auditing-aws-s3-bucket-permissions
Installation
SKILL.md
Auditing AWS S3 Bucket Permissions
When to Use
- When conducting a security assessment of AWS environments to identify publicly exposed data
- When onboarding a new AWS account and establishing a security baseline for storage resources
- When responding to an alert about potential S3 data exposure from AWS Trusted Advisor or Security Hub
- When compliance frameworks (SOC 2, PCI DSS, HIPAA) require periodic review of data access controls
- When a breach or credential compromise necessitates immediate review of all accessible S3 resources
Do not use for auditing non-AWS object storage (use provider-specific tools), for real-time monitoring (use S3 Event Notifications with Lambda), or for auditing S3 access patterns (use S3 Access Analyzer or CloudTrail S3 data events).
Prerequisites
- AWS CLI v2 configured with credentials that have
s3:GetBucketPolicy,s3:GetBucketAcl,s3:GetBucketPublicAccessBlock,s3:GetEncryptionConfiguration, ands3:ListAllMyBucketspermissions - Prowler installed (
pip install prowler) for automated CIS benchmark checks - S3audit or similar enumeration tool for quick public bucket detection
- Access to AWS Organizations if auditing across multiple accounts
- Python 3.8+ with boto3 for custom audit scripts