Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/trackit/s3-acl-viewer
Tool to generate a report about AWS S3 bucket permissions. CSV, Excel and Google Spreadsheet output available.
https://github.com/trackit/s3-acl-viewer
aws aws-s3 security
Last synced: 3 months ago
JSON representation
Tool to generate a report about AWS S3 bucket permissions. CSV, Excel and Google Spreadsheet output available.
- Host: GitHub
- URL: https://github.com/trackit/s3-acl-viewer
- Owner: trackit
- License: mit
- Created: 2018-03-06T21:48:36.000Z (almost 7 years ago)
- Default Branch: master
- Last Pushed: 2019-12-19T14:11:40.000Z (about 5 years ago)
- Last Synced: 2024-08-04T08:06:11.994Z (7 months ago)
- Topics: aws, aws-s3, security
- Language: Python
- Homepage:
- Size: 16.6 KB
- Stars: 9
- Watchers: 10
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# s3-acl-viewer by TrackIt
Report AWS S3's permissions to CSV, Excel and Google Spreadsheet.
## What does it do?
- Checks all your buckets for public access
- Generates a report via
- Standard output
- Comma-separated values (.csv)
- Microsoft Excel (.xlsx)
- Google Spreadsheet
## Requirements
### Create a new IAM User
- **Create IAM user with AmazonS3ReadOnly policy attached**
- Go to IAM (https://console.aws.amazon.com/iam/home)
- Click "Users" on the left hand side menu
- Click "Add user"
- Fill in user name and check **Programmatic access**
- Click "Next: Permissions"
- Click "Attach existing policies directly"
- Check **AmazonS3ReadOnly** policy
- Click "Next: Review"
- Click "Create user"
- **Copy the credentials**
- **Access key ID**
- **Secret access key**
- **Create ~/.aws/credentials file**
- Put the credentials you copied in the previous step here in this format:
```
[default]
aws_access_key_id =
aws_secret_access_key =
```
### Use existing configured IAM User
- **use your existing credentials or profile** if you have a file `~/.aws/credentials` like this:
```
[default]
aws_access_key_id =
aws_secret_access_key =
[my_profile_name]
aws_access_key_id =
aws_secret_access_key =
```
- and pass the profile name in argument (`default` if nothing):
```
$> ./s3-acl-viewer -p my_profile_name
```
### Configure the Google Spreadsheet report
Follow the first step of the instructions at https://developers.google.com/sheets/api/quickstart/python to setup credentials and API access.
## Installation
```
$> git clone [email protected]:trackit/s3-acl-viewer.git
$> cd s3-acl-viewer
$> pip3 install -r requirements.txt
```
## Usage
```
$> ./s3-acl-viewer -h
usage: s3-acl-viewer [-h] [--auth_host_name AUTH_HOST_NAME]
[--noauth_local_webserver]
[--auth_host_port [AUTH_HOST_PORT [AUTH_HOST_PORT ...]]]
[--logging_level {DEBUG,INFO,WARNING,ERROR,CRITICAL}]
[-p [PROFILE [PROFILE ...]]] [-n NAME] [-g] [-x] [-c] [-s]
optional arguments:
-h, --help show this help message and exit
--auth_host_name AUTH_HOST_NAME
Hostname when running a local web server.
--noauth_local_webserver
Do not run a local web server.
--auth_host_port [AUTH_HOST_PORT [AUTH_HOST_PORT ...]]
Port web server should listen on.
--logging_level {DEBUG,INFO,WARNING,ERROR,CRITICAL}
Set the logging level of detail.
-p [PROFILE [PROFILE ...]], --profile [PROFILE [PROFILE ...]]
aws profiles. [default] by default.
-n NAME, --name NAME spreadsheet name. [s3_report] by default.
-g, --gspread create a google spreadsheet.
-x, --xlsx create a xlsx spreadsheet.
-c, --csv create a csv file.
-s, --silent disable printing.
```
***Note:** Arguments `--auth_host_name`, `-noauth_local_webserver`, `--auth_host_port` and `--loging_level` are generated by the Google Spreadsheet implementation.*
## Example
```
$> ./s3-acl-viewer -p my_profile_1 my_profile_2 -xgc
```
### Output
### Generated '.csv' file
### Generated auto-uploaded Google Spreadsheet
### Generated '.xlsx' file (Microsoft Excel)
