| agent: |
GXUvCqpPRmseLBQVINf3Check ACLs for public read access for each S3 bucket in the region us-east-2.
Check ACLs for public read access for each S3 bucket in the region us-east-2.
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.
This script checks ACLs for public read access for each S3 bucket in the specified region and flags them as NON_COMPLIANT or COMPLIANT.
inputs
outputs
import boto3
import json
def check_bucket_acls(bucket_names, region_name):
s3_client = boto3.client('s3',
region_name=region_name,
aws_access_key_id=getEnvVar('AWS_ACCESS_KEY_ID'),
aws_secret_access_key=getEnvVar('AWS_SECRET_ACCESS_KEY'))
acl_compliance_status = {}
for bucket_name in bucket_names:
try:
# Get bucket ACL
acl = s3_client.get_bucket_acl(Bucket=bucket_name)
# Check for public read access
is_public = False
for grant in acl['Grants']:
grantee = grant.get('Grantee', {})
if grantee.get('Type') == 'Group' and 'AllUsers' in grantee.get('URI', ''):
if 'READ' in grant.get('Permission', ''):
is_public = True
break
if is_public:
acl_compliance_status[bucket_name] = 'NON_COMPLIANT'
else:
acl_compliance_status[bucket_name] = 'COMPLIANT'
except s3_client.exceptions.ClientError as e:
acl_compliance_status[bucket_name] = f'ERROR: {str(e)}'
print(json.dumps(acl_compliance_status, indent=4, default=str))
return acl_compliance_status
bucket_acl_compliance_status = check_bucket_acls(bucket_names, region_name)
copied