CODEWITHSUNDEEP
amazon-web-servicesamazon-s3boto3
aroe
aroe

Reputation: 161

Getting an error when trying to block public access with boto3

I am trying to query all the buckets in my account using boto3. I will then iterate over all the buckets blocking public access on each as I go through.

here is my code:

import boto3

s3 = boto3.resource('s3')
client = boto3.client('s3')

def handler(event, context):
    for bucket in s3.buckets.all():
        response = client.put_public_access_block(
            Bucket=bucket,
            ContentMD5='string',
            PublicAccessBlockConfiguration={
                'BlockPublicAcls': False,
                'IgnorePublicAcls': False,
                'BlockPublicPolicy': True,
                'RestrictPublicBuckets': True
            },
            ExpectedBucketOwner= '691126532408'
)

Here is my error:

{
  "errorMessage": "expected string or bytes-like object",
  "errorType": "TypeError",
  "stackTrace": [
    [
      "/var/task/s3PublicAccess.py",
      17,
      "handler",
      "ExpectedBucketOwner= '691126532408'"
    ],
    [
      "/var/runtime/botocore/client.py",
      316,
      "_api_call",
      "return self._make_api_call(operation_name, kwargs)"
    ],
    [
      "/var/runtime/botocore/client.py",
      608,
      "_make_api_call",
      "api_params, operation_model, context=request_context)"
    ],
    [
      "/var/runtime/botocore/client.py",
      654,
      "_convert_to_request_dict",
      "api_params, operation_model, context)"
    ],
    [
      "/var/runtime/botocore/client.py",
      686,
      "_emit_api_params",
      "params=api_params, model=operation_model, context=context)"
    ],
    [
      "/var/runtime/botocore/hooks.py",
      356,
      "emit",
      "return self._emitter.emit(aliased_event_name, **kwargs)"
    ],
    [
      "/var/runtime/botocore/hooks.py",
      228,
      "emit",
      "return self._emit(event_name, kwargs)"
    ],
    [
      "/var/runtime/botocore/hooks.py",
      211,
      "_emit",
      "response = handler(**kwargs)"
    ],
    [
      "/var/runtime/botocore/handlers.py",
      200,
      "validate_bucket_name",
      "if not VALID_BUCKET.search(bucket) and not VALID_S3_ARN.search(bucket):"
    ]
  ]
}

What I have tried: Stringing the ExpectedBucketOwner field.

I have experienced this issue when trying to put bucketEncryption on the same iterated list of s3Buckets and am trying to figure it out. Thank you!

Thank you in advance!!

Upvotes: 0

Views: 935

Answers (1)

Marcin
Marcin

Reputation: 238797

To get bucket name from your bucket, you have to use bucket.name. Also ContentMD5 is optional, so you can skip it.

Thus, you can try the following (assuming everything else is correct):

import boto3

s3 = boto3.resource('s3')
client = boto3.client('s3')

def handler(event, context):
    for bucket in s3.buckets.all():
        response = client.put_public_access_block(
            Bucket=bucket.name,
            PublicAccessBlockConfiguration={
                'BlockPublicAcls': False,
                'IgnorePublicAcls': False,
                'BlockPublicPolicy': True,
                'RestrictPublicBuckets': True
            },
            ExpectedBucketOwner= '691126532408'
)

Upvotes: 1

Related Questions