@absurd-engineering/enforcer
v0.0.3
Published
A utility for auditing and remediating AWS S3 Public Access Block configurations.
Readme
enforcer
A utility for auditing and remediating AWS S3 Public Access Block configurations.
Getting Started
Enforcer uses the AWS Javascript SDK internally and assumes all users of the tool have configured CLI and/or API access to AWS. If you don't have a locally configured AWS profile, configure one before using this tool: Configuration and credential file settings in the AWS CLI
Enforcer is otherwise self-contained and only requires connectivity to AWS APIs to function.
Installation
You may install Enforcer with your preferred package manager or use pnpm dlx to run Enforcer without persisting the tool to your system.
npm
$ npm install -g @absurd-engineering/enforcer
$ enforcer helppnpm
$ pnpm dlx @absurd-engineering/enforcer helpUsage
$ npm install -g @absurd-engineering/enforcer
$ enforcer COMMAND
running command...
$ enforcer (--version)
@absurd-engineering/enforcer/0.0.3 linux-x64 node-v24.5.0
$ enforcer --help [COMMAND]
USAGE
$ enforcer COMMAND
...Commands
enforcer audit
Audit AWS S3 public access blocks
USAGE
$ enforcer audit --profile <value> [--json] [--bucket <value>] [--fix]
AUDIT FLAGS
--bucket=<value> Scope actions to a specific bucket
--fix Overwrite public access blocks to disallow public access
GLOBAL FLAGS
--json Format output as json.
--profile=<value> (required) AWS profile to use for authentication against AWS
DESCRIPTION
Audit AWS S3 public access blocks
EXAMPLES
$ enforcer audit --profile default
$ enforcer audit --bucket my-bucket --profile default
$ enforcer audit --fix --profile default
FLAG DESCRIPTIONS
--bucket=<value> Scope actions to a specific bucket
If not provided, actions will be scoped to all buckets
--fix Overwrite public access blocks to disallow public access
Update public access blocks for all buckets to disallow public access.
See: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html#access-control-bl
ock-public-access-options
--profile=<value> AWS profile to use for authentication against AWS
See https://docs.aws.amazon.com/cli/v1/userguide/cli-configure-files.html#cli-configure-files-using-profilesSee code: src/commands/audit.ts
enforcer help [COMMAND]
Display help for enforcer.
USAGE
$ enforcer help [COMMAND...] [-n]
ARGUMENTS
COMMAND... Command to show help for.
FLAGS
-n, --nested-commands Include all nested commands in the output.
DESCRIPTION
Display help for enforcer.See code: @oclif/plugin-help
Testing and Development
To test or contribute to this project:
- Install fnm or your preferred Node version manager
- Install and use the version of NodeJS documented in .node-version
- Install pnpm
- Optionally, you may install
pnpmusing Corepack if available in your environment
- Optionally, you may install
- Run
pnpm installfrom the root of this project directory - Run
pnpm testto execute unit tests
Running a development build
Enforcer uses the excellent oclif CLI framework to provide basic functionality for this tool. oclif provides multiple entry points to Enforcer at bin/dev and bin/run:
node bin/dev.jswill execute local code from this projectnode bin/run.jswill execute the results ofpnpm buildstored in the./distdirectory
You can use both of these entry points to manually test or experiment with the Enforcer CLI as needed.
Design
See DESIGN.md
