Automating AWS S3 Bucket Policy to multiple buckets

Saket Jain
2 min readOct 13, 2023

Introduction:

Managing permissions and security for your AWS S3 buckets is crucial. In this blog post, we will explore how to automate the application of a specific bucket policy to a list of S3 buckets using the AWS Command Line Interface (CLI) and a Bash script. This automation can save time and ensure that your S3 buckets consistently adhere to the desired security policies.

Prerequisites:

Before we dive into the automation, make sure you have the following prerequisites in place:

1. AWS CLI installed: You should have the AWS CLI installed and configured with the necessary credentials and permissions to modify S3 bucket policies.

2. List of S3 buckets: Prepare a list of S3 bucket names to which you want to apply a specific bucket policy.

Automation Steps:

Step 1: Create a Bash Script
Begin by creating a Bash script. We’ll name it `apply-s3-policy.sh`. This script will read the list of bucket names and apply the desired policy to each one.

Below is an example of applying bucket policy that complies with the s3-bucket-SSL-requests-only rule


#!/bin/bash

# List of S3 bucket names
buckets=("bucket1" "bucket2" "bucket3" ...)

# Policy JSON
policy='
{
"Statement": [
{
"Sid": "AllowSSLRequestsOnly",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::<Bucket_name>",
"arn:aws:s3:::<Bucket_name>/*"
],
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
}
}
]
}
'

# Loop through each bucket and apply the policy
for bucket in "${buckets[@]}"; do
policy_for_bucket="${policy//<Bucket_name>/$bucket}"
aws s3api put-bucket-policy --bucket "$bucket" --policy "$policy_for_bucket"
done

Step 2: Execute the Script
Now, you can execute the script. Ensure that you have the AWS CLI configured with the necessary permissions.

./apply-s3-policy.sh

OR

bash apply-s3-policy.sh

The script will loop through your list of S3 buckets and apply the specified policy to each one.

Sample output:

Conclusion:
Automating the application of AWS S3 bucket policies is a valuable time-saving practice. Following these simple steps, you can ensure that your S3 buckets consistently adhere to your security policies without manual intervention.

Note: Always exercise caution when applying security policies, especially Deny policies, to avoid unintended access restrictions.

Happy automating!

--

--