Hi,
I’m a Platform Admin on AWS for my client and I now need to list all existing/future S3 Bucket Policy into AWS Organization then applying to them a new Security Policy. However, Security folks are already using other CSPM tool (based on Custodian open framework) to deploy with lambda specific controls on S3 buckets. I need to basically add, for each S3 buckets previously listed (list to update on a regular basis), an ad-hoc security policy on top of existing S3 bucket Policy already in place, if any and without altering it.
Also, account admin could modify his S3 Bucket Policy so we should automatically remediate by adding my S3 Bucket Policy to his Policy on a regular basis.
Any idea how should I do it? Wanted to try with Terraform or Python script/Lambda if not possible but I’m kind of struggling where to start first. I did look into this post (S3 Buckets Policies for multiple buckets using for-each) but it’s an old one not exactly answering my use-case (no bucket creation, listing instead and NOT altering existing S3 Bucket Policy - if any deployed)… thanks!