Automating AWS S3 Bucket Policy to multiple buckets

Introduction:

Managing permissions and security for your AWS S3 buckets is crucial. In this blog post, we will explore how to automate the application of a specific bucket policy to a list of S3 buckets using the AWS Command Line Interface (CLI) and a Bash script. This automation can save time and ensure that your S3 buckets consistently adhere to the desired security policies.

Prerequisites:

Before we dive into the automation, make sure you have the following prerequisites in place:

1. AWS CLI installed: You should have the AWS CLI installed and configured with the necessary credentials and permissions to modify S3 bucket policies.

2. List of S3 buckets: Prepare a list of S3 bucket names to which you want to apply a specific bucket policy.

Automation Steps:

Step 1: Create a Bash Script
Begin by creating a Bash script. We’ll name it `apply-s3-policy.sh`. This script will read the list of bucket names and apply the desired policy to each one.

Below is an example of applying bucket policy that complies with the s3-bucket-SSL-requests-only rule

#!/bin/bash

# List of S3 bucket names
buckets=("bucket1" "bucket2" "bucket3" ...)

# Policy JSON
policy='
{
    "Statement": [
        {
            "Sid": "AllowSSLRequestsOnly",
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::<Bucket_name>",
                "arn:aws:s3:::<Bucket_name>/*"
            ],
            "Condition": {
                "Bool": {
                    "aws:SecureTransport": "false"
                }
            }
        }
    ]
}
'

# Loop through each bucket and apply the policy
for bucket in "${buckets[@]}"; do
    policy_for_bucket="${policy//<Bucket_name>/$bucket}"
    aws s3api put-bucket-policy --bucket "$bucket" --policy "$policy_for_bucket"
done

Step 2: Execute the Script
Now, you can execute the script. Ensure that you have the AWS CLI configured with the necessary permissions.

./apply-s3-policy.sh

OR

bash apply-s3-policy.sh

The script will loop through your list of S3 buckets and apply the specified policy to each one.

Sample output:

Conclusion:
Automating the application of AWS S3 bucket policies is a valuable time-saving practice. Following these simple steps, you can ensure that your S3 buckets consistently adhere to your security policies without manual intervention.

Note: Always exercise caution when applying security policies, especially Deny policies, to avoid unintended access restrictions.

Happy automating!