From b28888f1aec9a43b3a3953aedeb2ed1fc2af136d Mon Sep 17 00:00:00 2001
From: Paco Hope <github@filter.paco.to>
Date: Fri, 13 May 2022 11:27:08 -0400
Subject: [PATCH] Initial create

---
 activate-bpa.sh | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 activate-bpa.sh

diff --git a/activate-bpa.sh b/activate-bpa.sh
new file mode 100644
index 0000000..29ebbcc
--- /dev/null
+++ b/activate-bpa.sh
@@ -0,0 +1,25 @@
+#!/usr/local/bin/bash
+# List buckets, then enable block public access on all of them
+
+# The AWS profile you want to run with
+PROFILE="default"
+
+# The bucket policy you want. This blocks all kinds of public access.
+BPAPOLICY='BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true'
+
+AWS="aws" # for handy debugging, change this to AWS="echo aws"
+export AWS_PAGER="" # otherwise it pauses after every command!
+
+# fetch all the buckets
+BUCKETLIST=$(aws --profile ${PROFILE} s3api list-buckets --query 'Buckets[].Name' --output text)
+
+for bucketname in ${BUCKETLIST}
+do
+    echo -n "${bucketname}: "
+    ${AWS} --profile ${PROFILE} s3api put-public-access-block \
+    --bucket "${bucketname}" \
+    --public-access-block-configuration "${BPAPOLICY}"
+    echo "done"
+done
+
+