I would like to pull all of the configuration values for an S3 bucket, for example encryption settings, ACL lists, etc from the command line.
Unfortunately, aws s3api doesn't seem to have a unified view of configuration, instead you have to query each configuration type individually, for example:
aws s3api get-bucket-accelerate-configuration --bucket my-bucket >> my-bucket-config
aws s3api get-bucket-acl --bucket my-bucket >> my-bucket-config
aws s3api get-bucket-cors --bucket my-bucket >> my-bucket-config
# ....and many, many more
Is there another API, or method that provides a uniform view of how an S3 bucket is configured from the CLI?
The AWS Config service can provide this type of aggregate configuration information in JSON form.
For example:
aws configservice get-resource-config-history \
--resource-type AWS::S3::Bucket \
--resource-id mybucket
Related
We want to find out files uploaded/creation date of oldest object present in AWS S3 bucket.
Could you please suggest how we can get it.
You can use the AWS Command-Line Interface (CLI) to list objects sorted by a field:
aws s3api list-objects --bucket MY-BUCKET --query 'sort_by(Contents, &LastModified)[0].[Key,LastModified]' --output text
This gives an output like:
foo.txt 2021-08-17T21:53:46+00:00
See also: How to list recent files in AWS S3 bucket with AWS CLI or Python
I can use the Amazon S3 web GUI console, click on a file on S3, and see the Server-side encryption settings, including which AWS KMS key is used.
How can I get this same information with the CLI? I've checked every obvious command and I'm finding nothing.
This shows me bucket level info, I want file level info:
aws s3api get-bucket-encryption
This doesn't show KMS/SSE info:
aws s3api get-object-acl
This just downloads the file, it doesn't get properties about the file:
aws s3api get-object
TLDR: You probably would want to use aws s3api head-object
This just downloads the file, it doesn't get properties about the file: aws s3api get-object
I don't know what version of the AWS CLI are you using, but with the latest one if you run get-object like this:
aws s3api get-object --bucket <bucket-name> --key <keyname> <outfile>
It will download the file, but it will also display something like this:
{
"AcceptRanges": "bytes",
"LastModified": "2022-01-20T21:24:21+00:00",
"ContentLength": 17851,
"ETag": "\"4a57f3ee4dd576e295c8ff0c9ad86063\"",
"ContentType": "image/jpeg",
"ServerSideEncryption": "aws:kms",
"Metadata": {},
"SSEKMSKeyId": "arn:aws:kms:us-east-1:069700690668:key/b2ae18e5-13ce-466a-82aa-641eb817d063"
}
This should contain the encryption type (ServerSideEncryption) and the ARN of the KMS key used SSEKMSKeyId. You can see the docs for all the outputs for get-object.
Certainly, downloading the object is may be unnecessary in some cases. If you don't want to download the object, you may want to use head-object:
aws s3api head-object --bucket <bucket-name> --key <keyname>
The output is the same as in case of get-object.
I want to see the existing configuration for a S3 Bucket, so that I can steal and tweak it for my own purposes, in a variety of cases. However, I am not seeing an option I would expect:
aws s3api describe-bucket --bucket BucketName
Akin to the EMR describe cluster option that does exist:
aws emr describe-cluster --cluster-id j-1PGB1J30TZHQF
There is no single API call or CLI invocation to return the configuration of an S3 bucket, that I'm aware of.
You'd need to query a number of different things, for example its bucket policy, its CORS configuration, any ACLs, transfer acceleration configuration, tags, and more.
All of these things are available from the awscli, for example:
aws s3api get-bucket-policy --bucket X
aws s3api get-bucket-cors --bucket X
aws s3api get-bucket-location --bucket X
aws s3api get-bucket-versioning --bucket X
In order to enable S3 bi-directional replication , should I perform put bucket replication on both buckets and ensure that the role that I am using can support bi-directional replication?
aws s3api put-bucket-replication --bucket east-bucket --replication-configuration file://replication-east.json
aws s3api put-bucket-replication --bucket west-bucket --replication-configuration file://replication-west.json
How would I set the S3 Bucket Permissions for Public Access to 'Everyone' for Read Files using AWS CLI?
The documentation does not have clear specification of how to do this and have tried multiple variations. My end goal is to make the bucket a static site server bucket.
S3 Bucket ACL permission are set after the bucket is created - I achieved a public file read bucket using this command
aws s3api put-bucket-acl --bucket ${SITE_NAME} --acl public-read
After creating the bucket:
aws s3api create-bucket --bucket ${SITE_NAME} --region ap-southeast-2 --create-bucket-configuration LocationConstraint=ap-southeast-2
Hope the below command will help you to make the s3 object public through the AWS CLI command.
aws s3api put-object-acl --bucket <bucketname> --key <object name with extension> --grant-read uri=http://acs.amazonaws.com/groups/global/AllUsers