MEDIUM
Source
Trivy/CSPM
CSPM ID
s3-bucket-versioning
ID
AVD-AWS-0090

S3 Data should be versioned

Versioning in Amazon S3 is a means of keeping multiple variants of an object in the same bucket. You can use the S3 Versioning feature to preserve, retrieve, and restore every version of every object stored in your buckets. With versioning you can recover more easily from both unintended user actions and application failures.

Impact

Deleted or modified data would not be recoverable

Follow the appropriate remediation steps below to resolve the issue.

Enable versioning to protect against accidental/malicious removal or modification

1
2
3
4
5
6
7
8
9
---
AWSTemplateFormatVersion: "2010-09-09"
Description: A sample template
Resources:
  GoodExample:
    Properties:
      VersioningConfiguration:
        Status: Enabled
    Type: AWS::S3::Bucket
  1. Log into the AWS Management Console.
  2. Select the “Services” option and search for S3. Step
  3. Scroll down the left navigation panel and choose “Buckets”.Step
  4. Select the “Bucket” that needs to be verified and click on its identifier(name) from the “Bucket name” column.Step
  5. Click on the “Properties” tab on the top menu. Step
  6. Check the “Versioning” option under “Properties” and if it’s set to “Suspend versioning” then S3 bucket versioning is not enabled for the selected S3 bucket. Step
  7. Repeat steps number 2 - 6 to verify other S3 buckets in the region.
  8. Select the “S3 bucket” on which versioning needs to be enabled and click on the “Properties” tab. Step
  9. Click on the “Enable versioning” option under “Versioning”.Step
  10. Click on the “Save” button to make the necessary changes. Step
  11. Repeat steps number 8 - 10 to enable versioning for other S3 buckets.

Enable versioning to protect against accidental/malicious removal or modification

1
2
3
4
5
6
resource "aws_s3_bucket" "good_example" {
  
  versioning {
    enabled = true
  }
}