Enumeración

Durante el inicio de unas pruebas post-autenticadas, es ideal ejecutar los siguientes comandos para recopilar información sobre la infraestructura relacionada al servicio de S3.

Comandos útiles

Listar todos los Buckets de la cuenta

aws s3 ls

Listado de objetos de un Bucket específico

aws s3 ls s3://bucket-name

Enumera Todos los objetos de un Bucket incluyendo contenido de las carpetas existentes.

aws s3 ls s3://mybucket --recursive

Descarga archivos

aws s3 cp s3://mybucket/test.txt test2.

Subida de archivos

aws s3 cp ./test.txt s3://mybucket/test2.txt

Copiar archvios de S3 a S3

aws s3 cp s3://mybucket/test.txt s3://otherbucket/test2.txt

Más comandos

# Get buckets ACLs
aws s3api get-bucket-acl --bucket <bucket-name>
aws s3api get-object-acl --bucket <bucket-name> --key flag

# Get policy
aws s3api get-bucket-policy --bucket <bucket-name>
aws s3api get-bucket-policy-status --bucket <bucket-name> #if it's public

# list S3 buckets associated with a profile
aws s3 ls
aws s3api list-buckets

# list content of bucket (no creds)
aws s3 ls s3://bucket-name --no-sign-request
aws s3 ls s3://bucket-name --recursive

# list content of bucket (with creds)
aws s3 ls s3://bucket-name
aws s3api list-objects-v2 --bucket <bucket-name>
aws s3api list-objects --bucket <bucket-name>
aws s3api list-object-versions --bucket <bucket-name>

# copy local folder to S3
aws s3 cp MyFolder s3://bucket-name --recursive

# delete
aws s3 rb s3://bucket-name –-force

# download a whole S3 bucket
aws s3 sync s3://<bucket>/ .

# move S3 bucket to different location
aws s3 sync s3://oldbucket s3://newbucket --source-region us-west-1

# list the sizes of an S3 bucket and its contents
aws s3api list-objects --bucket BUCKETNAME --output json --query "[sum(Contents[].Size), length(Contents[])]"

# Update Bucket policy
aws s3api put-bucket-policy --policy file:///root/policy.json --bucket <bucket-name>
##JSON policy example
{
  "Id": "Policy1568185116930",
  "Version": "2012-10-17",
  "Statement": [
  {
      "Sid": "Stmt1568184932403",
      "Action": [
        "s3:ListBucket"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::welcome",
      "Principal": "*"
  },
  {
    "Sid": "Stmt1568185007451",
    "Action": [
      "s3:GetObject"
    ],
    "Effect": "Allow",
    "Resource": "arn:aws:s3:::welcome/*",
    "Principal": "*"
  }
  ]
}

# Update bucket ACL
aws s3api get-bucket-acl --bucket <bucket-name> # Way 1 to get the ACL
aws s3api put-bucket-acl --bucket <bucket-name> --access-control-policy file://acl.json

aws s3api get-object-acl --bucket <bucekt-name> --key flag #Way 2 to get the ACL
aws s3api put-object-acl --bucket <bucket-name> --key flag --access-control-policy file://objacl.json

##JSON ACL example
## Make sure to modify the Owner’s displayName and ID according to the Object ACL you retrieved.
{
  "Owner": {
    "DisplayName": "<DisplayName>",
    "ID": "<ID>"
  },
  "Grants": [
  {
    "Grantee": {
      "Type": "Group",
      "URI": "http://acs.amazonaws.com/groups/global/AuthenticatedUsers"
    },
  "Permission": "FULL_CONTROL"
  }
  ]
}
## An ACL should give you the permission WRITE_ACP to be able to put a new ACL

Referencias

ls — AWS CLI 2.32.14 Command Referencedocs.aws.amazon.com

Uso de comandos de alto nivel (s3) en la AWS CLI - AWS Command Line InterfaceAWS Command Line Interface

cp — AWS CLI 2.32.11 Command Referenceawscli.amazonaws.com

AnteriorS3 SiguienteS3_public

Última actualización hace 2 años

# Get buckets ACLs aws s3api get-bucket-acl --bucket <bucket-name> aws s3api get-object-acl --bucket <bucket-name> --key flag # Get policy aws s3api get-bucket-policy --bucket <bucket-name> aws s3api get-bucket-policy-status --bucket <bucket-name> #if it's public # list S3 buckets associated with a profile aws s3 ls aws s3api list-buckets # list content of bucket (no creds) aws s3 ls s3://bucket-name --no-sign-request aws s3 ls s3://bucket-name --recursive # list content of bucket (with creds) aws s3 ls s3://bucket-name aws s3api list-objects-v2 --bucket <bucket-name> aws s3api list-objects --bucket <bucket-name> aws s3api list-object-versions --bucket <bucket-name> # copy local folder to S3 aws s3 cp MyFolder s3://bucket-name --recursive # delete aws s3 rb s3://bucket-name –-force # download a whole S3 bucket aws s3 sync s3://<bucket>/ . # move S3 bucket to different location aws s3 sync s3://oldbucket s3://newbucket --source-region us-west-1 # list the sizes of an S3 bucket and its contents aws s3api list-objects --bucket BUCKETNAME --output json --query "[sum(Contents[].Size), length(Contents[])]" # Update Bucket policy aws s3api put-bucket-policy --policy file:///root/policy.json --bucket <bucket-name> ##JSON policy example { "Id": "Policy1568185116930", "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1568184932403", "Action": [ "s3:ListBucket" ], "Effect": "Allow", "Resource": "arn:aws:s3:::welcome", "Principal": "*" }, { "Sid": "Stmt1568185007451", "Action": [ "s3:GetObject" ], "Effect": "Allow", "Resource": "arn:aws:s3:::welcome/*", "Principal": "*" } ] } # Update bucket ACL aws s3api get-bucket-acl --bucket <bucket-name> # Way 1 to get the ACL aws s3api put-bucket-acl --bucket <bucket-name> --access-control-policy file://acl.json aws s3api get-object-acl --bucket <bucekt-name> --key flag #Way 2 to get the ACL aws s3api put-object-acl --bucket <bucket-name> --key flag --access-control-policy file://objacl.json ##JSON ACL example ## Make sure to modify the Owner’s displayName and ID according to the Object ACL you retrieved. { "Owner": { "DisplayName": "<DisplayName>", "ID": "<ID>" }, "Grants": [ { "Grantee": { "Type": "Group", "URI": "http://acs.amazonaws.com/groups/global/AuthenticatedUsers" }, "Permission": "FULL_CONTROL" } ] } ## An ACL should give you the permission WRITE_ACP to be able to put a new ACL