Storage Advisor CLI
If your organization has a large number of S3, possibly created by different people and teams, it’s quite common to have a few configuration issues. While AWS “Trusted Advisor” tool can help, its full functionality is only available to enterprise support customers, and even then, it does not check for all of the best practices.
That’s why we created Storage Advisor CLI - a free and open-source tool to look at your buckets and run advanced checks. It requires minimal read-only permissions, and will produce the summary of issues, detailed list of issues and, if you wish, recommended Terraform code you can use to correct the problem.
Running the tool
The prebuilt libraries for the popular platforms are available throught GitHub Release. For example, here are the instructions for MacOS:
tar -xvf storage-advisor-macos.tar.gz
The tool requires that your are authorised in AWS on the command line. To double-check that, you can use
aws sts get-caller-identity
The tool will runs several checks, and produce a summary that looks like this
Running S3 checks
Bucket ACLs: 3 OK, 7 warning
- 5 buckets: OwnershipNotSet
- 2 buckets: OwnershipLax
Bucket Versioning: 7 OK, 3 warning
- 2 buckets: VersioningNotSet
- 1 buckets: VersioningSuspended
Bucket Encryption: 3 OK, 7 warning
- 7 buckets: EncryptionAES256WithoutBucketKey
Bucket Logging: 8 OK, 2 warning
- 2 buckets: LoggingNotSet
Wrote recommentations to 's3-recommentations.txt'
For each check, there’s a summary daying how many buckets are totally OK, and how many might need your attention. The detailed log is saved to a file.
You will be also prompted to create recommendations in the Terraform format. If you already use Terraform, it might be much more efficient to start from the generated recommendations, rather than doing changes manually in the AWS console.
One warning though - because the tool does not know anything about your existing Terraform setup, it might generate recommendations that conflict with what you have. We recommend that you examine the proposed plan carefully.