How Can I Programmatically Check Amazon S3 Permissions With Boto?

We have a bushy tree in a bucket on Amazon S3 with a large number of files. I just discovered that while some files have two permissions entries, as seen if one clicks on a file in

Solution 1:

Here is some Python code, using boto, that would look through all of the keys in a bucket. If the key does not allow "everyone" to read the contents of the key, it will add public-read permissions to that key:

import boto

all_users = 'http://acs.amazonaws.com/groups/global/AllUsers'
conn = boto.connect_s3()
bucket = conn.get_bucket('mybucket')forkeyin bucket:
    readable = False
    acl = key.get_acl()
    for grant in acl.acl.grants:
        if grant.permission == 'READ':if grant.uri == all_users:
                readable = Trueifnot readable:
        key.make_public()

This code has not been thoroughly tested so you should try things out first. Also, be clear that the net result of this is to make ALL of the objects in the bucket readable by anyone. Also keep in mind that this script is fetching the current ACL of every object in the bucket so if there are millions of objects, that's millions of requests which can take a lot of time and has some cost associated with it.

Another approach would be to just call make_public() on every key in the bucket, regardless of it's current ACL.