agent: |
B78ckvHZeD0HH8ZV24XlCheck each S3 bucket for a policy explicitly denying unencrypted put-object requests and identify buckets lacking such a policy.
Check each S3 bucket for a policy explicitly denying unencrypted put-object requests and identify buckets lacking such a policy.
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.
This script checks each S3 bucket for a policy explicitly denying unencrypted put-object requests and identifies buckets lacking such a policy.
inputs
outputs
import boto3
import json
# Initialize boto3 client for S3
s3_client = boto3.client('s3',
aws_access_key_id=getEnvVar('AWS_ACCESS_KEY_ID'),
aws_secret_access_key=getEnvVar('AWS_SECRET_ACCESS_KEY'),
region_name='us-east-2')
buckets_lacking_policy = []
for bucket_name in bucket_names:
try:
# Get the bucket policy
policy = s3_client.get_bucket_policy(Bucket=bucket_name)
policy_statements = json.loads(policy['Policy'])['Statement']
# Check for a policy explicitly denying unencrypted put-object requests
policy_found = False
for statement in policy_statements:
if statement.get('Effect') == 'Deny':
conditions = statement.get('Condition', {})
if 'Bool' in conditions and 'aws:SecureTransport' in conditions['Bool']:
if conditions['Bool']['aws:SecureTransport'] == 'false':
policy_found = True
break
if not policy_found:
buckets_lacking_policy.append(bucket_name)
except s3_client.exceptions.ClientError as e:
# If the error is because the bucket does not have a policy
if e.response['Error']['Code'] == 'NoSuchBucketPolicy':
buckets_lacking_policy.append(bucket_name)
print("Buckets lacking policy explicitly denying unencrypted put-object requests:", buckets_lacking_policy)
copied