I want to see the existing configuration for a S3 Bucket, so that I can steal and tweak it for my own purposes, in a variety of cases. However, I am not seeing an option I would expect:
aws s3api describe-bucket --bucket BucketName
Akin to the EMR describe cluster option that does exist:
aws emr describe-cluster --cluster-id j-1PGB1J30TZHQF
There is no single API call or CLI invocation to return the configuration of an S3 bucket, that I'm aware of.
You'd need to query a number of different things, for example its bucket policy, its CORS configuration, any ACLs, transfer acceleration configuration, tags, and more.
All of these things are available from the awscli, for example:
aws s3api get-bucket-policy --bucket X
aws s3api get-bucket-cors --bucket X
aws s3api get-bucket-location --bucket X
aws s3api get-bucket-versioning --bucket X
Related
I can use the Amazon S3 web GUI console, click on a file on S3, and see the Server-side encryption settings, including which AWS KMS key is used.
How can I get this same information with the CLI? I've checked every obvious command and I'm finding nothing.
This shows me bucket level info, I want file level info:
aws s3api get-bucket-encryption
This doesn't show KMS/SSE info:
aws s3api get-object-acl
This just downloads the file, it doesn't get properties about the file:
aws s3api get-object
TLDR: You probably would want to use aws s3api head-object
This just downloads the file, it doesn't get properties about the file: aws s3api get-object
I don't know what version of the AWS CLI are you using, but with the latest one if you run get-object like this:
aws s3api get-object --bucket <bucket-name> --key <keyname> <outfile>
It will download the file, but it will also display something like this:
{
"AcceptRanges": "bytes",
"LastModified": "2022-01-20T21:24:21+00:00",
"ContentLength": 17851,
"ETag": "\"4a57f3ee4dd576e295c8ff0c9ad86063\"",
"ContentType": "image/jpeg",
"ServerSideEncryption": "aws:kms",
"Metadata": {},
"SSEKMSKeyId": "arn:aws:kms:us-east-1:069700690668:key/b2ae18e5-13ce-466a-82aa-641eb817d063"
}
This should contain the encryption type (ServerSideEncryption) and the ARN of the KMS key used SSEKMSKeyId. You can see the docs for all the outputs for get-object.
Certainly, downloading the object is may be unnecessary in some cases. If you don't want to download the object, you may want to use head-object:
aws s3api head-object --bucket <bucket-name> --key <keyname>
The output is the same as in case of get-object.
I would like to pull all of the configuration values for an S3 bucket, for example encryption settings, ACL lists, etc from the command line.
Unfortunately, aws s3api doesn't seem to have a unified view of configuration, instead you have to query each configuration type individually, for example:
aws s3api get-bucket-accelerate-configuration --bucket my-bucket >> my-bucket-config
aws s3api get-bucket-acl --bucket my-bucket >> my-bucket-config
aws s3api get-bucket-cors --bucket my-bucket >> my-bucket-config
# ....and many, many more
Is there another API, or method that provides a uniform view of how an S3 bucket is configured from the CLI?
The AWS Config service can provide this type of aggregate configuration information in JSON form.
For example:
aws configservice get-resource-config-history \
--resource-type AWS::S3::Bucket \
--resource-id mybucket
In order to enable S3 bi-directional replication , should I perform put bucket replication on both buckets and ensure that the role that I am using can support bi-directional replication?
aws s3api put-bucket-replication --bucket east-bucket --replication-configuration file://replication-east.json
aws s3api put-bucket-replication --bucket west-bucket --replication-configuration file://replication-west.json
How would I set the S3 Bucket Permissions for Public Access to 'Everyone' for Read Files using AWS CLI?
The documentation does not have clear specification of how to do this and have tried multiple variations. My end goal is to make the bucket a static site server bucket.
S3 Bucket ACL permission are set after the bucket is created - I achieved a public file read bucket using this command
aws s3api put-bucket-acl --bucket ${SITE_NAME} --acl public-read
After creating the bucket:
aws s3api create-bucket --bucket ${SITE_NAME} --region ap-southeast-2 --create-bucket-configuration LocationConstraint=ap-southeast-2
Hope the below command will help you to make the s3 object public through the AWS CLI command.
aws s3api put-object-acl --bucket <bucketname> --key <object name with extension> --grant-read uri=http://acs.amazonaws.com/groups/global/AllUsers
I have the ff s3 bucket, see image below:
I know how to delete them on the page but how can i delete them using aws cli?
I tried using
aws s3api delete-objects --bucket
elasticbeanstalk-ap-southeast-1-613285248276
but it wont work.
You can use 'rb' option
E.g. aws s3 rb s3://elasticbeanstalk-ap-southeast-1-613285248276
For more details click here
If the bucket is not empty then use the --force flag
The following commands deletes the Bucket from S3
aws s3api delete-bucket --bucket "your-bucket-name" --region "your-region".
I am deleting S3 bucket from following command without any extra hustle of emptying it first
aws s3 rb s3://<BUCKATE-NAME> --force
for example
aws s3 rb s3://alok.guha.myversioningbucket --force
PS : Make sure you have programmatic access with policy "AmazonS3FullAccess"