Check Multiple AWS S3 Buckets for Missing Default Encryption

Amazon Web Services has made it easy to implement encryption-at-rest for S3 buckets, but older S3 buckets may have predated this feature enhancement.  If you have a large number of buckets, this could be a tedious thing to check via the console.  Here is a simple one-liner to check all the buckets in a single account:

Obviously you would set the value of MYACCOUNT with the name of the AWS Account you are inspecting.  Alternatively you could also iterate through a number of AWS accounts by nesting the above command in another FOR loop.

The output will look like the following two lines, where the first example bucket (“my-unencrypted-bucket”) shows the error that is returned by the get-bucket-encryption command when the default encryption is not set while the other line shows the response when default encryption is set.


Tagged , , , , , . Bookmark the permalink.
  • The postings and views on this site are my own and do not necessarily reflect the positions, strategies, or opinions of any current or previous employer. © Kenneth G. Hartman 2010-2018