auditing-aws-s3-bucket-permissions

# Auditing AWS S3 Bucket Permissions ## When to Use - When conducting a security assessment of AWS environments to identify publicly exposed data - When onboarding a new AWS account and establishing a security baseline for storage resources - When responding to an alert about potential S3 data exposure from AWS Trusted Advisor or Security Hub - When compliance frameworks (SOC 2, PCI DSS, HIPAA) require periodic review of data access controls - When a breach or credential compromise necessitates immediate review of all accessible S3 resources **Do not use** for auditing non-AWS object storage (use provider-specific tools), for real-time monitoring (use S3 Event Notifications with Lambda), or for auditing S3 access patterns (use S3 Access Analyzer or CloudTrail S3 data events). ## Prerequisites - AWS CLI v2 configured with credentials that have `s3:GetBucketPolicy`, `s3:GetBucketAcl`, `s3:GetBucketPublicAccessBlock`, `s3:GetEncryptionConfiguration`, and `s3:ListAllMyBuckets` permissions - Prowler installed (`pip install prowler`) for automated CIS benchmark checks - S3audit or similar enumeration tool for quick public bucket detection - Access to AWS Organizations if auditing across multiple accounts - Python 3.8+ with boto3 for custom audit scripts ## Workflow ### Step 1: Enumerate All S3 Buckets and Account-Level Block Public Access Check the account-level S3 Block Public Access settings first, then list all buckets with their regions. ```bash # Check account-level S...