How do I determine if an S3 bucket has public access using aws-cli [closed]

Question

I have a bucket that shows "public access" in the console, but when I attempt to read the aws s3api get-public-access-block, I get an error:

$ aws s3api get-public-access-block --bucket my-test-bucket-name
usage: aws [options] <command> <subcommand> [<subcommand> ...] [parameters]
To see help text, you can run:

  aws help
  aws <command> help
  aws <command> <subcommand> help
aws: error: argument operation: Invalid choice, valid choices are:

abort-multipart-upload                   | complete-multipart-upload               
copy-object                              | create-bucket...               

I am running aws-cli 1.15.83:

$ aws --version
aws-cli/1.15.83 Python/2.7.14 Linux/4.14.77-70.59.amzn1.x86_64 botocore/1.10.82

Answer 1

You can use aws s3api get-bucket-policy-status to find out which buckets have been identified as having public access:

aws s3api get-bucket-policy-status --bucket my-test-bucket-name
{
    "PolicyStatus": {
        "IsPublic": true
    }
}

The get-public-access-block function is related to new features released last week [1], that help to protect future buckets from being mistakenly created with public access.

Both get-public-access-block and get-bucket-policy-status require a newer version of awscli than 1.15.83. The version I am using that has both these commands is 1.16.58.

[1] https://aws.amazon.com/blogs/aws/amazon-s3-block-public-access-another-layer-of-protection-for-your-accounts-and-buckets/

Answer 2

The error you might be getting because of you might not have upgraded awscli.

You pip command to upgrade.

pip install --upgrade awscli

The same error was getting at the start. It should upgrade and give the proper result.