I'm trying to restrict access to a set of buckets using boto3.
Consider that I'm dealing with around 200 buckets and that I have to create a rollback solution to undo the changes that I will make in case it affects a critical bucket.
My plan so far is:
- Get the bucket policies and store them in a log file.
- Use boto3 to iterate over the buckets, changing their policies to deny all access, except to me.
- In case someone asks to undo the change to a certain bucket, use bucket_policy.put() to reinsert the policy stored in step 1.
Is that the best way to go?
If so, what is the specific Bucket Policy that denies access to everyone except me?