Testing Amazon S3 Bucket for Public Write Permissions

Recently I needed to confirm if an s3 bucket was indeed publicly writable (by trying to write to it from a different account). I decided to document how to confirm this for your organization.

Prerequisites AWS CLI installed Two AWS accounts Account A – Has a bucket you suspect may be publicly writable Account B . . . → Read More: Testing Amazon S3 Bucket for Public Write Permissions

Export flow logs to an Amazon S3 Bucket

I found the instructions on Amazon’s website to be useless.

This is what worked for me

Define some variables bucket=my-bucket region=us-east-1 log-group-name=primary-nat prefix=my-prefix taskname=my-task start-epoch=1516255200000 end-epoch=1516860000000 Create the bucket aws s3 mb s3://$bucket –region $region Create the Policy cat <<‘EOF’ > ./policy.json { “Version”: “2012-10-17”, “Statement”: [ { “Action”: “s3:GetBucketAcl”, “Effect”: “Allow”, “Resource”: “arn:aws:s3:::replace-bucket”, “Principal”: . . . → Read More: Export flow logs to an Amazon S3 Bucket