3 Answers
- Newest
- Most votes
- Most comments
3
I would recommend to use AWS Config. https://aws.amazon.com/blogs/storage/how-to-audit-an-amazon-s3-buckets-default-encryption-configuration-at-scale/ https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-server-side-encryption-enabled.html
1
Here is the script using AWS CLI , this lists all buckets and lists the status of each bucket encryption.
#!/bin/bash
buckets=( $(aws s3api list-buckets --query 'Buckets[*].Name' --output text))
for bucket in "${buckets[@]}";do
echo " $(echo $bucket),$(aws s3api get-bucket-encryption --bucket $bucket --query 'ServerSideEncryptionConfiguration.Rules[*].ApplyServerSideEncryptionByDefault.SSEAlgorithm' --output text)"
done
answered a year ago
0
Thanks, Likewise can we get the list of all resources (Like s3, Ec2, Snapshots etc) that are not encrypted in AWS
answered a year ago
If you are interested in AWS Config rules, here are the managed rules you can use :
- For S3 : s3-bucket-server-side-encryption-enabled (https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-server-side-encryption-enabled.html)
- For EC2 : ec2-ebs-encryption-by-default (https://docs.aws.amazon.com/config/latest/developerguide/ec2-ebs-encryption-by-default.html)
- There is no direct managed rule to check for encrypted snapshots as EBS snapshots are encrypted if the source volume is encrypted. But you can use AWS Config Custom Lambda Rules to achieve this (https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html)
Relevant content
- Accepted Answerasked 2 months ago
- asked 4 months ago
- Accepted Answerasked 10 months ago
AWS OFFICIALUpdated 10 months ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 5 months ago
please tag the answer as accepted if you feel it has provided the required information to your query. Thanks.