s3-secure 0.4.2 → 0.5.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (51) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +4 -0
  3. data/LICENSE.txt +201 -22
  4. data/README.md +41 -17
  5. data/lib/s3_secure.rb +3 -2
  6. data/lib/s3_secure/access_logs.rb +30 -0
  7. data/lib/s3_secure/access_logs/base.rb +4 -0
  8. data/lib/s3_secure/access_logs/disable.rb +37 -0
  9. data/lib/s3_secure/access_logs/enable.rb +41 -0
  10. data/lib/s3_secure/access_logs/list.rb +25 -0
  11. data/lib/s3_secure/access_logs/show.rb +89 -0
  12. data/lib/s3_secure/aws_services.rb +1 -33
  13. data/lib/s3_secure/aws_services/s3.rb +54 -0
  14. data/lib/s3_secure/cli.rb +19 -1
  15. data/lib/s3_secure/command.rb +7 -0
  16. data/lib/s3_secure/encryption.rb +2 -0
  17. data/lib/s3_secure/encryption/disable.rb +4 -8
  18. data/lib/s3_secure/encryption/enable.rb +4 -8
  19. data/lib/s3_secure/encryption/list.rb +12 -16
  20. data/lib/s3_secure/encryption/show.rb +11 -6
  21. data/lib/s3_secure/help/batch.md +14 -0
  22. data/lib/s3_secure/help/encryption/list.md +5 -0
  23. data/lib/s3_secure/help/lifecycle/add.md +13 -0
  24. data/lib/s3_secure/help/lifecycle/list.md +22 -0
  25. data/lib/s3_secure/help/lifecycle/remove.md +5 -0
  26. data/lib/s3_secure/help/lifecycle/show.md +13 -0
  27. data/lib/s3_secure/help/policy/list.md +5 -0
  28. data/lib/s3_secure/lifecycle.rb +31 -0
  29. data/lib/s3_secure/lifecycle/add.rb +33 -0
  30. data/lib/s3_secure/lifecycle/base.rb +5 -0
  31. data/lib/s3_secure/lifecycle/builder.rb +47 -0
  32. data/lib/s3_secure/lifecycle/list.rb +24 -0
  33. data/lib/s3_secure/lifecycle/remove.rb +28 -0
  34. data/lib/s3_secure/lifecycle/show.rb +40 -0
  35. data/lib/s3_secure/policy.rb +2 -0
  36. data/lib/s3_secure/policy/enforce.rb +3 -6
  37. data/lib/s3_secure/policy/list.rb +13 -17
  38. data/lib/s3_secure/policy/show.rb +8 -6
  39. data/lib/s3_secure/policy/unforce.rb +4 -7
  40. data/lib/s3_secure/remediate_all.rb +11 -0
  41. data/lib/s3_secure/summary/items.rb +0 -2
  42. data/lib/s3_secure/version.rb +1 -1
  43. data/lib/s3_secure/versioning.rb +29 -0
  44. data/lib/s3_secure/versioning/base.rb +4 -0
  45. data/lib/s3_secure/versioning/disable.rb +19 -0
  46. data/lib/s3_secure/versioning/enable.rb +19 -0
  47. data/lib/s3_secure/versioning/list.rb +24 -0
  48. data/lib/s3_secure/versioning/show.rb +27 -0
  49. data/s3-secure.gemspec +4 -2
  50. data/spec/lib/lifecycle/builder_spec.rb +85 -0
  51. metadata +48 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f990c19df8d1e76dddcdba7b3b3bde118835f002cad7fa83d88174ce73f5ec94
4
- data.tar.gz: e6fe39ed79c6e81962ae003d4b4591d7baa0ab886538a0ee77fa0e7c3a43c2d1
3
+ metadata.gz: 6e1f48e9f8af3b66318cc9bbb69c7689e6973f10979e0adc5d2274fa0e3fc1a6
4
+ data.tar.gz: 72c7e5845cdf8438a785bc5310ed25ce82b7c73d29c2891430492d817dd9159f
5
5
  SHA512:
6
- metadata.gz: a681ba106ada2376c3a9683b6b412eb6c6df5de7f7ce9d550b11b700d248be850fda0e7c71c976feb3040854d33681e8d4c51c7aa32883d9ab5fe73d16ed0afb
7
- data.tar.gz: 539bc7cb06025cca7c21fa88fd9a26b68b62aa773723f0eca618d3b24c4e4d3a983c5bbd61f7dab6c242b08ad56074805cb4bcced462195d3d3bf97cc5fee3ec
6
+ metadata.gz: 5cf2fe5bf3f6e8d889eb9fe3bf912782e819e65d423bf2ef12b63bb480b6ac6d6849d061c87cc46988e1fb3f9c5be71ee293c59a73566cd70e976aec39d84f0f
7
+ data.tar.gz: 6e41d083dd57a83be7b33a23b49c430f63803403ce8ba97a7fd5b25ca764d38a99c16a0dc2d9d6ff054a00aebb39bca0b1cc3ecbb9eb5e796bb19a57bb819032
@@ -3,6 +3,10 @@
3
3
  All notable changes to this project will be documented in this file.
4
4
  This project *tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
5
5
 
6
+ ## [0.5.0]
7
+ - add commands: access_logs, lifecycle, versioning, remediate_all
8
+ - s3 client is smarter and switches regions on a per-bucket basis
9
+
6
10
  ## [0.4.2]
7
11
  - improve error message for Aws::STS::Errors::RegionDisabledException error
8
12
 
@@ -1,22 +1,201 @@
1
- Copyright (c) 2019 Tung Nguyen
2
-
3
- MIT License
4
-
5
- Permission is hereby granted, free of charge, to any person obtaining
6
- a copy of this software and associated documentation files (the
7
- "Software"), to deal in the Software without restriction, including
8
- without limitation the rights to use, copy, modify, merge, publish,
9
- distribute, sublicense, and/or sell copies of the Software, and to
10
- permit persons to whom the Software is furnished to do so, subject to
11
- the following conditions:
12
-
13
- The above copyright notice and this permission notice shall be
14
- included in all copies or substantial portions of the Software.
15
-
16
- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17
- EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18
- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19
- NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
20
- LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
21
- OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
22
- WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
1
+ Apache License
2
+ Version 2.0, January 2004
3
+ http://www.apache.org/licenses/
4
+
5
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
6
+
7
+ 1. Definitions.
8
+
9
+ "License" shall mean the terms and conditions for use, reproduction,
10
+ and distribution as defined by Sections 1 through 9 of this document.
11
+
12
+ "Licensor" shall mean the copyright owner or entity authorized by
13
+ the copyright owner that is granting the License.
14
+
15
+ "Legal Entity" shall mean the union of the acting entity and all
16
+ other entities that control, are controlled by, or are under common
17
+ control with that entity. For the purposes of this definition,
18
+ "control" means (i) the power, direct or indirect, to cause the
19
+ direction or management of such entity, whether by contract or
20
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
21
+ outstanding shares, or (iii) beneficial ownership of such entity.
22
+
23
+ "You" (or "Your") shall mean an individual or Legal Entity
24
+ exercising permissions granted by this License.
25
+
26
+ "Source" form shall mean the preferred form for making modifications,
27
+ including but not limited to software source code, documentation
28
+ source, and configuration files.
29
+
30
+ "Object" form shall mean any form resulting from mechanical
31
+ transformation or translation of a Source form, including but
32
+ not limited to compiled object code, generated documentation,
33
+ and conversions to other media types.
34
+
35
+ "Work" shall mean the work of authorship, whether in Source or
36
+ Object form, made available under the License, as indicated by a
37
+ copyright notice that is included in or attached to the work
38
+ (an example is provided in the Appendix below).
39
+
40
+ "Derivative Works" shall mean any work, whether in Source or Object
41
+ form, that is based on (or derived from) the Work and for which the
42
+ editorial revisions, annotations, elaborations, or other modifications
43
+ represent, as a whole, an original work of authorship. For the purposes
44
+ of this License, Derivative Works shall not include works that remain
45
+ separable from, or merely link (or bind by name) to the interfaces of,
46
+ the Work and Derivative Works thereof.
47
+
48
+ "Contribution" shall mean any work of authorship, including
49
+ the original version of the Work and any modifications or additions
50
+ to that Work or Derivative Works thereof, that is intentionally
51
+ submitted to Licensor for inclusion in the Work by the copyright owner
52
+ or by an individual or Legal Entity authorized to submit on behalf of
53
+ the copyright owner. For the purposes of this definition, "submitted"
54
+ means any form of electronic, verbal, or written communication sent
55
+ to the Licensor or its representatives, including but not limited to
56
+ communication on electronic mailing lists, source code control systems,
57
+ and issue tracking systems that are managed by, or on behalf of, the
58
+ Licensor for the purpose of discussing and improving the Work, but
59
+ excluding communication that is conspicuously marked or otherwise
60
+ designated in writing by the copyright owner as "Not a Contribution."
61
+
62
+ "Contributor" shall mean Licensor and any individual or Legal Entity
63
+ on behalf of whom a Contribution has been received by Licensor and
64
+ subsequently incorporated within the Work.
65
+
66
+ 2. Grant of Copyright License. Subject to the terms and conditions of
67
+ this License, each Contributor hereby grants to You a perpetual,
68
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
69
+ copyright license to reproduce, prepare Derivative Works of,
70
+ publicly display, publicly perform, sublicense, and distribute the
71
+ Work and such Derivative Works in Source or Object form.
72
+
73
+ 3. Grant of Patent License. Subject to the terms and conditions of
74
+ this License, each Contributor hereby grants to You a perpetual,
75
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
76
+ (except as stated in this section) patent license to make, have made,
77
+ use, offer to sell, sell, import, and otherwise transfer the Work,
78
+ where such license applies only to those patent claims licensable
79
+ by such Contributor that are necessarily infringed by their
80
+ Contribution(s) alone or by combination of their Contribution(s)
81
+ with the Work to which such Contribution(s) was submitted. If You
82
+ institute patent litigation against any entity (including a
83
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
84
+ or a Contribution incorporated within the Work constitutes direct
85
+ or contributory patent infringement, then any patent licenses
86
+ granted to You under this License for that Work shall terminate
87
+ as of the date such litigation is filed.
88
+
89
+ 4. Redistribution. You may reproduce and distribute copies of the
90
+ Work or Derivative Works thereof in any medium, with or without
91
+ modifications, and in Source or Object form, provided that You
92
+ meet the following conditions:
93
+
94
+ (a) You must give any other recipients of the Work or
95
+ Derivative Works a copy of this License; and
96
+
97
+ (b) You must cause any modified files to carry prominent notices
98
+ stating that You changed the files; and
99
+
100
+ (c) You must retain, in the Source form of any Derivative Works
101
+ that You distribute, all copyright, patent, trademark, and
102
+ attribution notices from the Source form of the Work,
103
+ excluding those notices that do not pertain to any part of
104
+ the Derivative Works; and
105
+
106
+ (d) If the Work includes a "NOTICE" text file as part of its
107
+ distribution, then any Derivative Works that You distribute must
108
+ include a readable copy of the attribution notices contained
109
+ within such NOTICE file, excluding those notices that do not
110
+ pertain to any part of the Derivative Works, in at least one
111
+ of the following places: within a NOTICE text file distributed
112
+ as part of the Derivative Works; within the Source form or
113
+ documentation, if provided along with the Derivative Works; or,
114
+ within a display generated by the Derivative Works, if and
115
+ wherever such third-party notices normally appear. The contents
116
+ of the NOTICE file are for informational purposes only and
117
+ do not modify the License. You may add Your own attribution
118
+ notices within Derivative Works that You distribute, alongside
119
+ or as an addendum to the NOTICE text from the Work, provided
120
+ that such additional attribution notices cannot be construed
121
+ as modifying the License.
122
+
123
+ You may add Your own copyright statement to Your modifications and
124
+ may provide additional or different license terms and conditions
125
+ for use, reproduction, or distribution of Your modifications, or
126
+ for any such Derivative Works as a whole, provided Your use,
127
+ reproduction, and distribution of the Work otherwise complies with
128
+ the conditions stated in this License.
129
+
130
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
131
+ any Contribution intentionally submitted for inclusion in the Work
132
+ by You to the Licensor shall be under the terms and conditions of
133
+ this License, without any additional terms or conditions.
134
+ Notwithstanding the above, nothing herein shall supersede or modify
135
+ the terms of any separate license agreement you may have executed
136
+ with Licensor regarding such Contributions.
137
+
138
+ 6. Trademarks. This License does not grant permission to use the trade
139
+ names, trademarks, service marks, or product names of the Licensor,
140
+ except as required for reasonable and customary use in describing the
141
+ origin of the Work and reproducing the content of the NOTICE file.
142
+
143
+ 7. Disclaimer of Warranty. Unless required by applicable law or
144
+ agreed to in writing, Licensor provides the Work (and each
145
+ Contributor provides its Contributions) on an "AS IS" BASIS,
146
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147
+ implied, including, without limitation, any warranties or conditions
148
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149
+ PARTICULAR PURPOSE. You are solely responsible for determining the
150
+ appropriateness of using or redistributing the Work and assume any
151
+ risks associated with Your exercise of permissions under this License.
152
+
153
+ 8. Limitation of Liability. In no event and under no legal theory,
154
+ whether in tort (including negligence), contract, or otherwise,
155
+ unless required by applicable law (such as deliberate and grossly
156
+ negligent acts) or agreed to in writing, shall any Contributor be
157
+ liable to You for damages, including any direct, indirect, special,
158
+ incidental, or consequential damages of any character arising as a
159
+ result of this License or out of the use or inability to use the
160
+ Work (including but not limited to damages for loss of goodwill,
161
+ work stoppage, computer failure or malfunction, or any and all
162
+ other commercial damages or losses), even if such Contributor
163
+ has been advised of the possibility of such damages.
164
+
165
+ 9. Accepting Warranty or Additional Liability. While redistributing
166
+ the Work or Derivative Works thereof, You may choose to offer,
167
+ and charge a fee for, acceptance of support, warranty, indemnity,
168
+ or other liability obligations and/or rights consistent with this
169
+ License. However, in accepting such obligations, You may act only
170
+ on Your own behalf and on Your sole responsibility, not on behalf
171
+ of any other Contributor, and only if You agree to indemnify,
172
+ defend, and hold each Contributor harmless for any liability
173
+ incurred by, or claims asserted against, such Contributor by reason
174
+ of your accepting any such warranty or additional liability.
175
+
176
+ END OF TERMS AND CONDITIONS
177
+
178
+ APPENDIX: How to apply the Apache License to your work.
179
+
180
+ To apply the Apache License to your work, attach the following
181
+ boilerplate notice, with the fields enclosed by brackets "[]"
182
+ replaced with your own identifying information. (Don't include
183
+ the brackets!) The text should be enclosed in the appropriate
184
+ comment syntax for the file format. We also recommend that a
185
+ file or class name and description of purpose be included on the
186
+ same "printed page" as the copyright notice for easier
187
+ identification within third-party archives.
188
+
189
+ Copyright [yyyy] [name of copyright owner]
190
+
191
+ Licensed under the Apache License, Version 2.0 (the "License");
192
+ you may not use this file except in compliance with the License.
193
+ You may obtain a copy of the License at
194
+
195
+ http://www.apache.org/licenses/LICENSE-2.0
196
+
197
+ Unless required by applicable law or agreed to in writing, software
198
+ distributed under the License is distributed on an "AS IS" BASIS,
199
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200
+ See the License for the specific language governing permissions and
201
+ limitations under the License.
data/README.md CHANGED
@@ -1,13 +1,19 @@
1
- # s3-secure
2
-
3
- [![Gem Version](https://badge.fury.io/rb/s3-secure.png)](http://badge.fury.io/rb/s3-secure)
1
+ # s3-secure tool
4
2
 
3
+ [![Gem Version](https://badge.fury.io/rb/s3-secure.png)](http://badge.fury.io/rb/s3-secure)]
5
4
  [![BoltOps Badge](https://img.boltops.com/boltops/badges/boltops-badge.png)](https://www.boltops.com)
6
5
 
7
6
  The s3-secure tool can be used to harden your s3 bucket security posture. The tool is useful if you have a lot of buckets to update. It supports:
8
7
 
9
- * enabling encryption
10
- * adding an enforce ssl bucket policy
8
+ * access logs: enabling access logs
9
+ * encryption: enabling encryption
10
+ * ssl bucket policy: adding an enforce ssl bucket policy
11
+ * versioning: enabling bucket versioning
12
+
13
+ ## BoltOps Pro Related Blueprints
14
+
15
+ * [S3 Secure](https://github.com/boltopspro-docs/s3-secure): Continuously Auto-Remediates New Buckets.
16
+ * [Security Controls](https://github.com/boltopspro-docs/security-controls): Continuously applies the s3-secure remedations as well as other remeidations. IE: Security Groups, SNS topics, etc.
11
17
 
12
18
  ## Usage
13
19
 
@@ -18,6 +24,13 @@ Summary of encryption commands:
18
24
  s3-secure encryption enable BUCKET
19
25
  s3-secure encryption disable BUCKET
20
26
 
27
+ Summary of lifecycle commands:
28
+
29
+ s3-secure lifecycle list
30
+ s3-secure lifecycle show BUCKET
31
+ s3-secure lifecycle add BUCKET
32
+ s3-secure lifecycle remove BUCKET
33
+
21
34
  Summary of policy commands:
22
35
 
23
36
  s3-secure policy list
@@ -25,7 +38,22 @@ Summary of policy commands:
25
38
  s3-secure policy enforce_ssl BUCKET
26
39
  s3-secure policy unforce_ssl BUCKET
27
40
 
28
- ## Examples with Output
41
+ Summary of versioning commands:
42
+
43
+ s3-secure versioning list
44
+ s3-secure versioning show BUCKET
45
+ s3-secure versioning enable BUCKET
46
+ s3-secure versioning disable BUCKET
47
+
48
+ ## Remediate All
49
+
50
+ To apply all the remeidations:
51
+
52
+ s3-secure remediate_all BUCKET
53
+
54
+ For finer-control, run each subcommand instead.
55
+
56
+ ## Some Examples with Output
29
57
 
30
58
  Example of `s3-secure encryption enable`:
31
59
 
@@ -116,8 +144,12 @@ For more help:
116
144
  s3-secure -h
117
145
  s3-secure encryption -h
118
146
  s3-secure encryption enable -h
147
+ s3-secure lifecycle -h
148
+ s3-secure lifecycle add -h
119
149
  s3-secure policy -h
120
150
  s3-secure policy unforce_ssl -h
151
+ s3-secure versioning -h
152
+ s3-secure versioning enable -h
121
153
 
122
154
  ## Batch Commands
123
155
 
@@ -128,7 +160,7 @@ There are some supported batch commands:
128
160
  s3-secure batch policy enforce_ssl FILE.txt
129
161
  s3-secure batch policy unforce_ssl FILE.txt
130
162
 
131
- The format of FILE.txt is a list of bucket names separated by newlines. Example:
163
+ The format of `FILE.txt` is a list of bucket names separated by newlines. Example:
132
164
 
133
165
  buckets.txt:
134
166
 
@@ -137,14 +169,6 @@ buckets.txt:
137
169
 
138
170
  ## Installation
139
171
 
140
- Install with the `gem` command:
141
-
142
- gem install s3-secure
143
-
144
- ## Contributing
172
+ Install with:
145
173
 
146
- 1. Fork it
147
- 2. Create your feature branch (`git checkout -b my-new-feature`)
148
- 3. Commit your changes (`git commit -am "Add some feature"`)
149
- 4. Push to the branch (`git push origin my-new-feature`)
150
- 5. Create new Pull Request
174
+ gem install s3-secure
@@ -1,10 +1,11 @@
1
1
  $:.unshift(File.expand_path("../", __FILE__))
2
+ require "active_support/core_ext/module" # for delegate
3
+ require "active_support/core_ext/string"
4
+ require "cli_format"
2
5
  require "json"
3
6
  require "memoist"
4
7
  require "rainbow/ext/string"
5
8
  require "s3_secure/version"
6
- require "active_support/core_ext/module" # for delegate
7
- require "active_support/core_ext/string"
8
9
 
9
10
  require "s3_secure/autoloader"
10
11
  S3Secure::Autoloader.setup
@@ -0,0 +1,30 @@
1
+ module S3Secure
2
+ class AccessLogs < Command
3
+ desc "list", "List bucket access_logs setting"
4
+ long_desc Help.text("access_logs/list")
5
+ option :format, desc: "Format options: #{CliFormat.formats.join(', ')}"
6
+ option :access_logs, type: :boolean, desc: "Filter for access_logs: all, true, false"
7
+ def list
8
+ List.new(options).run
9
+ end
10
+
11
+ desc "show BUCKET", "show bucket access_logs"
12
+ long_desc Help.text("access_logs/show")
13
+ def show(bucket)
14
+ Show.new(options.merge(bucket: bucket)).run
15
+ end
16
+
17
+ desc "enable BUCKET", "enable bucket access_logs"
18
+ long_desc Help.text("access_logs/enable")
19
+ option :target_bucket, desc: "Target s3 bucket"
20
+ def enable(bucket)
21
+ Enable.new(options.merge(bucket: bucket)).run
22
+ end
23
+
24
+ desc "disable BUCKET", "disable bucket access_logs"
25
+ long_desc Help.text("access_logs/disable")
26
+ def disable(bucket)
27
+ Disable.new(options.merge(bucket: bucket)).run
28
+ end
29
+ end
30
+ end
@@ -0,0 +1,4 @@
1
+ class S3Secure::AccessLogs
2
+ class Base < S3Secure::AbstractBase
3
+ end
4
+ end
@@ -0,0 +1,37 @@
1
+ class S3Secure::AccessLogs
2
+ class Disable < Base
3
+ def run
4
+ @show = Show.new(bucket: @bucket)
5
+
6
+ remove_access_logging
7
+ remove_bucket_acl
8
+ end
9
+
10
+ def remove_access_logging
11
+ unless @show.logging_enabled?
12
+ puts "Bucket #{@bucket} is not configured with access logging. So nothing to remove."
13
+ return
14
+ end
15
+
16
+ s3.put_bucket_logging(
17
+ bucket: @bucket, # source
18
+ bucket_logging_status: {}, # empty hash to remove
19
+ )
20
+ puts "Bucket #{@bucket} access logging removed"
21
+ end
22
+
23
+ def remove_bucket_acl
24
+ unless @show.acl_enabled?
25
+ puts "Bucket #{@bucket} is not configured the log delivery ACL. So nothing to remove."
26
+ return
27
+ end
28
+
29
+ access_control_policy = @show.access_control_policy_without_log_delivery_permissions
30
+ s3.put_bucket_acl(
31
+ bucket: @bucket,
32
+ access_control_policy: access_control_policy,
33
+ )
34
+ puts "Bucket #{@bucket} ACL Log Delivery removed"
35
+ end
36
+ end
37
+ end
@@ -0,0 +1,41 @@
1
+ class S3Secure::AccessLogs
2
+ class Enable < Base
3
+ def run
4
+ @show = Show.new(bucket: @bucket)
5
+ add_bucket_acl
6
+ enable_access_logging
7
+ end
8
+
9
+ # Bucket ACL applies on the target bucket only
10
+ def add_bucket_acl
11
+ if @show.acl_enabled?
12
+ puts "Bucket acl already has log delivery ACL"
13
+ return
14
+ end
15
+
16
+ s3.put_bucket_acl(
17
+ bucket: @bucket,
18
+ access_control_policy: @show.access_control_policy_with_log_delivery_permissions,
19
+ )
20
+ puts "Added to bucket acl that grants log delivery"
21
+ end
22
+
23
+ def enable_access_logging
24
+ if @show.logging_enabled?
25
+ puts "Bucket access logging already enabled"
26
+ return
27
+ end
28
+
29
+ s3.put_bucket_logging(
30
+ bucket: @bucket, # source
31
+ bucket_logging_status: {
32
+ logging_enabled: {
33
+ target_bucket: @show.target_bucket,
34
+ target_prefix: @show.target_prefix,
35
+ },
36
+ },
37
+ )
38
+ puts "Enabled access logging on the source bucket #{@bucket} to be delivered to the target bucket #{@show.target_bucket}"
39
+ end
40
+ end
41
+ end