2023-02-21T20:33:07.000Z","dependencies_parsed_at":null,"dependency_job_id":"d8c08b54-858c-4fab-a724-fbae87c16501","html_url":"https://github.com/trackit/s3-acl-viewer","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trackit%2Fs3-acl-viewer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trackit%2Fs3-acl-viewer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trackit%2Fs3-acl-viewer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trackit%2Fs3-acl-viewer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/trackit","download_url":"https://codeload.github.com/trackit/s3-acl-viewer/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253759496,"owners_count":21959774,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-s3","security"],"created_at":"2024-08-04T08:01:20.564Z","updated_at":"2025-05-12T14:54:39.272Z","avatar_url":"https://github.com/trackit.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"# s3-acl-viewer by TrackIt\n\nReport AWS S3's permissions to CSV, Excel and Google Spreadsheet.\n\n## What does it do?\n- Checks all your buckets for public access\n- Generates a report via\n  - Standard output\n  - Comma-separated values (.csv)\n  - Microsoft Excel (.xlsx)\n  - Google Spreadsheet\n\n## Requirements\n\n### Create a new IAM User\n - **Create IAM user with AmazonS3ReadOnly policy attached**\n   - Go to IAM (https://console.aws.amazon.com/iam/home)\n   - Click \"Users\" on the left hand side menu\n   - Click \"Add user\"\n   - Fill in user name and check **Programmatic access**\n   - Click \"Next: Permissions\"\n   - Click \"Attach existing policies directly\"\n   - Check **AmazonS3ReadOnly** policy\n   - Click \"Next: Review\"\n   - Click \"Create user\"\n   - **Copy the credentials**\n     - **Access key ID**\n     - **Secret access key**\n - **Create ~/.aws/credentials file**\n   - Put the credentials you copied in the previous step here in this format:\n```\n[default]\naws_access_key_id = \u003cyour access key ID goes here\u003e\naws_secret_access_key = \u003cyour secret_access_key goes here\u003e\n```\n### Use existing configured IAM User\n - **use your existing credentials or profile** if you have a file `~/.aws/credentials` like this:\n```\n[default]\naws_access_key_id = \u003cyour access key ID goes here\u003e\naws_secret_access_key = \u003cyour secret_access_key goes here\u003e\n[my_profile_name]\naws_access_key_id = \u003cyour access key ID goes here\u003e\naws_secret_access_key = \u003cyour secret_access_key goes here\u003e\n```\n - and pass the profile name in argument (`default` if nothing):\n```\n$\u003e ./s3-acl-viewer -p my_profile_name\n```\n\n### Configure the Google Spreadsheet report\n\nFollow the first step of the instructions at https://developers.google.com/sheets/api/quickstart/python to setup credentials and API access.\n\n## Installation\n\n```\n$\u003e git clone git@github.com:trackit/s3-acl-viewer.git\n$\u003e cd s3-acl-viewer\n$\u003e pip3 install -r requirements.txt\n```\n\n## Usage\n```\n$\u003e ./s3-acl-viewer -h\nusage: s3-acl-viewer [-h] [--auth_host_name AUTH_HOST_NAME]\n              [--noauth_local_webserver]\n              [--auth_host_port [AUTH_HOST_PORT [AUTH_HOST_PORT ...]]]\n              [--logging_level {DEBUG,INFO,WARNING,ERROR,CRITICAL}]\n              [-p [PROFILE [PROFILE ...]]] [-n NAME] [-g] [-x] [-c] [-s]\n\noptional arguments:\n  -h, --help            show this help message and exit\n  --auth_host_name AUTH_HOST_NAME\n                        Hostname when running a local web server.\n  --noauth_local_webserver\n                        Do not run a local web server.\n  --auth_host_port [AUTH_HOST_PORT [AUTH_HOST_PORT ...]]\n                        Port web server should listen on.\n  --logging_level {DEBUG,INFO,WARNING,ERROR,CRITICAL}\n                        Set the logging level of detail.\n  -p [PROFILE [PROFILE ...]], --profile [PROFILE [PROFILE ...]]\n                        aws profiles. [default] by default.\n  -n NAME, --name NAME  spreadsheet name. [s3_report] by default.\n  -g, --gspread         create a google spreadsheet.\n  -x, --xlsx            create a xlsx spreadsheet.\n  -c, --csv             create a csv file.\n  -s, --silent          disable printing.\n```\n\n***Note:** Arguments `--auth_host_name`, `-noauth_local_webserver`, `--auth_host_port` and `--loging_level` are generated by the Google Spreadsheet implementation.*\n\n\n## Example\n\n```\n$\u003e ./s3-acl-viewer -p my_profile_1 my_profile_2 -xgc\n```\n\n### Output\n![print-example](https://s3-us-west-2.amazonaws.com/trackit-public-artifacts/s3-acl-viewer/print-example.png)\n\n### Generated '.csv' file\n![csv-example](https://s3-us-west-2.amazonaws.com/trackit-public-artifacts/s3-acl-viewer/csv-example.png)\n\n### Generated auto-uploaded Google Spreadsheet\n![gspread-example](https://s3-us-west-2.amazonaws.com/trackit-public-artifacts/s3-acl-viewer/gspread-example.png)\n\n### Generated '.xlsx' file (Microsoft Excel)\n![xlsx-example](https://s3-us-west-2.amazonaws.com/trackit-public-artifacts/s3-acl-viewer/xlsx-example.png)\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrackit%2Fs3-acl-viewer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftrackit%2Fs3-acl-viewer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrackit%2Fs3-acl-viewer/lists"}