已规定,我们所有的 S3 存储桶都应启用访问日志和版本控制。不幸的是,我有很多 S3 存储桶。有没有一种有效的方法来做到这一点,而不涉及在控制台中单独设置每个属性?
您还可以开发自己的自定义 AWS Config 规则来管理 AWS S3 存储桶的合规性。(启用版本控制和日志(
- https://aws.amazon.com/config/
你可以在这里查看很多例子:
- https://github.com/awslabs/aws-config-rules
您可以根据需要调整此选项:
- https://github.com/awslabs/aws-config-rules/blob/master/python/s3_bucket_default_encryption_enabled.py
对于 AWS上的大多数任务,最简单的方法是使用 AWS CLI,尤其是关于重复性的事情。
您可以使用 AWS CLI 和简单的 bash 脚本,如下所示,通过rtrouton:
#!/bin/bash
# This script is designed to check the object versioning status of all S3 buckets associated with an AWS account
# and enable object versioning on any S3 buckets where object versioning is not enabled.
# Get list of S3 buckets from Amazon Web Services
s3_bucket_list=$(aws s3api list-buckets --query 'Buckets[*].Name' | sed -e 's/[][]//g' -e 's/"//g' -e 's/,//g' -e '/^$/d' -e 's/^[ t]*//;s/[ t]*$//')
# Loop through the list of S3 buckets and check the individual bucket's object version status.
for bucket in $(echo "$s3_bucket_list")
do
version_status=$(aws s3api get-bucket-versioning --bucket "$bucket" | awk '/Status/ {print $2}' | sed 's/"//g')
if [[ "$version_status" = "Enabled" ]]; then
# If the object version status is Enabled, report that the S3 bucket has object versioning enabled.
echo "The $bucket S3 bucket has object versioning enabled."
elif [[ "$version_status" != "Enabled" ]]; then
# If the object version is a status other than Enabled, report that the S3 bucket does not have
# object versioning enabled, then enable object versioning
echo "The $bucket S3 bucket does not have object versioning enabled. Enabling object versioning on the $bucket S3 bucket."
aws s3api put-bucket-versioning --bucket "$bucket" --versioning-configuration Status=Enabled
fi
done
有关更多信息,您可以在 AWS 网站上查看以下文档:
https://docs.aws.amazon.com/cli/latest/reference/s3api/put-bucket-versioning.html