Active 2024-06-15

S3 Open Access Check

Comprehensive AWS S3 bucket security assessment tool that checks for common misconfigurations and data exposure risks.

aws s3 cloud-security bash security-audit
View on GitHub
Quickstart
Get started instantly
curl -O https://raw.githubusercontent.com/MHaggis/notes/master/utilities/AWS/S3OpenAccessCheck.sh && chmod +x S3OpenAccessCheck.sh && ./S3OpenAccessCheck.sh

The Problem

AWS S3 buckets are frequently misconfigured, leading to data exposure incidents. Manual checking of public access blocks, ACLs, policies, and encryption settings across multiple buckets is time-consuming and error-prone.

The Solution

S3OpenAccessCheck automates comprehensive security assessments of all S3 buckets in an AWS account. It checks public access blocks, ACLs, bucket policies, website hosting, versioning, and encryption settings, providing a detailed security report.

Impact

Helps security teams quickly identify misconfigured S3 buckets before they become data breach headlines. The tool checks multiple security dimensions that are often overlooked in manual audits.

Features

Comprehensive Security Checks

  • Public Access Block Settings - Validates all four public access block configurations
  • Bucket ACLs - Detects public read/write permissions
  • Bucket Policies - Identifies overly permissive policies with wildcards
  • Website Hosting - Flags enabled static website hosting
  • Versioning Status - Reports disabled versioning (data loss risk)
  • Encryption - Checks for missing default encryption

Detailed Reporting

Each security concern includes:

  • Specific misconfiguration details
  • Website hosting URLs (if enabled)
  • Policy risk analysis
  • Actionable recommendations

Usage

# Basic usage (requires AWS CLI configured)
./S3OpenAccessCheck.sh

Requirements

  • AWS CLI configured with appropriate permissions
  • jq for JSON parsing
  • Read access to S3 buckets in your account

Output Example

[!] SECURITY CONCERNS FOUND FOR BUCKET: my-public-bucket
------------------------------------------------
    - BlockPublicAcls: Disabled
    - Public ACL Found: READ (AllUsers)
    - Risky Policy: Allow on s3:*
    - Website Hosting Enabled:
      URL: http://my-public-bucket.s3-website-us-east-1.amazonaws.com
    - Default encryption is not enabled
------------------------------------------------

Security Impact

This tool helps prevent:

  • Unauthorized data access
  • Data breaches from misconfigured buckets
  • Compliance violations
  • Accidental public exposure

Perfect for:

  • Security audits
  • Compliance checks
  • Pre-deployment validation
  • Continuous monitoring

Audit your S3 buckets now

Get Started Report Issue