Sign in
agent:

Audit of AWS S3 Buckets for Server Access Logging

There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

The workflow involves checking AWS S3 buckets to determine if Server Access Logging is enabled. The results are organized by region, highlighting the number of buckets lacking this feature. This process helps in identifying potential security and compliance gaps. By tabulating the data, it provides a clear overview of the current logging status across different regions. The outcome aids in prioritizing actions to enable logging where necessary.

  1. 1

    List all AWS S3 buckets across all regions.

    There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

    The script lists all AWS S3 buckets using the provided AWS credentials.

    import boto3 # Retrieve AWS credentials aws_access_key_id = getEnvVar('AWS_ACCESS_KEY_ID') aws_secret_access_key = getEnvVar('AWS_SECRET_ACCESS_KEY') # Initialize a session using Boto3 session = boto3.Session( aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key ) # Create an S3 client s3_client = session.client('s3') # List all buckets try: response = s3_client.list_buckets() buckets_list = [bucket['Name'] for bucket in response['Buckets']] print("Buckets List:", buckets_list) except Exception as e: print(f"Error listing buckets: {e}")
    copied
    1
  2. 2

    Check each S3 bucket to determine if Server Access Logging is enabled.

    There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

    The script checks each S3 bucket to determine if Server Access Logging is enabled and outputs the status.

    import boto3 import json # Retrieve AWS credentials aws_access_key_id = getEnvVar('AWS_ACCESS_KEY_ID') aws_secret_access_key = getEnvVar('AWS_SECRET_ACCESS_KEY') # Initialize a session using Boto3 session = boto3.Session( aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key ) # Create an S3 client s3_client = session.client('s3') logging_status = {} # Check each bucket for server access logging for bucket in buckets_list: try: response = s3_client.get_bucket_logging(Bucket=bucket) if 'LoggingEnabled' in response: logging_status[bucket] = 'Enabled' else: logging_status[bucket] = 'Not Enabled' except Exception as e: logging_status[bucket] = f'Error: {str(e)}' # Print the logging status print("Logging Status:", json.dumps(logging_status, indent=4, default=str))
    copied
    2