auditing-aws-s3-bucket-permissions

Featured

Systematically audit AWS S3 bucket permissions to identify publicly accessible buckets, overly permissive ACLs, misconfigured bucket policies, and missing encryption settings using AWS CLI, S3audit, and Prowler to enforce least-privilege data access controls.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Auditing AWS S3 Bucket Permissions ## When to Use - When conducting a security assessment of AWS environments to identify publicly exposed data - When onboarding a new AWS account and establishing a security baseline for storage resources - When responding to an alert about potential S3 data exposure from AWS Trusted Advisor or Security Hub - When compliance frameworks (SOC 2, PCI DSS, HIPAA) require periodic review of data access controls - When a breach or credential compromise necessitates immediate review of all accessible S3 resources **Do not use** for auditing non-AWS object storage (use provider-specific tools), for real-time monitoring (use S3 Event Notifications with Lambda), or for auditing S3 access patterns (use S3 Access Analyzer or CloudTrail S3 data events). ## Prerequisites - AWS CLI v2 configured with credentials that have `s3:GetBucketPolicy`, `s3:GetBucketAcl`, `s3:GetBucketPublicAccessBlock`, `s3:GetEncryptionConfiguration`, and `s3:ListAllMyBuckets` permissions - Prowler installed (`pip install prowler`) for automated CIS benchmark checks - S3audit or similar enumeration tool for quick public bucket detection - Access to AWS Organizations if auditing across multiple accounts - Python 3.8+ with boto3 for custom audit scripts ## Workflow ### Step 1: Enumerate All S3 Buckets and Account-Level Block Public Access Check the account-level S3 Block Public Access settings first, then list all buckets with their regions. ```bash # Check account-level S...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Integrates with

AWS · Cloud

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

aws-security-audit

Comprehensive AWS security posture assessment using AWS CLI and security best practices

39,227 Updated today
sickn33
DevOps & Infrastructure Featured

remediating-s3-bucket-misconfiguration

This skill provides step-by-step procedures for identifying and remediating Amazon S3 bucket misconfigurations that expose sensitive data to unauthorized access. It covers enabling S3 Block Public Access at account and bucket levels, auditing bucket policies and ACLs, enforcing encryption, configuring access logging, and deploying automated remediation using AWS Config and Lambda.

12,642 Updated today
mukul975
DevOps & Infrastructure Listed

aws-security-audit

Comprehensive AWS security posture assessment using AWS CLI and security best practices

335 Updated today
aiskillstore
Testing & QA Featured

aws-penetration-testing

Provide comprehensive techniques for penetration testing AWS cloud environments. Covers IAM enumeration, privilege escalation, SSRF to metadata endpoint, S3 bucket exploitation, Lambda code extraction, and persistence techniques for red team operations.

39,227 Updated today
sickn33
AI & Automation Solid

analyzing-cloud-storage-access-patterns

Detect abnormal access patterns in AWS S3, GCS, and Azure Blob Storage by analyzing CloudTrail Data Events, GCS audit logs, and Azure Storage Analytics. Identifies after-hours bulk downloads, access from new IP addresses, unusual API calls (GetObject spikes), and potential data exfiltration using statistical baselines and time-series anomaly detection.

12,642 Updated today
mukul975