Automating AWS S3 Bucket Policy to multiple buckets

Saket Jain
2 min readOct 13, 2023


Managing permissions and security for your AWS S3 buckets is crucial. In this blog post, we will explore how to automate the application of a specific bucket policy to a list of S3 buckets using the AWS Command Line Interface (CLI) and a Bash script. This automation can save time and ensure that your S3 buckets consistently adhere to the desired security policies.


Before we dive into the automation, make sure you have the following prerequisites in place:

1. AWS CLI installed: You should have the AWS CLI installed and configured with the necessary credentials and permissions to modify S3 bucket policies.

2. List of S3 buckets: Prepare a list of S3 bucket names to which you want to apply a specific bucket policy.

Automation Steps:

Step 1: Create a Bash Script
Begin by creating a Bash script. We’ll name it ``. This script will read the list of bucket names and apply the desired policy to each one.

Below is an example of applying bucket policy that complies with the s3-bucket-SSL-requests-only rule


# List of S3 bucket names
buckets=("bucket1" "bucket2" "bucket3" ...)

# Policy JSON
"Statement": [
"Sid": "AllowSSLRequestsOnly",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": [
"Condition": {
"Bool": {
"aws:SecureTransport": "false"

# Loop through each bucket and apply the policy
for bucket in "${buckets[@]}"; do
aws s3api put-bucket-policy --bucket "$bucket" --policy "$policy_for_bucket"

Step 2: Execute the Script
Now, you can execute the script. Ensure that you have the AWS CLI configured with the necessary permissions.




The script will loop through your list of S3 buckets and apply the specified policy to each one.

Sample output:

Automating the application of AWS S3 bucket policies is a valuable time-saving practice. Following these simple steps, you can ensure that your S3 buckets consistently adhere to your security policies without manual intervention.

Note: Always exercise caution when applying security policies, especially Deny policies, to avoid unintended access restrictions.

Happy automating!