谢谢约翰
我已经创建了下面的脚本,以检查是否有跨帐户访问基于桶策略。但不确定这是否足够,或者需要在脚本中进行更多验证import boto3
import json
REGIONS = 'ap-south-1'
ACCOUNT = '*************'
AWS_ACCESS_KEY_ID = '*******************'
AWS_SECRET_ACCESS_KEY = '*****************************'
client = boto3.client('s3', REGIONS, aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY)
flag = "cross account access no"
try:
result = client.get_bucket_policy(Bucket='testingcrossaccount')
policy = json.loads(result['Policy'])
statements = policy['Statement']
for statement in statements:
effect = statement['Effect']
principal = statement['Principal']
try:
keywords = principal['AWS&