3 Risposte
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
3
I would recommend to use AWS Config. https://aws.amazon.com/blogs/storage/how-to-audit-an-amazon-s3-buckets-default-encryption-configuration-at-scale/ https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-server-side-encryption-enabled.html
1
Here is the script using AWS CLI , this lists all buckets and lists the status of each bucket encryption.
#!/bin/bash
buckets=( $(aws s3api list-buckets --query 'Buckets[*].Name' --output text))
for bucket in "${buckets[@]}";do
echo " $(echo $bucket),$(aws s3api get-bucket-encryption --bucket $bucket --query 'ServerSideEncryptionConfiguration.Rules[*].ApplyServerSideEncryptionByDefault.SSEAlgorithm' --output text)"
done
0
Thanks, Likewise can we get the list of all resources (Like s3, Ec2, Snapshots etc) that are not encrypted in AWS
con risposta un anno fa
If you are interested in AWS Config rules, here are the managed rules you can use :
- For S3 : s3-bucket-server-side-encryption-enabled (https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-server-side-encryption-enabled.html)
- For EC2 : ec2-ebs-encryption-by-default (https://docs.aws.amazon.com/config/latest/developerguide/ec2-ebs-encryption-by-default.html)
- There is no direct managed rule to check for encrypted snapshots as EBS snapshots are encrypted if the source volume is encrypted. But you can use AWS Config Custom Lambda Rules to achieve this (https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html)
Contenuto pertinente
- AWS UFFICIALEAggiornata 2 anni fa
please tag the answer as accepted if you feel it has provided the required information to your query. Thanks.