3 回答
- 最新
- 投票最多
- 评论最多
3
I would recommend to use AWS Config. https://aws.amazon.com/blogs/storage/how-to-audit-an-amazon-s3-buckets-default-encryption-configuration-at-scale/ https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-server-side-encryption-enabled.html
1
Here is the script using AWS CLI , this lists all buckets and lists the status of each bucket encryption.
#!/bin/bash
buckets=( $(aws s3api list-buckets --query 'Buckets[*].Name' --output text))
for bucket in "${buckets[@]}";do
echo " $(echo $bucket),$(aws s3api get-bucket-encryption --bucket $bucket --query 'ServerSideEncryptionConfiguration.Rules[*].ApplyServerSideEncryptionByDefault.SSEAlgorithm' --output text)"
done
0
Thanks, Likewise can we get the list of all resources (Like s3, Ec2, Snapshots etc) that are not encrypted in AWS
已回答 1 年前
If you are interested in AWS Config rules, here are the managed rules you can use :
- For S3 : s3-bucket-server-side-encryption-enabled (https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-server-side-encryption-enabled.html)
- For EC2 : ec2-ebs-encryption-by-default (https://docs.aws.amazon.com/config/latest/developerguide/ec2-ebs-encryption-by-default.html)
- There is no direct managed rule to check for encrypted snapshots as EBS snapshots are encrypted if the source volume is encrypted. But you can use AWS Config Custom Lambda Rules to achieve this (https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html)
相关内容
- AWS 官方已更新 2 年前
please tag the answer as accepted if you feel it has provided the required information to your query. Thanks.