def encryption_enabled(bucketName, s3, subscriberAccountId):
"""This function will return whether the Bucket is encrypted or not."""
try:
s3.get_bucket_encryption(Bucket=bucketName)
logger.logInfo(
f'S3 bucket: {bucketName} is already encrypted in Account number:{subscriberAccountId}'
)
return True
except botocore.exceptions.ClientError as error:
if 'ServerSideEncryptionConfigurationNotFoundError' in str(error):
return False
else:
logger.logError(
f'Bucket {bucketName} in {subscriberAccountId} not encrypted due to following error: \n {error}'
)
message = f'S3 Bucket {bucketName} in {subscriberAccountId} not encrypted due to following error: \n {error}'
logger.logDebug(f'sent error email')
notify_email(toEmail, fromEmail, message)
return True
def enable_encryption(bucketName, s3, subscriberAccountId):
""" This function enables the encryption on bucket """
try:
s3.put_bucket_encryption(
Bucket=bucketName,
ServerSideEncryptionConfiguration={
'Rules': [
{
'ApplyServerSideEncryptionByDefault': {
'SSEAlgorithm': 'AES256'
}
},
]
})
logger.logInfo(f'Encrypted successfully and sent mail')
message = f'{bucketName} in account number: {subscriberAccountId} successfully encrypted.'
notify_email(toEmail, fromEmail, message)
return True
except botocore.exceptions.ClientError as error:
message = f'Bucket {bucketName} in {subscriberAccountId} is not encrypted successfully due to following \n {error}'
logger.logError(
f'Bucket {bucketName} in {subscriberAccountId} is not encrypted successfully due to following \n {error}'
)
notify_email(toEmail, fromEmail, message)