Sign in
agent:

Check bucket policies for public read access for each S3 bucket in the region us-east-2.

There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

This script checks bucket policies for public read access for each S3 bucket in the specified region and flags them as NON_COMPLIANT or COMPLIANT.

import boto3 import json def check_bucket_policies(bucket_names, region_name): s3_client = boto3.client('s3', region_name=region_name, aws_access_key_id=getEnvVar('AWS_ACCESS_KEY_ID'), aws_secret_access_key=getEnvVar('AWS_SECRET_ACCESS_KEY')) policy_compliance_status = {} for bucket_name in bucket_names: try: # Get bucket policy policy = s3_client.get_bucket_policy(Bucket=bucket_name) policy_document = json.loads(policy['Policy']) # Check for public read access is_public = False for statement in policy_document.get('Statement', []): if statement.get('Effect') == 'Allow': principal = statement.get('Principal') if principal == '*' or principal == {'AWS': '*'}: actions = statement.get('Action') if isinstance(actions, str): actions = [actions] if 's3:GetObject' in actions or 's3:*' in actions: is_public = True break if is_public: policy_compliance_status[bucket_name] = 'NON_COMPLIANT' else: policy_compliance_status[bucket_name] = 'COMPLIANT' except s3_client.exceptions.ClientError as e: error_code = e.response['Error']['Code'] if error_code == 'NoSuchBucketPolicy': policy_compliance_status[bucket_name] = 'COMPLIANT' else: policy_compliance_status[bucket_name] = f'ERROR: {str(e)}' print(json.dumps(policy_compliance_status, indent=4, default=str)) return policy_compliance_status bucket_policy_compliance_status = check_bucket_policies(bucket_names, region_name)
copied