New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

s3-secure

Package Overview
Dependencies
Maintainers
1
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

s3-secure

  • 0.7.0
  • Rubygems
  • Socket score
Version published
Maintainers
1
Created
Source

s3-secure tool

Gem Version

BoltOps Badge

The s3-secure tool can be used to harden your s3 bucket security posture. The tool is useful if you have a lot of buckets to update. It supports:

  • access logs: enabling access logs
  • encryption: enabling encryption
  • ssl bucket policy: adding an enforce ssl bucket policy
  • versioning: enabling bucket versioning

BoltOps Pro Related Blueprints

  • S3 Secure: Continuously Auto-Remediates New Buckets.
  • Security Controls: Continuously applies the s3-secure remedations as well as other remeidations. IE: Security Groups, SNS topics, etc.

Usage

Summary of encryption commands:

s3-secure encryption list
s3-secure encryption show BUCKET
s3-secure encryption enable BUCKET
s3-secure encryption disable BUCKET

Summary of lifecycle commands:

s3-secure lifecycle list
s3-secure lifecycle show BUCKET
s3-secure lifecycle add BUCKET
s3-secure lifecycle remove BUCKET

Summary of policy commands:

s3-secure policy list
s3-secure policy show BUCKET
s3-secure policy enforce_ssl BUCKET
s3-secure policy unforce_ssl BUCKET

Summary of versioning commands:

s3-secure versioning list
s3-secure versioning show BUCKET
s3-secure versioning enable BUCKET
s3-secure versioning disable BUCKET

Remediate All

To apply all the remeidations:

s3-secure remediate_all BUCKET

For finer-control, run each subcommand instead.

Some Examples with Output

Example of s3-secure encryption enable:

$ s3-secure encryption enable a-test-bucket-in-us-west-1
Encyption enabled on bucket a-test-bucket-in-us-west-1 with rules:
{:apply_server_side_encryption_by_default=>{:sse_algorithm=>"AES256"}}
$

Example of s3-secure policy enforce_ssl:

$ s3-secure policy enforce_ssl a-test-bucket-in-us-west-1
Add bucket policy to bucket a-test-bucket-in-us-west-1:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "ForceSSLOnlyAccess",
      "Effect": "Deny",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::a-test-bucket-in-us-west-1/*",
      "Condition": {
        "Bool": {
          "aws:SecureTransport": "false"
        }
      }
    }
  ]
}
$

When removing ssl enforcement from the bucket policy, if there are other policy statements, those are left in tact. Example:

$ s3-secure policy show a-test-bucket-in-us-east-1
Bucket a-test-bucket-in-us-east-1 is configured with this policy:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "IPAllow",
      "Effect": "Deny",
      "Principal": "*",
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::a-test-bucket-in-us-east-1/*",
      "Condition": {
        "NotIpAddress": {
          "aws:SourceIp": "54.240.143.0/24"
        }
      }
    },
    {
      "Sid": "ForceSSLOnlyAccess",
      "Effect": "Deny",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::a-test-bucket-in-us-east-1/*",
      "Condition": {
        "Bool": {
          "aws:SecureTransport": "false"
        }
      }
    }
  ]
}
$ s3-secure policy unforce_ssl a-test-bucket-in-us-east-1
Remove bucket policy statement from bucket a-test-bucket-in-us-east-1:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "IPAllow",
      "Effect": "Deny",
      "Principal": "*",
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::a-test-bucket-in-us-east-1/*",
      "Condition": {
        "NotIpAddress": {
          "aws:SourceIp": "54.240.143.0/24"
        }
      }
    }
  ]
}
$

For more help:

s3-secure -h
s3-secure encryption -h
s3-secure encryption enable -h
s3-secure lifecycle -h
s3-secure lifecycle add -h
s3-secure policy -h
s3-secure policy unforce_ssl -h
s3-secure versioning -h
s3-secure versioning enable -h

Batch Commands

There are some supported batch commands:

s3-secure batch encryption enable FILE.txt
s3-secure batch encryption disable FILE.txt
s3-secure batch policy enforce_ssl FILE.txt
s3-secure batch policy unforce_ssl FILE.txt

The format of FILE.txt is a list of bucket names separated by newlines. Example:

buckets.txt:

my-bucket-1
my-bucket-2

Installation

Install with:

gem install s3-secure

FAQs

Package last updated on 11 Jul 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Socket Joins TC54 to Help Shape the Future of SBOMs, CycloneDX, and PURL

Security News

Company News

Socket Joins TC54 to Help Shape the Future of SBOMs, CycloneDX, and PURL

Socket is joining TC54 to help develop standards for software supply chain security, contributing to the evolution of SBOMs, CycloneDX, and Package URL specifications.

By Sarah Gooding  -  Jan 31, 2025
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc