Notify All Public Amazon S3 Buckets Once in a Week

Totalcloud Updated by Totalcloud

Unwanted public S3 buckets are a continuous security threat and may cause havoc if neglected.

There's a template already available in the web app for this use case. This workflow template automatically fetches all public AWS S3 buckets and sends an email with the list for your review every week.

Please find below the information on how this template works and how you can customize it according to your needs.

How Does This Template Work?

  1. Trigger node initiates the workflow once in seven days.
  2. Resource node fetches all S3 buckets belonging to an AWS account and AWS region.
  3. Resource Node's Add-on feature fetches only 'Bucket ACL' and 'Bucket Policy Status' qualities of the selected buckets.
  4. Filter node looks-up for public status among the filtered buckets list from previous node.
  5. Notification node sends an email to the concerned team(s) or stakeholder(s) with the list of all the public buckets.

Steps to Customize this Template

  1. Open the template
  2. Click on the 'Edit' option in the Trigger node to access the parameters input window. Add or modify the following details as per your requirement:
    1. Retain the 'Recurrent' selection and 'Every Seven Days' selection. If you wish to start the workflow every morning, select 'Schedule' and select all the days of the week.
    2. Click on 'Save'
  3. Click on the 'Edit' option in the Resource node to access the parameters input window. Add or modify the following details as per your requirement:
    1. Retain the AWS Service name 'S3' entry.
    2. Retain the AWS Resource name 'Buckets' entry.
    3. Retain the 'Bucket ACL' and 'Bucket Policy Status' check boxes' selection in the 'Add-ons' entry.
    If you wish to pick only specific resources or their attributes, use Additional Features and Add-ons available.
    1. Click on 'Save'
  4. Click on the 'Edit' option in the Filter node to access the parameters input window. Add or modify the following details as per your requirement:
    1. Select Resource to perform action on as the resource node prior to this node.
    2. Retain the Param selection and the three sub-conditions entry as shown below:
      1. Sub-condition1: Key: addOns.BucketPolicyStatus.PolicyStatus.IsPublic == true
      2. Sub-condition 2: Key: addOns.BucketAcl.URI has http://acs.amazonaws.com/groups/global/AllUsers
      3. Sub-condition 3: Key: addOns.BucketAcl.URI has http://acs.amazonaws.com/groups/global/AuthenticatedUsers
    3. Or, modify the Key and Value if you wish to change. To fine tune the filtering further, add more conditions.
    4. Click on 'Save'
  5. Click on the 'Edit' option in the Notification node to access the parameters input window. Add or modify the following details as per your requirement:
    1. Select Resource to perform action on as the Action node prior to this node.
    2. Enter the receiver's email
    3. Type in the customized message you would like to be sent to the recipient.
    4. Click on 'Save'
    If you do not type in a customized message, TotalCloud will send a default email about the successful execution.
  6. Click on the Save icon
  7. Click on the Run icon

How did we do?

Notify If An AWS User's Last Activity is More Than 90 Days

Create a Rule for an EC2 Security Group

Contact