[英]How to enable server side encryption for multiple S3 buckets using AWS CLI?
I have around 100 S3 buckets and I want to enable SSE-Encryption for these buckets using AWS CLI.我有大约 100 个 S3 存储桶,我想使用 AWS CLI 为这些存储桶启用 SSE 加密。 I've gone through some AWS docs for this.
为此,我浏览了一些 AWS 文档。 Seems like I can use the below command:
好像我可以使用以下命令:
aws s3api put-bucket-encryption aws s3api put-bucket-encryption
--bucket my-bucket --bucket 我的桶
--server-side-encryption-configuration '{"Rules": [{"ApplyServerSideEncryptionByDefault": {"SSEAlgorithm": "AES256"}}]}' --server-side-encryption-configuration '{"Rules": [{"ApplyServerSideEncryptionByDefault": {"SSEAlgorithm": "AES256"}}]}'
But I want to exclude a few buckets.但我想排除几个桶。 How can I do that?
我怎样才能做到这一点?
You say you're running on Linux, so you can use a shell loop.你说你在 Linux 上运行,所以你可以使用 shell 循环。
First, store the list of buckets in a file (the sed
command is necessary because the aws s3 ls
adds timestamp information to the output):首先,将存储桶列表存储在文件中(
sed
命令是必需的,因为aws s3 ls
将时间戳信息添加到输出中):
aws s3 ls | sed -e 's/.* //' > /tmp/$$
Then, edit this file and delete any buckets that you don't want to update.然后,编辑此文件并删除您不想更新的所有存储桶。
Finally, run your command in a loop:最后,循环运行您的命令:
for b in $(cat /tmp/$$) ; do YOUR_COMMAND_HERE ; done
In general this should be done carefully because it will affect all buckets except the excluded一般来说,这应该小心完成,因为它会影响除被排除的所有存储桶
Make sure you know what you're doing.确保你知道你在做什么。
#!/bin/bash
# excluded buckets list
excluded_list="my-excluded-bucket-1|my-excluded-bucket-2|my-excluded-bucket-3"
aws s3 ls | awk '{print $NF}' | grep -vE "$excluded_list"
echo "#############################################################"
echo "# WARNING: The above s3 buckets encryption will be updated. #"
echo "#############################################################"
read -p "Continue (y/n)?" choice
case "$choice" in
y|Y ) echo "yes";;
n|N ) echo "no";exit;;
* ) echo "invalid";exit;;
esac
for b in $(aws s3 ls | awk '{print $NF}' | grep -vE "$excluded_list"); do
aws s3api put-bucket-encryption --bucket $b --server-side-encryption-configuration '{"Rules": [{"ApplyServerSideEncryptionByDefault": {"SSEAlgorithm": "AES256"}}]}'
done
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.