S3 Audit is a tool that reports on various aspects of S3 buckets within an AWS account.
For more information, read We rewrote s3audit in Rust.
cargo install s3auditAWS credentials will be taken from the environment, it is recommended to run
s3audit using a tool like aws-vault.
# Report on all buckets
s3audit
# Report on all buckets with output in CSV format
s3audit --format=csv
# Enable only a few specific audits
s3audit --disable-check=all --enable-check=acl --enable-check=encryption
# Disable coloured output
env NO_COLOR=1 s3auditYou should use run s3audit as an IAM principal that is allowed to
call s3:ListAllMyBuckets, and is also allow to run these (read only)
actions for all buckets in your account:
s3:ListAllMyBucketss3:GetBucketAcls3:GetBucketLoggings3:GetBucketPolicys3:GetBucketPublicAccessBlocks3:GetBucketVersionings3:GetBucketWebsites3:GetEncryptionConfiguration
v1.78.0
Licensed under either of
- Apache License, Version 2.0 (LICENSE-APACHE or https://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or https://opensource.org/licenses/MIT)
at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.