S3 bucket should have versioning enabled

Ensure that buckets have versioning enabled so that you can recover objects from accidental deletion or overwrite

Risk Level: Low
Cloud Entity: Simple Storage Service (S3)
CloudGuard Rule ID: D9.AWS.NET.19
Covered by Spectral: Yes
Category: Storage

GSL LOGIC

S3Bucket should have versioning.status='Enabled'

REMEDIATION

From Portal

  1. Sign in to the AWS Management Console and navigate to Amazon S3 console at https://console.aws.amazon.com/s3/.
  2. Click on the name of the S3 bucket that you want to reconfigure.
  3. Select the Properties tab from the console menu to access the bucket properties.
  4. In the Bucket Versioning section, choose Edit to modify the object versioning configuration.
  5. On the Edit Bucket Versioning page, select Enable under Bucket Versioning to enable the feature. Choose Save changes to apply the configuration changes.

Note: After enabling object versioning, you might need to update your lifecycle rules to manage previous versions of objects.

From TF

resource "aws_s3_bucket_versioning" "versioning_example" {
	bucket = aws_s3_bucket.example.id
	versioning_configuration {
		status = "Enabled"
	}
}

From Command Line
Run put-bucket-versioning command to enable S3 object versioning for the selected bucket.

aws s3api put-bucket-versioning --bucket cc-prod-web-data --versioning-configuration Status=Enabled

References

  1. https://docs.aws.amazon.com/AmazonS3/latest/userguide/manage-versioning-examples.html
  2. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_versioning
  3. https://awscli.amazonaws.com/v2/documentation/api/latest/reference/s3api/put-bucket-versioning.html
  4. https://docs.aws.amazon.com/AmazonS3/latest/userguide/Versioning.html

Simple Storage Service (S3)

Companies today need the ability to simply and securely collect, store, and analyze their data at a massive scale. Amazon S3 is object storage built to store and retrieve any amount of data from anywhere ��� web sites and mobile apps, corporate applications, and data from IoT sensors or devices. It is designed to deliver 99.999999999% durability, and stores data for millions of applications used by market leaders in every indu

Compliance Frameworks

  • AWS CloudGuard Best Practices
  • AWS CloudGuard Network Alerts for default VPC components
  • AWS CloudGuard S3 Bucket Security
  • AWS CloudGuard SOC2 based on AICPA TSC 2017
  • AWS CloudGuard Well Architected Framework
  • AWS HITRUST
  • AWS HITRUST v11.0.0
  • AWS ISO27001:2022
  • AWS ITSG-33
  • AWS LGPD regulation
  • AWS MAS TRM Framework
  • AWS MITRE ATT&CK Framework v10
  • AWS NIST 800-53 Rev 5
  • CloudGuard AWS All Rules Ruleset