Enable S3 Bucket Versioning Rule
This rule ensures that S3 bucket versioning is enabled for data recovery purposes.
| Rule | S3 bucket versioning should be enabled |
| Framework | NIST Cybersecurity Framework (CSF) v1.1 |
| Severity | ✔ High |
Rule Description:
Enabling versioning for S3 buckets aligns with the NIST Cybersecurity Framework (CSF) v1. Versioning allows you to preserve and retrieve every version of all objects within your S3 bucket. This offers enhanced data protection, improved recovery options, and assists with meeting compliance and data retention requirements.
Troubleshooting Steps:
If versioning is not enabled for an S3 bucket, you may encounter the following issues:
- 1.
Inability to restore previous versions of files: Without versioning, accidental deletions or modifications to files may result in permanent data loss, as there will be no previous versions to restore.
- 2.
Limited recovery options: In the absence of versioning, it becomes challenging to recover from inadvertent data changes, malicious activities or ransomware attacks that corrupt files within the bucket.
Necessary Code:
To enable versioning for an S3 bucket, you can use the AWS Command Line Interface (CLI) with the following code:
aws s3api put-bucket-versioning --bucket <bucket-name> --versioning-configuration Status=Enabled
Replace
<bucket-name>Step-by-Step Guide for Remediation:
- 1.
Install and configure the AWS CLI: If you haven't done so already, download and install the AWS CLI on your local machine. Then, configure it with the necessary access credentials to your AWS account.
- 2.
Open a terminal or command prompt: Launch the terminal or command prompt on your local machine.
- 3.
Execute the AWS CLI command: Enter the following command to enable versioning for your S3 bucket:
aws s3api put-bucket-versioning --bucket <bucket-name> --versioning-configuration Status=Enabled
Replace
<bucket-name>- 1.Verify versioning status: To confirm that versioning has been successfully enabled, use the following command:
aws s3api get-bucket-versioning --bucket <bucket-name>
Again, replace
<bucket-name>- 1.Check bucket versioning in AWS Management Console: You can also confirm the versioning status by accessing the AWS Management Console, navigating to the S3 service, selecting your bucket, and checking the bucket properties. Look for the versioning status to be enabled.
Once versioning is enabled for your S3 bucket, all objects stored within it will have their versions preserved automatically. You can retrieve previous versions as needed.
It is important to remember that enabling versioning may incur additional storage costs, as storage is consumed for each version of an object retained within the bucket. Consider your storage needs and retention policies before enabling versioning for your S3 buckets.