AWS s3 bucket bulk encryption on all s3 buckets

Question

I am trying to bulk update all s3 buckets with default encryption to that i generate a json file using below command

aws s3api list-buckets --query "Buckets[].Name" >> s3.json

My results was names of all s3 buckets.

How do i pass in that json file into the command so i can enable default encryption.

I also tried below

aws s3api list-buckets --query 'Buckets[*].[Name]' --output text | xargs -I {} bash -c 'aws s3api put-bucket-encryption --bucket {} --server-side-encryption-configuration '{"Rules": [{"ApplyServerSideEncryptionByDefault": {"SSEAlgorithm": "AES256"}}]}''

But iam getting below error

Error parsing parameter '--server-side-encryption-configuration': Invalid JSON: Expecting property name enclosed in double quotes: line 1 column 2 (char 1)
JSON received: {Rule

aws s3api put-bucket-encryption --bucket bucketnames --server-side-encryption-configuration '{"Rules": [{"ApplyServerSideEncryptionByDefault": {"SSEAlgorithm": "AES256"}}]}'

I have tried below but it does not work.

aws s3api put-bucket-encryption \
    --bucket value \
    --server-side-encryption-configuration '{"Rules": [{"ApplyServerSideEncryptionByDefault": {"SSEAlgorithm": "AES256"}}]}' \
    --cli-input-json file://s3bucket.json

Pleas let me know how to update my command to enable default encryption.

Answer 1

aws s3api list-buckets --query "Buckets[].Name" \
   | jq .[] \
   | xargs -I '{}' aws s3api put-bucket-encryption --bucket {} --server-side-encryption-configuration '{"Rules": [{"ApplyServerSideEncryptionByDefault": {"SSEAlgorithm": "AES256"}}]}'

Worked for me

Answer 2

Below is the code snippet to solve your problem:

# Check if bucket is SSE enabled and then encrypt using SSE AES256:
#!/bin/bash
#List all buckets and store names in a array.
arr=(`aws s3api list-buckets --query "Buckets[].Name" --output text`)
# Check the status before encryption:
for i in "${arr[@]}"
do
        echo "Check if SSE is enabled for bucket -> ${i}"
        aws s3api get-bucket-encryption --bucket ${i}  | jq -r .ServerSideEncryptionConfiguration.Rules[0].ApplyServerSideEncryptionByDefault.SSEAlgorithm

done

# Encrypt all buckets in your account:
for i in "${arr[@]}"
do
        echo "Encrypting bucket with SSE AES256 for -> ${i}"
        aws s3api put-bucket-encryption --bucket ${i}  --server-side-encryption-configuration '{"Rules": [{"ApplyServerSideEncryptionByDefault": {"SSEAlgorithm": "AES256"}}]}'

done

Answer 3

If you wanted to do it in Python it would be something like this (not tested!):

import boto3

s3_client = boto3.client('s3')

response = s3_client.list_buckets()

for bucket in response['Buckets']
    s3_client.put_bucket_encryption(
        Bucket=bucket,
        ServerSideEncryptionConfiguration={
          'Rules': [
            {
                'ApplyServerSideEncryptionByDefault': {
                    'SSEAlgorithm': 'AES256'
                }
            },
          ]
        }
    )