Storage Advisor CLI

If your organization has a large number of S3, possibly created by different people and teams, it’s quite common to have a few configuration issues. While AWS “Trusted Advisor” tool can help, its full functionality is only available to enterprise support customers, and even then, it does not check for all of the best practices.

That’s why we created Storage Advisor CLI - a free and open-source tool to look at your buckets and run advanced checks. It requires minimal read-only permissions, and will produce the summary of issues, detailed list of issues and, if you wish, recommended Terraform code you can use to correct the problem.

Running the tool

The prebuilt libraries for the popular platforms are available throught GitHub Release. For example, here are the instructions for MacOS:

wget https://github.com/joomcode/spark-platform/releases/download/storage-advisor-cli-1.0.0/storage-advisor-macos.tar.gz
tar -xvf storage-advisor-macos.tar.gz
./storage-advisor

The tool requires that your are authorised in AWS on the command line. To double-check that, you can use

aws sts get-caller-identity

The tool will runs several checks, and produce a summary that looks like this

Running S3 checks

Bucket ACLs: 3 OK, 7 warning
- 5 buckets: OwnershipNotSet
- 2 buckets: OwnershipLax

Bucket Versioning: 7 OK, 3 warning
- 2 buckets: VersioningNotSet
- 1 buckets: VersioningSuspended

Bucket Encryption: 3 OK, 7 warning
- 7 buckets: EncryptionAES256WithoutBucketKey

Bucket Logging: 8 OK, 2 warning
- 2 buckets: LoggingNotSet

Wrote recommentations to 's3-recommentations.txt'

For each check, there’s a summary daying how many buckets are totally OK, and how many might need your attention. The detailed log is saved to a file.

Terraform recommendations

You will be also prompted to create recommendations in the Terraform format. If you already use Terraform, it might be much more efficient to start from the generated recommendations, rather than doing changes manually in the AWS console.

One warning though - because the tool does not know anything about your existing Terraform setup, it might generate recommendations that conflict with what you have. We recommend that you examine the proposed plan carefully.

Let us know what you think

We’d love to hear your experience. Feel free to email us or reach out on Twitter