Sometimes it can be useful to check if there are publicly accessible objects in a specific S3 bucket. Using S3Express you can easily list all public objects in a bucket. The command to use is the following:
ls my_bucket_name -s -cond:"s3_acl_is_public_read = true"
my_bucket_name is the name of the bucket
-s is used to include subfolders (e.g. recursive)
-cond is the filtering condition to only list objects which have public-access ACL.
This command will list all public objects in a S3 bucket.
If you prefer to just see a summary of the total amount of objects present in a bucket that are publicly accessible, instead of listing each object's name, add the flag -sum, e.g.:
ls my_bucket_name -s -cond:"s3_acl_is_public_read = true" -sum
Other options for the filtering condition -cond are s3_acl_is_private or s3_acl_is_public_read_write , see S3Express Manual for more details.
Depending on the amount of objects in the bucket, it may take some time for the above command to complete, because each object's ACL must be queried by S3Express, even if the querying is done by S3Express in a multithreaded fashion.