aws_accessanalyzer_analyzeraws_accountaws_account_alternate_contactaws_account_contactaws_acm_certificateaws_amplify_appaws_api_gateway_api_authorizeraws_api_gateway_api_keyaws_api_gateway_authorizeraws_api_gateway_rest_apiaws_api_gateway_stageaws_api_gateway_usage_planaws_api_gatewayv2_apiaws_api_gatewayv2_domain_nameaws_api_gatewayv2_integrationaws_api_gatewayv2_routeaws_api_gatewayv2_stageaws_appautoscaling_targetaws_appconfig_applicationaws_appstream_imageaws_athena_query_executionaws_athena_workgroupaws_auditmanager_assessmentaws_auditmanager_controlaws_auditmanager_evidenceaws_auditmanager_evidence_folderaws_auditmanager_frameworkaws_availability_zoneaws_backup_frameworkaws_backup_legal_holdaws_backup_planaws_backup_protected_resourceaws_backup_recovery_pointaws_backup_selectionaws_backup_vaultaws_cloudcontrol_resourceaws_cloudformation_stackaws_cloudformation_stack_resourceaws_cloudfront_cache_policyaws_cloudfront_distributionaws_cloudfront_functionaws_cloudfront_origin_access_identityaws_cloudfront_origin_request_policyaws_cloudfront_response_headers_policyaws_cloudsearch_domainaws_cloudtrail_channelaws_cloudtrail_event_data_storeaws_cloudtrail_importaws_cloudtrail_queryaws_cloudtrail_trailaws_cloudtrail_trail_eventaws_cloudwatch_alarmaws_cloudwatch_log_eventaws_cloudwatch_log_groupaws_cloudwatch_log_metric_filteraws_cloudwatch_log_resource_policyaws_cloudwatch_log_streamaws_cloudwatch_log_subscription_filteraws_cloudwatch_metricaws_cloudwatch_metric_data_pointaws_cloudwatch_metric_statistic_data_pointaws_codeartifact_domainaws_codeartifact_repositoryaws_codebuild_buildaws_codebuild_projectaws_codebuild_source_credentialaws_codecommit_repositoryaws_codedeploy_appaws_codedeploy_deployment_configaws_codedeploy_deployment_groupaws_codepipeline_pipelineaws_config_aggregate_authorizationaws_config_configuration_recorderaws_config_conformance_packaws_config_retention_configurationaws_config_ruleaws_cost_by_account_dailyaws_cost_by_account_monthlyaws_cost_by_record_type_dailyaws_cost_by_record_type_monthlyaws_cost_by_service_dailyaws_cost_by_service_monthlyaws_cost_by_service_usage_type_dailyaws_cost_by_service_usage_type_monthlyaws_cost_by_tagaws_cost_forecast_dailyaws_cost_forecast_monthlyaws_cost_usageaws_dax_clusteraws_dax_parameteraws_dax_parameter_groupaws_dax_subnet_groupaws_directory_service_directoryaws_dlm_lifecycle_policyaws_dms_replication_instanceaws_docdb_clusteraws_docdb_cluster_instanceaws_drs_jobaws_drs_recovery_instanceaws_drs_recovery_snapshotaws_drs_source_serveraws_dynamodb_backupaws_dynamodb_global_tableaws_dynamodb_metric_account_provisioned_read_capacity_utilaws_dynamodb_metric_account_provisioned_write_capacity_utilaws_dynamodb_tableaws_dynamodb_table_exportaws_ebs_snapshotaws_ebs_volumeaws_ebs_volume_metric_read_opsaws_ebs_volume_metric_read_ops_dailyaws_ebs_volume_metric_read_ops_hourlyaws_ebs_volume_metric_write_opsaws_ebs_volume_metric_write_ops_dailyaws_ebs_volume_metric_write_ops_hourlyaws_ec2_amiaws_ec2_ami_sharedaws_ec2_application_load_balanceraws_ec2_application_load_balancer_metric_request_countaws_ec2_application_load_balancer_metric_request_count_dailyaws_ec2_autoscaling_groupaws_ec2_capacity_reservationaws_ec2_classic_load_balanceraws_ec2_client_vpn_endpointaws_ec2_gateway_load_balanceraws_ec2_instanceaws_ec2_instance_availabilityaws_ec2_instance_metric_cpu_utilizationaws_ec2_instance_metric_cpu_utilization_dailyaws_ec2_instance_metric_cpu_utilization_hourlyaws_ec2_instance_typeaws_ec2_key_pairaws_ec2_launch_configurationaws_ec2_launch_templateaws_ec2_launch_template_versionaws_ec2_load_balancer_listeneraws_ec2_managed_prefix_listaws_ec2_network_interfaceaws_ec2_network_load_balanceraws_ec2_network_load_balancer_metric_net_flow_countaws_ec2_network_load_balancer_metric_net_flow_count_dailyaws_ec2_regional_settingsaws_ec2_reserved_instanceaws_ec2_spot_priceaws_ec2_ssl_policyaws_ec2_target_groupaws_ec2_transit_gatewayaws_ec2_transit_gateway_routeaws_ec2_transit_gateway_route_tableaws_ec2_transit_gateway_vpc_attachmentaws_ecr_imageaws_ecr_image_scan_findingaws_ecr_repositoryaws_ecrpublic_repositoryaws_ecs_clusteraws_ecs_cluster_metric_cpu_utilizationaws_ecs_cluster_metric_cpu_utilization_dailyaws_ecs_cluster_metric_cpu_utilization_hourlyaws_ecs_container_instanceaws_ecs_serviceaws_ecs_taskaws_ecs_task_definitionaws_efs_access_pointaws_efs_file_systemaws_efs_mount_targetaws_eks_addonaws_eks_addon_versionaws_eks_clusteraws_eks_fargate_profileaws_eks_identity_provider_configaws_eks_node_groupaws_elastic_beanstalk_applicationaws_elastic_beanstalk_environmentaws_elasticache_clusteraws_elasticache_parameter_groupaws_elasticache_redis_metric_cache_hits_hourlyaws_elasticache_redis_metric_curr_connections_hourlyaws_elasticache_redis_metric_engine_cpu_utilization_dailyaws_elasticache_redis_metric_engine_cpu_utilization_hourlyaws_elasticache_redis_metric_get_type_cmds_hourlyaws_elasticache_redis_metric_list_based_cmds_hourlyaws_elasticache_redis_metric_new_connections_hourlyaws_elasticache_replication_groupaws_elasticache_reserved_cache_nodeaws_elasticache_subnet_groupaws_elasticsearch_domainaws_emr_block_public_access_configurationaws_emr_clusteraws_emr_cluster_metric_is_idleaws_emr_instanceaws_emr_instance_fleetaws_emr_instance_groupaws_eventbridge_busaws_eventbridge_ruleaws_fsx_file_systemaws_glacier_vaultaws_globalaccelerator_acceleratoraws_globalaccelerator_endpoint_groupaws_globalaccelerator_listeneraws_glue_catalog_databaseaws_glue_catalog_tableaws_glue_connectionaws_glue_crawleraws_glue_data_catalog_encryption_settingsaws_glue_data_quality_rulesetaws_glue_dev_endpointaws_glue_jobaws_glue_security_configurationaws_guardduty_detectoraws_guardduty_filteraws_guardduty_findingaws_guardduty_ipsetaws_guardduty_memberaws_guardduty_publishing_destinationaws_guardduty_threat_intel_setaws_health_affected_entityaws_health_eventaws_iam_access_advisoraws_iam_access_keyaws_iam_account_password_policyaws_iam_account_summaryaws_iam_actionaws_iam_credential_reportaws_iam_groupaws_iam_policyaws_iam_policy_attachmentaws_iam_policy_simulatoraws_iam_roleaws_iam_saml_provideraws_iam_server_certificateaws_iam_service_specific_credentialaws_iam_useraws_iam_virtual_mfa_deviceaws_identitystore_groupaws_identitystore_useraws_inspector2_coverageaws_inspector2_coverage_statisticsaws_inspector2_findingaws_inspector2_memberaws_inspector_assessment_runaws_inspector_assessment_targetaws_inspector_assessment_templateaws_inspector_exclusionaws_inspector_findingaws_kinesis_consumeraws_kinesis_firehose_delivery_streamaws_kinesis_streamaws_kinesis_video_streamaws_kinesisanalyticsv2_applicationaws_kms_aliasaws_kms_keyaws_lambda_aliasaws_lambda_functionaws_lambda_function_metric_duration_dailyaws_lambda_function_metric_errors_dailyaws_lambda_function_metric_invocations_dailyaws_lambda_layeraws_lambda_layer_versionaws_lambda_versionaws_lightsail_instanceaws_macie2_classification_jobaws_media_store_containeraws_mgn_applicationaws_msk_clusteraws_msk_serverless_clusteraws_neptune_db_clusteraws_networkfirewall_firewallaws_networkfirewall_firewall_policyaws_networkfirewall_rule_groupaws_oam_linkaws_oam_sinkaws_opensearch_domainaws_organizations_accountaws_organizations_policyaws_pinpoint_appaws_pipes_pipeaws_pricing_productaws_pricing_service_attributeaws_ram_principal_associationaws_ram_resource_associationaws_rds_db_clusteraws_rds_db_cluster_parameter_groupaws_rds_db_cluster_snapshotaws_rds_db_event_subscriptionaws_rds_db_instanceaws_rds_db_instance_automated_backupaws_rds_db_instance_metric_connectionsaws_rds_db_instance_metric_connections_dailyaws_rds_db_instance_metric_connections_hourlyaws_rds_db_instance_metric_cpu_utilizationaws_rds_db_instance_metric_cpu_utilization_dailyaws_rds_db_instance_metric_cpu_utilization_hourlyaws_rds_db_instance_metric_read_iopsaws_rds_db_instance_metric_read_iops_dailyaws_rds_db_instance_metric_read_iops_hourlyaws_rds_db_instance_metric_write_iopsaws_rds_db_instance_metric_write_iops_dailyaws_rds_db_instance_metric_write_iops_hourlyaws_rds_db_option_groupaws_rds_db_parameter_groupaws_rds_db_proxyaws_rds_db_snapshotaws_rds_db_subnet_groupaws_rds_reserved_db_instanceaws_redshift_clusteraws_redshift_cluster_metric_cpu_utilization_dailyaws_redshift_event_subscriptionaws_redshift_parameter_groupaws_redshift_snapshotaws_redshift_subnet_groupaws_redshiftserverless_namespaceaws_redshiftserverless_workgroupaws_regionaws_resource_explorer_indexaws_resource_explorer_searchaws_resource_explorer_supported_resource_typeaws_route53_domainaws_route53_health_checkaws_route53_recordaws_route53_resolver_endpointaws_route53_resolver_ruleaws_route53_traffic_policyaws_route53_traffic_policy_instanceaws_route53_zoneaws_s3_access_pointaws_s3_account_settingsaws_s3_bucketaws_s3_multi_region_access_pointaws_s3_objectaws_sagemaker_appaws_sagemaker_domainaws_sagemaker_endpoint_configurationaws_sagemaker_modelaws_sagemaker_notebook_instanceaws_sagemaker_training_jobaws_secretsmanager_secretaws_securityhub_action_targetaws_securityhub_findingaws_securityhub_finding_aggregatoraws_securityhub_hubaws_securityhub_insightaws_securityhub_memberaws_securityhub_productaws_securityhub_standards_controlaws_securityhub_standards_subscriptionaws_securitylake_data_lakeaws_securitylake_subscriberaws_serverlessapplicationrepository_applicationaws_service_discovery_instanceaws_service_discovery_namespaceaws_service_discovery_serviceaws_servicecatalog_portfolioaws_servicecatalog_productaws_servicequotas_default_service_quotaaws_servicequotas_service_quotaaws_servicequotas_service_quota_change_requestaws_ses_domain_identityaws_ses_email_identityaws_sfn_state_machineaws_sfn_state_machine_executionaws_sfn_state_machine_execution_historyaws_simspaceweaver_simulationaws_sns_topicaws_sns_topic_subscriptionaws_sqs_queueaws_ssm_associationaws_ssm_documentaws_ssm_document_permissionaws_ssm_inventoryaws_ssm_inventory_entryaws_ssm_maintenance_windowaws_ssm_managed_instanceaws_ssm_managed_instance_complianceaws_ssm_managed_instance_patch_stateaws_ssm_parameteraws_ssm_patch_baselineaws_ssoadmin_account_assignmentaws_ssoadmin_instanceaws_ssoadmin_managed_policy_attachmentaws_ssoadmin_permission_setaws_sts_caller_identityaws_tagging_resourceaws_vpcaws_vpc_customer_gatewayaws_vpc_dhcp_optionsaws_vpc_egress_only_internet_gatewayaws_vpc_eipaws_vpc_eip_address_transferaws_vpc_endpointaws_vpc_endpoint_serviceaws_vpc_flow_logaws_vpc_flow_log_eventaws_vpc_internet_gatewayaws_vpc_nat_gatewayaws_vpc_network_aclaws_vpc_peering_connectionaws_vpc_routeaws_vpc_route_tableaws_vpc_security_groupaws_vpc_security_group_ruleaws_vpc_subnetaws_vpc_verified_access_endpointaws_vpc_verified_access_groupaws_vpc_verified_access_instanceaws_vpc_verified_access_trust_provideraws_vpc_vpn_connectionaws_vpc_vpn_gatewayaws_waf_rate_based_ruleaws_waf_ruleaws_waf_rule_groupaws_waf_web_aclaws_wafregional_ruleaws_wafregional_rule_groupaws_wafregional_web_aclaws_wafv2_ip_setaws_wafv2_regex_pattern_setaws_wafv2_rule_groupaws_wafv2_web_aclaws_wellarchitected_answeraws_wellarchitected_check_detailaws_wellarchitected_check_summaryaws_wellarchitected_consolidated_reportaws_wellarchitected_lensaws_wellarchitected_lens_reviewaws_wellarchitected_lens_review_improvementaws_wellarchitected_lens_review_reportaws_wellarchitected_lens_shareaws_wellarchitected_milestoneaws_wellarchitected_notificationaws_wellarchitected_share_invitationaws_wellarchitected_workloadaws_wellarchitected_workload_shareaws_workspaces_workspace
Table: aws_s3_bucket
An Amazon S3 bucket is a public cloud storage resource available in Amazon Web Services' (AWS) Simple Storage Service (S3), an object storage offering.
Examples
Basic info
select name, region, account_id, bucket_policy_is_publicfrom aws_s3_bucket;
List buckets with versioning disabled
select name, region, account_id, versioning_enabledfrom aws_s3_bucketwhere not versioning_enabled;
List buckets with default encryption disabled
select name, server_side_encryption_configurationfrom aws_s3_bucketwhere server_side_encryption_configuration is null;
List buckets that do not block public access
select name, block_public_acls, block_public_policy, ignore_public_acls, restrict_public_bucketsfrom aws_s3_bucketwhere not block_public_acls or not block_public_policy or not ignore_public_acls or not restrict_public_buckets;
List buckets that block public access through bucket policies
select name, bucket_policy_is_publicfrom aws_s3_bucketwhere bucket_policy_is_public;
List buckets where the server access logging destination is the same as the source bucket
select name, logging ->> 'TargetBucket' as target_bucketfrom aws_s3_bucketwhere logging ->> 'TargetBucket' = name;
List buckets without the 'application' tags key
select name, tags ->> 'fizz' as fizzfrom aws_s3_bucketwhere tags ->> 'application' is not null;
List buckets that enforce encryption in transit
select name, p as principal, a as action, s ->> 'Effect' as effect, s ->> 'Condition' as conditions, sslfrom aws_s3_bucket, jsonb_array_elements(policy_std -> 'Statement') as s, jsonb_array_elements_text(s -> 'Principal' -> 'AWS') as p, jsonb_array_elements_text(s -> 'Action') as a, jsonb_array_elements_text(s -> 'Condition' -> 'Bool' -> 'aws:securetransport') as sslwhere p = '*' and s ->> 'Effect' = 'Deny' and ssl :: bool = false;
List buckets that do not enforce encryption in transit
select namefrom aws_s3_bucketwhere name not in ( select name from aws_s3_bucket, jsonb_array_elements(policy_std -> 'Statement') as s, jsonb_array_elements_text(s -> 'Principal' -> 'AWS') as p, jsonb_array_elements_text(s -> 'Action') as a, jsonb_array_elements_text(s -> 'Condition' -> 'Bool' -> 'aws:securetransport') as ssl where p = '*' and s ->> 'Effect' = 'Deny' and ssl :: bool = false );
List bucket policy statements that grant external access for each bucket
select title, p as principal, a as action, s ->> 'Effect' as effect, s -> 'Condition' as conditionsfrom aws_s3_bucket, jsonb_array_elements(policy_std -> 'Statement') as s, jsonb_array_elements_text(s -> 'Principal' -> 'AWS') as p, string_to_array(p, ':') as pa, jsonb_array_elements_text(s -> 'Action') as awhere s ->> 'Effect' = 'Allow' and ( pa [ 5 ] != account_id or p = '*' );
List buckets with object lock enabled
select name, object_lock_configuration ->> 'ObjectLockEnabled' as object_lock_enabledfrom aws_s3_bucketwhere object_lock_configuration ->> 'ObjectLockEnabled' = 'Enabled';
List buckets with website hosting enabled
select name, website_configuration -> 'IndexDocument' ->> 'Suffix' as suffixfrom aws_s3_bucketwhere website_configuration -> 'IndexDocument' ->> 'Suffix' is not null;
List object ownership control rules of buckets
select b.name, r ->> 'ObjectOwnership' as object_ownershipfrom aws_s3_bucket as b, jsonb_array_elements(object_ownership_controls -> 'Rules') as r;
Query examples
- bucket_policy_stds_for_s3_bucket
- cloudtrail_trail_bucket
- cloudtrail_trails_for_s3_bucket
- ec2_application_load_balancers_for_s3_bucket
- ec2_classic_load_balancers_for_s3_bucket
- ec2_network_load_balancers_for_s3_bucket
- kms_keys_for_s3_bucket
- lambda_functions_for_s3_bucket
- logging_destination_s3_buckets_for_s3_bucket
- logging_source_s3_buckets_for_s3_bucket
- s3_bucket_1_year_count
- s3_bucket_24_hours_count
- s3_bucket_30_90_days_count
- s3_bucket_30_days_count
- s3_bucket_90_365_days_count
- s3_bucket_age_table
- s3_bucket_block_public_acls_disabled_count
- s3_bucket_block_public_policy_disabled_count
- s3_bucket_by_account
- s3_bucket_by_creation_month
- s3_bucket_by_region
- s3_bucket_count
- s3_bucket_encryption
- s3_bucket_https_enforce
- s3_bucket_ignore_public_acls_disabled_count
- s3_bucket_input
- s3_bucket_lifecycle_policy
- s3_bucket_lifecycle_table
- s3_bucket_logging
- s3_bucket_logging_disabled_count
- s3_bucket_logging_table
- s3_bucket_overview
- s3_bucket_public
- s3_bucket_public_access
- s3_bucket_public_access_table
- s3_bucket_public_block_count
- s3_bucket_public_policy_count
- s3_bucket_restrict_public_buckets_disabled_count
- s3_bucket_server_side_encryption
- s3_bucket_tags_detail
- s3_bucket_unencrypted_count
- s3_bucket_versioning
- s3_bucket_versioning_disabled_count
- s3_bucket_versioning_mfa_disabled_count
- s3_buckets_for_cloudfront_distribution
- s3_buckets_for_cloudtrail_trail
- s3_buckets_for_codebuild_project
- s3_buckets_for_codepipeline_pipeline
- s3_buckets_for_dynamodb_table
- s3_buckets_for_ec2_application_load_balancer
- s3_buckets_for_ec2_classic_load_balancer
- s3_buckets_for_ec2_gateway_load_balancer
- s3_buckets_for_ec2_network_load_balancer
- s3_buckets_for_emr_cluster
- s3_buckets_for_kms_key
- s3_buckets_for_lambda_function
- s3_buckets_for_sns_topic
- s3_buckets_for_sqs_queue
- s3_buckets_for_vpc_flow_log
- sns_topics_for_s3_bucket
- sqs_queues_for_s3_bucket
Control examples
- s3_bucket_expected_tag_values
- s3_bucket_mandatory
- s3_bucket_prohibited
- s3_bucket_tag_limit
- s3_bucket_untagged
- s3_bucket_acl_prohibit_public_read_access
- s3_bucket_acl_prohibit_public_write_access
- s3_bucket_policy_prohibit_public_access
- s3_public_access_block_bucket
- buckets_with_no_lifecycle
- cloudfront_distribution_no_non_existent_s3_origin
- cloudtrail_bucket_not_public
- cloudtrail_s3_data_events_enabled
- cloudtrail_s3_logging_enabled
- cloudtrail_s3_object_read_events_audit_enabled
- cloudtrail_s3_object_write_events_audit_enabled
- s3_bucket_acls_should_prohibit_user_access
- s3_bucket_cross_region_replication_enabled
- s3_bucket_default_encryption_enabled
- s3_bucket_default_encryption_enabled_kms
- s3_bucket_enforces_ssl
- s3_bucket_event_notifications_enabled
- s3_bucket_lifecycle_policy_enabled
- s3_bucket_logging_enabled
- s3_bucket_mfa_delete_enabled
- s3_bucket_object_lock_enabled
- s3_bucket_object_logging_enabled
- s3_bucket_policy_restrict_public_access
- s3_bucket_policy_restricts_cross_account_permission_changes
- s3_bucket_protected_by_macie
- s3_bucket_public_access_blocked
- s3_bucket_restrict_public_read_access
- s3_bucket_restrict_public_write_access
- s3_bucket_static_website_hosting_disabled
- s3_bucket_versioning_and_lifecycle_policy_enabled
- s3_bucket_versioning_enabled
- s3_public_access_block_bucket
- s3_public_access_block_bucket_account
- cloudtrail_trail_bucket_publicly_accessible
- s3_bucket_by_default_encryption_status
- s3_bucket_cross_region_replication
- s3_bucket_cross_region_replication_status
- s3_bucket_encryption_table
- s3_bucket_https_unenforced_count
- s3_bucket_logging_status
- s3_bucket_versioning_mfa_status
- s3_bucket_versioning_status
- s3_buckets_for_redshift_cluster
.inspect aws_s3_bucket
AWS S3 Bucket
Name | Type | Description |
---|---|---|
_ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. |
account_id | text | The AWS Account ID in which the resource is located. |
acl | jsonb | The access control list (ACL) of a bucket. |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. |
arn | text | The ARN of the AWS S3 Bucket. |
block_public_acls | boolean | Specifies whether Amazon S3 should block public access control lists (ACLs) for this bucket and objects in this bucket. |
block_public_policy | boolean | Specifies whether Amazon S3 should block public bucket policies for this bucket. If TRUE it causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access. |
bucket_policy_is_public | boolean | The policy status for an Amazon S3 bucket, indicating whether the bucket is public. |
creation_date | timestamp with time zone | The date and time when bucket was created. |
event_notification_configuration | jsonb | A container for specifying the notification configuration of the bucket. If this element is empty, notifications are turned off for the bucket. |
ignore_public_acls | boolean | Specifies whether Amazon S3 should ignore public ACLs for this bucket and objects in this bucket. Setting this element to TRUE causes Amazon S3 to ignore all public ACLs on this bucket and objects in this bucket. |
lifecycle_rules | jsonb | The lifecycle configuration information of the bucket. |
logging | jsonb | The logging status of a bucket and the permissions users have to view and modify that status. |
name | text | The user friendly name of the bucket. |
object_lock_configuration | jsonb | The specified bucket's object lock configuration. |
object_ownership_controls | jsonb | The Ownership Controls for an Amazon S3 bucket. |
partition | text | The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov). |
policy | jsonb | The resource IAM access document for the bucket. |
policy_std | jsonb | Contains the policy in a canonical form for easier searching. |
region | text | The AWS Region in which the resource is located. |
replication | jsonb | The replication configuration of a bucket. |
restrict_public_buckets | boolean | Specifies whether Amazon S3 should restrict public bucket policies for this bucket. Setting this element to TRUE restricts access to this bucket to only AWS service principals and authorized users within this account if the bucket has a public policy. |
server_side_encryption_configuration | jsonb | The default encryption configuration for an Amazon S3 bucket. |
tags | jsonb | A map of tags for the resource. |
tags_src | jsonb | A list of tags assigned to bucket. |
title | text | Title of the resource. |
versioning_enabled | boolean | The versioning state of a bucket. |
versioning_mfa_delete | boolean | The MFA Delete status of the versioning state. |
website_configuration | jsonb | The website configuration information of the bucket. |