import boto3
GROUPS_ALLUSERS = 'http://acs.amazonaws.com/groups/global/AllUsers'
GLOBAL_AUTHUSERS = 'http://acs.amazonaws.com/groups/global/AuthenticatedUsers'
s3 = boto3.client('s3')
list_buckets = s3.list_buckets()['Buckets']
available_buckets = []
results = []
# get bucket names
for bucket_name in list_buckets:
available_buckets.append(bucket_name['Name'])
# get bucket-acls
for each_bucket in available_buckets:
try:
acl = s3.get_bucket_acl(Bucket=each_bucket)
for grant in acl['Grants']:
if 'URI' not in grant['Grantee']:
continue
if grant['Grantee']['URI'] in [GROUPS_ALLUSERS, GLOBAL_AUTHUSERS]:
results.append(each_bucket)
continue
if grant['Permission'] == 'READ':
continue
except Exception as e:
continue
if len(results) > 0:
for public_buckets in results:
print("Public Bucket: " + public_buckets)
print("Removing Public Access on: " + public_bucket)
s3.put_bucket_acl(Bucket=public_bucket, ACL='private')
else:
print("No Public Readable Buckets Found")