From c6b4e3a7bb641ffe0f891a0f04319d1748b5257a Mon Sep 17 00:00:00 2001
From: michaeljguarino <mguarino46@gmail.com>
Date: Mon, 15 Jul 2024 17:34:06 -0400
Subject: [PATCH] Add script for auditing encryption state in s3

---
 bin/.gitignore  |  3 ++-
 bin/s3_audit.py | 26 ++++++++++++++++++++++++++
 2 files changed, 28 insertions(+), 1 deletion(-)
 create mode 100644 bin/s3_audit.py

diff --git a/bin/.gitignore b/bin/.gitignore
index 98571a28e..ff021ead6 100644
--- a/bin/.gitignore
+++ b/bin/.gitignore
@@ -1,3 +1,4 @@
 config.json
 .seen
-.deleted-imgs
\ No newline at end of file
+.deleted-imgs
+buckets.csv
\ No newline at end of file
diff --git a/bin/s3_audit.py b/bin/s3_audit.py
new file mode 100644
index 000000000..f8b5bfd72
--- /dev/null
+++ b/bin/s3_audit.py
@@ -0,0 +1,26 @@
+#!python3
+import boto3
+import csv
+
+def bucket_attributes(client, buckets):
+    for _, b in enumerate(buckets):
+        bucket = b['Name']
+        enc = client.get_bucket_encryption(Bucket=bucket)
+        rules = enc['ServerSideEncryptionConfiguration']['Rules'] or []
+        if len(rules) > 0:
+            yield (bucket, rules[0]['ApplyServerSideEncryptionByDefault']['SSEAlgorithm'])
+        else:
+            yield (bucket, 'None')
+
+def run():
+    client = boto3.client('s3')
+    response = client.list_buckets()
+
+    with open('buckets.csv', 'w') as f:
+        writer = csv.writer(f)
+        for entry in bucket_attributes(client, response['Buckets']):
+            writer.writerow(entry)
+
+
+if __name__ == '__main__':
+    run()
\ No newline at end of file