Announcing a new SRE utility I wrote called check_s3_encryption.sh to report and optionally encrypt any AWS S3 unencrypted buckets:
- it can be run from the command line or a crontab
- it’s useful for IT compliance
- MIT License.
See the README for documentation and example output.
Of course, after running this, you should enable a config policy to always create S3 buckets with encryption enabled. Also, there’s an option to skip public buckets in case you customized the permissions or redirects.