S3 bucket should have versioning enabled
Ensure that buckets have versioning enabled so that you can recover objects from accidental deletion or overwrite
Risk Level: Low
Cloud Entity: Simple Storage Service (S3)
CloudGuard Rule ID: D9.AWS.NET.19
Covered by Spectral: Yes
Category: Storage
GSL LOGIC
S3Bucket should have versioning.status='Enabled'
REMEDIATION
From Portal
- Sign in to the AWS Management Console and navigate to Amazon S3 console at https://console.aws.amazon.com/s3/.
- Click on the name of the S3 bucket that you want to reconfigure.
- Select the Properties tab from the console menu to access the bucket properties.
- In the Bucket Versioning section, choose Edit to modify the object versioning configuration.
- On the Edit Bucket Versioning page, select Enable under Bucket Versioning to enable the feature. Choose Save changes to apply the configuration changes.
Note: After enabling object versioning, you might need to update your lifecycle rules to manage previous versions of objects.
From TF
resource "aws_s3_bucket_versioning" "versioning_example" {
bucket = aws_s3_bucket.example.id
versioning_configuration {
status = "Enabled"
}
}
From Command Line
Run put-bucket-versioning command to enable S3 object versioning for the selected bucket.
aws s3api put-bucket-versioning --bucket cc-prod-web-data --versioning-configuration Status=Enabled
References
- https://docs.aws.amazon.com/AmazonS3/latest/userguide/manage-versioning-examples.html
- https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_versioning
- https://awscli.amazonaws.com/v2/documentation/api/latest/reference/s3api/put-bucket-versioning.html
- https://docs.aws.amazon.com/AmazonS3/latest/userguide/Versioning.html
Simple Storage Service (S3)
Companies today need the ability to simply and securely collect, store, and analyze their data at a massive scale. Amazon S3 is object storage built to store and retrieve any amount of data from anywhere ��� web sites and mobile apps, corporate applications, and data from IoT sensors or devices. It is designed to deliver 99.999999999% durability, and stores data for millions of applications used by market leaders in every indu
Compliance Frameworks
- AWS CloudGuard Best Practices
- AWS CloudGuard Network Alerts for default VPC components
- AWS CloudGuard S3 Bucket Security
- AWS CloudGuard SOC2 based on AICPA TSC 2017
- AWS CloudGuard Well Architected Framework
- AWS HITRUST
- AWS HITRUST v11.0.0
- AWS ISO27001:2022
- AWS ITSG-33
- AWS LGPD regulation
- AWS MAS TRM Framework
- AWS MITRE ATT&CK Framework v10
- AWS NIST 800-53 Rev 5
- CloudGuard AWS All Rules Ruleset
Updated over 1 year ago