我的任务是检查我帐户中的所有 s3 存储桶,并找到未使用默认 kms 加密进行加密的存储桶。我起草了以下两个带有循环的命令来遍历每个存储桶名称并检查其加密级别
output="$(aws s3api list-buckets --query 'Buckets[*].Name')"
for i in $output; do aws s3api get-bucket-encryption --bucket $i; done
该脚本给我以下错误:
Invalid bucket name ""cdktoolkit-stagingbucket-30v8nlr122c0",": Bucket name must match the regex "^[a-zA-Z0-9.\-_]{1,255}$" or be an ARN matching the regex "^arn:(aws).*:s3:[a-z\-0-9]+:[0-9]{12}:accesspoint[/:][a-zA-Z0-9\-]{1,63}$"
它现在适用于第一部分,输出变量不再包含问号,感谢您的帮助。
但当我更进一步时,当我运行第二个 cli 命令“for i in $output; do aws s3api get-bucket-encryption --bucket $i; done”时,它返回另一个 JSON 格式输出,我如何 grep 存储桶未启用 AES256 加密的名称。
Jasons-Air:~ jason$ for i in $output; do aws s3api get-bucket-encryption --bucket $i; done
{
"ServerSideEncryptionConfiguration": {
"Rules": [
{
"ApplyServerSideEncryptionByDefault": {
"SSEAlgorithm": "aws:kms"
}
}
]
}
}
An error occurred (ServerSideEncryptionConfigurationNotFoundError) when calling the GetBucketEncryption operation: The server side encryption configuration was not found
An error occurred (ServerSideEncryptionConfigurationNotFoundError) when calling the GetBucketEncryption operation: The server side encryption configuration was not found
An error occurred (ServerSideEncryptionConfigurationNotFoundError) when calling the GetBucketEncryption operation: The server side encryption configuration was not found
{
"ServerSideEncryptionConfiguration": {
"Rules": [
{
"ApplyServerSideEncryptionByDefault": {
"SSEAlgorithm": "AES256"
}
}
]
}
}
我尝试附加“--query 'ServerSideEncryptionConfiguration[].规则[].ApplyServerSideEncryptionByDefault[*].SSEAlgorithm'" 到我的命令,但它显示结果为“null”而不是“AES256”。
Jasons-Air:~ jason$ for i in $output; do aws s3api get-bucket-encryption --bucket $i --query 'ServerSideEncryptionConfiguration[*].Rules[*].ApplyServerSideEncryptionByDefault[*].SSEAlgorithm'; done
null
An error occurred (ServerSideEncryptionConfigurationNotFoundError) when calling the GetBucketEncryption operation: The server side encryption configuration was not found
An error occurred (ServerSideEncryptionConfigurationNotFoundError) when calling the GetBucketEncryption operation: The server side encryption configuration was not found
An error occurred (ServerSideEncryptionConfigurationNotFoundError) when calling the GetBucketEncryption operation: The server side encryption configuration was not found
null
null
null