I don't find a way to easily know if my AWS S3 buckets are public or private.
I was expecting to do list_bucket_response = s3client.list_buckets() and directly know if the bucket is publicly accessible or not.
I've came across https://jgreenemi.com/how-to-check-if-your-s3-buckets-allow-public-read-acls/ but in my case when I list buckets I don't get an URI.
I also tried s3client.get_bucket_acl(Bucket=bucket_name) without success.
You have to evaluate 3 different conditions to check whether a bucket is public or not:
According to this guide:
response = s3client.get_public_access_block(Bucket='bucket_name')
If both of the following are set to true, then the bucket is not public:
response['PublicAccessBlockConfiguration']['BlockPublicAcls']
response['PublicAccessBlockConfiguration']['BlockPublicPolicy']
get_bucket_policy_status
Retrieves the policy status for an Amazon S3 bucket, indicating whether the bucket is public
response = s3_client.get_bucket_policy_status(Bucket='bucket_name')
The bucket is public if the following is true:
response['PolicyStatus']['IsPublic']
response = s3client.get_bucket_acl(Bucket='bucket_name')
The bucket is public if the ACL grants any permissions to members of the predefined AllUsers or AuthenticatedUsers groups.
Grantee (response['Grants'][*]['Grantee']):
You can further evaluate object ACLs if required.
Actually get_bucket_policy_status will throw an exception if you turned off public access I found this piece of code works well
    try:
        access = s3.get_public_access_block(Bucket=bucket['Name'])
        print (access)
    except botocore.exceptions.ClientError as e:
        if e.response['Error']['Code'] == 'NoSuchPublicAccessBlockConfiguration':
            print('\t no Public Access')
        else:
            print("unexpected error: %s" % (e.response))
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With