MEDIUM
Source
Trivy/CSPM
CSPM ID
s3-bucket-versioning
ID
AVD-AWS-0090

S3 Data should be versioned

Versioning in Amazon S3 is a means of keeping multiple variants of an object in the same bucket.

You can use the S3 Versioning feature to preserve, retrieve, and restore every version of every object stored in your buckets.

With versioning you can recover more easily from both unintended user actions and application failures.

Impact

Follow the appropriate remediation steps below to resolve the issue.

Enable versioning to protect against accidental/malicious removal or modification

1
2
3
4
5
6
Resources:
  GoodExample:
    Type: AWS::S3::Bucket
    Properties:
      VersioningConfiguration:
        Status: Enabled
  1. Log in to the AWS Management Console.

  2. Select the “Services” option and search for S3. Step

  3. Scroll down the left navigation panel and choose “Buckets”.Step

  4. Select the “Bucket” that needs to be verified and click on its identifier(name) from the “Bucket name” column.Step

  5. Click on the “Properties” tab on the top menu. Step

  6. Check the “Bucket Versioning” option under “Properties” and if it’s set to “Disabled” then S3 bucket versioning is not enabled for the selected S3 bucket. Step

  7. To enable “Bucket Versioning” click on the “Edit” button under “Bucket Versioning”. On the “Edit Bucket Versioning” page, select “Enable”. Step

  8. Click on the “Save changes” button to make the necessary changes. Step

  9. Repeat steps number 4 - 8 to enable versioning for other S3 buckets.

Enable versioning to protect against accidental/malicious removal or modification

1
2
3
4
5
6
resource "aws_s3_bucket" "good_example" {

  versioning {
    enabled = true
  }
}
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
resource "aws_s3_bucket" "example" {
  bucket = "yournamehere"

  # ... other configuration ...
}

resource "aws_s3_bucket_versioning" "example" {
  bucket = aws_s3_bucket.example.id
  versioning_configuration {
    status = "Enabled"
  }
}