Rule: S3 Buckets with Versioning Enabled and Lifecycle Policies Configured
This rule ensures S3 buckets with versioning enabled have lifecycle policies configured.
| Rule | S3 buckets with versioning enabled should have lifecycle policies configured |
| Framework | AWS Foundational Security Best Practices |
| Severity | ✔ Medium |
Rule Description:
S3 buckets with versioning enabled should have lifecycle policies configured as per AWS Foundational Security Best Practices. Lifecycle policies in Amazon S3 help automate the management of objects throughout their lifecycle by defining actions to be taken on objects based on their age or storage class. Enabling versioning ensures that previous versions of an object are retained, providing backup and recovery capabilities.
Troubleshooting Steps:
- 1.
Verify Versioning Status: Check if versioning is enabled for the S3 bucket in question. This can be done by navigating to the S3 service in the AWS Management Console, selecting the bucket, and checking the versioning status in the properties tab.
- 2.
Check for Existing Lifecycle Policies: Determine if any lifecycle policies are already configured for the bucket. You can view the lifecycle policies by going to the bucket configuration and selecting the lifecycle tab.
- 3.
Review Existing Lifecycle Policies: If lifecycle policies are already in place, ensure that they align with the AWS Foundational Security Best Practices. Check if the policies define appropriate actions for object aging and storage class transitions.
- 4.
Create Lifecycle Policy: If no lifecycle policies are found or the existing policies are not compliant, create a new lifecycle policy that meets the requirements.
Necessary Codes:
The following code example illustrates how to create a lifecycle policy using the AWS Command Line Interface (CLI):
aws s3api put-bucket-lifecycle-configuration \ --bucket <bucket-name> \ --lifecycle-configuration file://lifecycle_policy.json
Ensure to replace
<bucket-name>lifecycle_policy.jsonStep-by-Step Remediation:
Follow the steps below to remediate the issue by configuring lifecycle policies for an S3 bucket with versioning enabled:
- 1.
Log in to the AWS Management Console.
- 2.
Navigate to the S3 service.
- 3.
Select the bucket for which you want to configure lifecycle policies.
- 4.
Click on the "Properties" tab.
- 5.
Scroll down to the "Versioning" section and ensure that versioning is already enabled. If not, enable it by clicking on the "Enable Versioning" button.
- 6.
Click on the "Lifecycle" tab.
- 7.
If there are existing lifecycle policies, review them to verify compliance. If they are not compliant, proceed to the next step. Otherwise, skip to step 12.
- 8.
Click on the "Add lifecycle rule" button.
- 9.
Specify a rule name that reflects its purpose.
- 10.
Define the conditions based on your specific requirements. For example, you can set a transition action for objects older than a certain number of days.
- 11.
Select the desired storage class transition, such as moving objects to Glacier.
- 12.
Define the actions to be taken, such as permanently deleting objects after a specified time.
- 13.
Review the configured rule to ensure it aligns with the AWS Foundational Security Best Practices.
- 14.
Click on the "Save" button to apply the lifecycle policy to the bucket.
Following these steps will configure lifecycle policies for an S3 bucket with versioning enabled, improving the adherence to AWS Foundational Security Best Practices.