Notify All Public Amazon S3 Buckets Once in a Week

Updated 2 weeks ago by Totalcloud

Unwanted public S3 buckets are a continuous security threat and may cause havoc if neglected.

There's a template already available in the web app for this use case. This workflow template automatically fetches all public AWS S3 buckets and sends an email with the list for your review every week.

Please find below the information on how this template works and how you can customize it according to your needs.

How Does This Template Work?

  1. Trigger node initiates the workflow once in seven days.
  2. Resource node fetches all S3 buckets belonging to an AWS account and AWS region.
  3. Resource Node's Add-on feature fetches only 'Bucket ACL' and 'Bucket Policy Status' qualities of the selected buckets.
  4. Filter node looks-up for public status among the filtered buckets list from previous node.
  5. Notification node sends an email to the concerned team(s) or stakeholder(s) with the list of all the public buckets.

Steps to Customize this Template

  1. Open the template and check for all the nodes' connectivity.
  2. Double click on Trigger node. Add or modify the following details as per your requirement:
    1. Retain the 'Recurrent' selection and 'Every Seven Days' selection. If you wish to start the workflow every morning, select 'Schedule' and select all the days of the week.
    2. Click on Save Node.
  3. Double click on Resource node. Add or modify the following details as per your requirement:
    1. Select your AWS account from the drop down menu.
    2. Select the AWS region you want to pick the resources from.
    3. Retain the AWS Service name 'S3' entry.
    4. Retain the AWS Resource name 'Buckets' entry.
    5. Retain the 'Bucket ACL' and 'Bucket Policy Status' check boxes' selection in the 'Add-ons' entry.
    If you wish to pick only specific resources or their attributes, use Additional Features and Add-ons available.
    1. Click on Save Node.
  4. Double click on Filter node. Add or modify the following details as per your requirement:
    1. Retain the Param selection and the three sub-conditions entry as shown below:
      1. Sub-condition1: Key: addOns.BucketPolicyStatus.PolicyStatus.IsPublic == true
      2. Sub-condition 2: Key: addOns.BucketAcl.URI has http://acs.amazonaws.com/groups/global/AllUsers
      3. Sub-condition 3: Key: addOns.BucketAcl.URI has http://acs.amazonaws.com/groups/global/AuthenticatedUsers
    2. Or, modify the Key and Value if you wish to change. To fine tune the filtering further, add more conditions.
    3. Click on Save Node.
  5. Double click on Notification node. Add or modify the following details as per your requirement:
    1. Enter the receiver's email
    2. Type in the customized message you would like to be sent to the recipient.
    If you do not type in a customized message, TotalCloud will send a default email about the successful execution.
  6. Click on Save the Workflow.
  7. Click on Validate the Workflow with the policy.
  8. Click on Run Now.


How did we do?