Fatal编程技术网
  • amazon-s3/
  • Amazon s3 如何使用aws cli确定S3存储桶是否具有公共访问权限

Amazon s3 如何使用aws cli确定S3存储桶是否具有公共访问权限

amazon-s3

Amazon s3 如何使用aws cli确定S3存储桶是否具有公共访问权限,amazon-s3,aws-cli,Amazon S3,Aws Cli,我在控制台中有一个显示“public access”的bucket,但是当我试图读取aws s3api get public access块时,我得到一个错误: $ aws s3api get-public-access-block --bucket my-test-bucket-name usage: aws [options] <command> <subcommand> [<subcommand> ...] [parameters] To see hel

我在控制台中有一个显示“public access”的bucket,但是当我试图读取aws s3api get public access块时,我得到一个错误:

$ aws s3api get-public-access-block --bucket my-test-bucket-name
usage: aws [options] <command> <subcommand> [<subcommand> ...] [parameters]
To see help text, you can run:

  aws help
  aws <command> help
  aws <command> <subcommand> help
aws: error: argument operation: Invalid choice, valid choices are:

abort-multipart-upload                   | complete-multipart-upload               
copy-object                              | create-bucket...
您可以使用
aws s3api get bucket policy status
找出哪些bucket被标识为具有公共访问权限:

aws s3api get-bucket-policy-status --bucket my-test-bucket-name
{
    "PolicyStatus": {
        "IsPublic": true
    }
}

get public access block
功能与上周发布的新功能[1]相关,该功能有助于防止将来的存储桶被错误地创建为公共访问

get public access block
get bucket policy status
都需要比1.15.83更新的awscli版本。我正在使用的同时包含这两个命令的版本是1.16.58

[1]

由于您可能没有升级awscli,因此可能会出现错误

您可以使用pip命令进行升级

pip install --upgrade awscli
开始时也出现了同样的错误。它应该升级并给出正确的结果

Bash# aws s3api get-public-access-block --bucket my-test-bucket-name
An error occurred (NoSuchPublicAccessBlockConfiguration) when calling the 
GetPublicAccessBlock operation: The public access block configuration was not found
^这是您将在新创建的s3 bucket上看到的,默认情况下它是私有的,但有可能成为公共的

^这是启用公共访问块的命令

^当启用阻止公共访问时,随后运行相同的get status命令将显示此输出。

对于以下版本的aws cli/1.14.44它不起作用。这是aws s3api获取bucket策略--bucket您的bucket名称。 
Bash# aws s3api get-public-access-block --bucket my-test-bucket-name
An error occurred (NoSuchPublicAccessBlockConfiguration) when calling the 
GetPublicAccessBlock operation: The public access block configuration was not found

Bash# aws s3api put-public-access-block --bucket my-test-bucket-name --public-access-block-configuration BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true

Bash# aws s3api get-public-access-block --bucket my-test-bucket-name
{
  "PublicAccessBlockConfiguration": {
    "BlockPublicAcls": true,
    "IgnorePublicAcls": true,
    "BlockPublicPolicy": true,
    "RestrictPublicBuckets": true
  }
}