JavaScript Code to Get All Non-Versioned S3 Buckets
Code
const AWS = require("aws-sdk"); AWS.config.update({region: 'us-west-2'}); const s3 = new AWS.S3(); async function getAllNonVersionedBuckets() { const { Buckets } = await s3.listBuckets().promise(); const versionStatuses = await Promise.all(Buckets.map(async ({ Name }) => { try { const { Status } = await s3.getBucketVersioning({ Bucket: Name }).promise(); return { Name, Versioned: Status === 'Enabled' }; } catch { return { Name, Versioned: false }; } })); return versionStatuses.filter(bucket => !bucket.Versioned); } getAllNonVersionedBuckets().then(nonVersionedBuckets => { console.log(nonVersionedBuckets); }).catch(console.error);
Detailed Code Explanation
The script starts by loading the AWS JavaScript SDK (aws-sdk) and configuring the region to 'us-west-2'. The AWS.S3 instance is created without any specific credentials, assuming that they will be available in the execution environment.
The getAllNonVersionedBuckets function first calls s3.listBuckets(). This makes a request to AWS S3 to get a list of all the S3 buckets in the account. Using async/await, we wait until the listBuckets promise is resolved and destructure the Buckets from the resulting data.
The returned Buckets is an array of objects and each object has a Name property that corresponds to the bucket's name. For each bucket, a request is made to AWS S3 to get the versioning status via s3.getBucketVersioning({ Bucket: Name }).
Each bucket's versioning status is then checked (Status === 'Enabled'). If the getBucketVersioning function throws an error, it's assumed that the bucket is not versioned.
All the non-versioned buckets are then logged to the console.
Expected Output
The expected output of this code is a list of non-versioned buckets, where each bucket is represented as an object with Name and Versioned properties. The Versioned property should be false. Here is an example output:
[ { "Name": "bucketName1", "Versioned": false }, { "Name": "bucketName2", "Versioned": false }, ... ]
Considerations & Caveats
AWS SDK operations are limited by API rate limits. Making many bucket versioning API calls in quick succession may hit the S3 API rate limit, causing further requests to fail until the limit resets.
Error checking in this script assumes that an error from getBucketVersioning means the bucket is non-versioned. In fact, other errors like network errors, insufficient permissions, etc., could also cause an exception. It's better to handle these exceptions separately.
This script assumes that the environment in which it is run has appropriate AWS credentials configured. If it doesn't, the script will fail to authenticate with AWS and won't run properly.
Required IAM Permissions and Example Policy
The executing entity requires the s3:ListAllMyBuckets and s3:GetBucketVersioning permissions. The IAM policy would look like this:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "s3:ListAllMyBuckets", "s3:GetBucketVersioning" ], "Resource": "*" } ] }
FAQ
Q: Does the script include S3 buckets in all regions?
A: Yes, the script includes S3 buckets in all regions.
Q: What if I don't have s3:ListAllMyBuckets or s3:GetBucketVersioning permission?
A: The script would fail to fetch the necessary data and will result in an error.
Q: Why does the script only list non-versioned buckets?
A: The script is intended for use cases where it's important to know which buckets don't have versioning turned on. Versioning is a good practice for data backup and recovery, so it can be useful to know which buckets don't have it enabled.
Q: Does the script return the versioning state of all buckets?
A: No, the script only returns buckets where the versioning state is not enabled.