Rule: S3 Bucket Versioning Should Be Enabled
This rule ensures that S3 bucket versioning is enabled to maintain data integrity and security.
| Rule | S3 bucket versioning should be enabled |
| Framework | FedRAMP Moderate Revision 4 |
| Severity | ✔ High |
Rule Description:
S3 bucket versioning needs to be enabled in order to comply with the FedRAMP Moderate Revision 4 security requirements. Versioning allows you to preserve multiple versions of an object in your S3 bucket, providing data protection, easy recovery from both unintended deletions and overwrites, and the ability to restore previous versions of an object.
Enabling S3 bucket versioning is crucial for maintaining data integrity, meeting regulatory compliance standards, and ensuring business continuity.
Troubleshooting Steps:
If S3 bucket versioning is not enabled, follow these troubleshooting steps:
- 1.Access the AWS Management Console.
- 2.Go to the S3 service.
- 3.Locate the target bucket.
- 4.Verify if versioning is enabled by checking the bucket properties.
- 5.If versioning is not enabled, proceed to the remediation steps below.
Necessary Code:
There is no specific code required for this rule as it can be enabled through the AWS Management Console or command-line interface.
Remediation Steps:
To enable S3 bucket versioning and comply with the FedRAMP Moderate Revision 4 rule, follow these steps:
- 1.
Access the AWS Management Console.
- 2.
Navigate to the S3 service.
- 3.
Search and select the target bucket that needs versioning enabled.
- 4.
Click on the "Properties" tab for the selected bucket.
- 5.
Within the Properties tab, locate and click on the "Versioning" section.
- 6.
Enable versioning for the bucket by choosing the "Enable" option.
- 7.
Click the "Save" or "Apply" button to confirm the changes.
Once versioning is enabled, all subsequent modifications on objects within the bucket will be stored as new versions, allowing you to track changes and recover previous versions if needed.
Note: Enabling versioning may incur additional storage costs due to the storage of multiple versions of objects. Make sure to evaluate the implications of enabling versioning on billing and storage requirements.
CLI Command:
If you prefer using the command-line interface (CLI) to enable S3 bucket versioning, follow these steps:
- 1.
Open your preferred command-line application.
- 2.
Use the AWS CLI command
with the following parameters:aws s3api put-bucket-versioning
aws s3api put-bucket-versioning --bucket <bucket-name> --versioning-configuration Status=Enabled
Replace
<bucket-name>- 1.Execute the command and wait for the confirmation message.
By executing the above command, you will enable versioning for the specified S3 bucket, ensuring compliance with the FedRAMP Moderate Revision 4 rule.