如何使用 AWS CLI 为多个 S3 存储桶启用服务器端加密？

Question

I have around 100 S3 buckets and I want to enable SSE-Encryption for these buckets using AWS CLI. I've gone through some AWS docs for this. Seems like I can use the below command:

aws s3api put-bucket-encryption
--bucket my-bucket
--server-side-encryption-configuration '{"Rules": [{"ApplyServerSideEncryptionByDefault": {"SSEAlgorithm": "AES256"}}]}'

But I want to exclude a few buckets. How can I do that?

Answer 1

You say you're running on Linux, so you can use a shell loop.

First, store the list of buckets in a file (the sed command is necessary because the aws s3 ls adds timestamp information to the output):

aws s3 ls | sed -e 's/.* //' > /tmp/$$

Then, edit this file and delete any buckets that you don't want to update.

Finally, run your command in a loop:

for b in $(cat /tmp/$$) ; do YOUR_COMMAND_HERE ; done

Answer 2

In general this should be done carefully because it will affect all buckets except the excluded

Make sure you know what you're doing.

#!/bin/bash

# excluded buckets list
excluded_list="my-excluded-bucket-1|my-excluded-bucket-2|my-excluded-bucket-3"

aws s3 ls | awk '{print $NF}' | grep -vE "$excluded_list"

echo "#############################################################"
echo "# WARNING: The above s3 buckets encryption will be updated. #"
echo "#############################################################"

read -p "Continue (y/n)?" choice
case "$choice" in 
  y|Y ) echo "yes";;
  n|N ) echo "no";exit;;
  * ) echo "invalid";exit;;
esac

for b in $(aws s3 ls | awk '{print $NF}' | grep -vE "$excluded_list"); do
    aws s3api put-bucket-encryption --bucket $b --server-side-encryption-configuration '{"Rules": [{"ApplyServerSideEncryptionByDefault": {"SSEAlgorithm": "AES256"}}]}'
done