已命令我们所有的S3存储桶都应启用访问日志和版本控制。不幸的是,我有很多S3存储桶。有没有一种有效的方法可以实现,而无需在控制台中分别设置每个属性?
答案 0 :(得分:0)
对于AWS上的大多数任务,最简单的方法是使用AWS CLI,尤其是在重复性方面。
您可以通过 rtrouton 使用这样的AWS CLI和简单的bash脚本:
#!/bin/bash
# This script is designed to check the object versioning status of all S3 buckets associated with an AWS account
# and enable object versioning on any S3 buckets where object versioning is not enabled.
# Get list of S3 buckets from Amazon Web Services
s3_bucket_list=$(aws s3api list-buckets --query 'Buckets[*].Name' | sed -e 's/[][]//g' -e 's/"//g' -e 's/,//g' -e '/^$/d' -e 's/^[ \t]*//;s/[ \t]*$//')
# Loop through the list of S3 buckets and check the individual bucket's object version status.
for bucket in $(echo "$s3_bucket_list")
do
version_status=$(aws s3api get-bucket-versioning --bucket "$bucket" | awk '/Status/ {print $2}' | sed 's/"//g')
if [[ "$version_status" = "Enabled" ]]; then
# If the object version status is Enabled, report that the S3 bucket has object versioning enabled.
echo "The $bucket S3 bucket has object versioning enabled."
elif [[ "$version_status" != "Enabled" ]]; then
# If the object version is a status other than Enabled, report that the S3 bucket does not have
# object versioning enabled, then enable object versioning
echo "The $bucket S3 bucket does not have object versioning enabled. Enabling object versioning on the $bucket S3 bucket."
aws s3api put-bucket-versioning --bucket "$bucket" --versioning-configuration Status=Enabled
fi
done
有关更多信息,您可以在AWS网站上查看以下文档:
https://docs.aws.amazon.com/cli/latest/reference/s3api/put-bucket-versioning.html
答案 1 :(得分:0)
您还可以开发自己的自定义AWS Config规则来管理AWS S3存储桶的合规性。 (启用版本控制和日志功能)
您可以在此处查看很多示例:
您可以根据自己的需要对此进行调整: