Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: S3 Bucket Versioning Should Be Enabled

This rule requires enabling versioning for S3 buckets to ensure data protection and easy recovery.

RuleS3 bucket versioning should be enabled
FrameworkCISA-cyber-essentials
Severity
High

Rule: S3 Bucket Versioning Should Be Enabled for CISA-Cyber-Essentials

Description

Amazon S3 bucket versioning is a critical feature that keeps multiple versions of an object in the same bucket. This rule mandates that all S3 buckets, especially those that store sensitive data adhering to the CISA (Cybersecurity and Infrastructure Security Agency) cyber essentials, must have bucket versioning enabled. This practice helps to recover from unintended user actions, such as deletions and overwrites, and is also useful for maintaining a history of changes to objects.

Troubleshooting Steps

If S3 bucket versioning is not enabled, you may experience issues with data recovery and maintaining a precise version history of your objects. Follow these steps to troubleshoot and remedy the issue:

1. Verify Bucket Versioning Status

  • Log in to the AWS Management Console.
  • Navigate to the S3 service.
  • Click on the bucket you want to verify.
  • Go to the 'Properties' tab.
  • Look for the 'Versioning' setting.
  • If Versioning is ‘Disabled’, then you need to enable it.

2. Check Bucket Policies and Permissions

  • Ensure your IAM user has the necessary permissions to modify bucket settings.
  • Verify that there are no bucket policies or SCPs (Service Control Policies) that explicitly deny the ability to modify bucket versioning.

3. Look for Lifecycle Policies

  • Ensure that there isn't a lifecycle policy that might be interfering with the versioning.

Code/CLI Command to Enable Versioning

You can enable S3 bucket versioning through AWS CLI with the following command:

aws s3api put-bucket-versioning --bucket YOUR_BUCKET_NAME --versioning-configuration Status=Enabled

Make sure that you have the necessary permissions and that the AWS CLI is configured with the correct profile to perform this action.

Step by Step Guide for Remediation

Step 1: Enable Versioning via AWS Console

  1. 1.
    Open the Amazon S3 console at https://s3.console.aws.amazon.com/s3/.
  2. 2.
    Click on the bucket name that you wish to enable versioning for.
  3. 3.
    Click the 'Properties' tab.
  4. 4.
    Under the 'Bucket Versioning' section, click 'Edit'.
  5. 5.
    Select 'Enable' and click 'Save changes'.

Step 2: Enable Versioning via AWS CLI

  1. 1.
    Install and configure the AWS CLI with the appropriate credentials.
  2. 2.
    Run the CLI command mentioned earlier to enable versioning on the S3 bucket.

Step 3: Confirm that Versioning is Enabled

  • After enabling versioning, either through the console or CLI, go back to the 'Properties' tab of your S3 bucket to confirm that the status is now 'Enabled'.

By following the above guidelines and enabling S3 bucket versioning, you ensure that your storage adheres to the CISA Cyber Essentials' best practices for data protection. This will not only fortify your data management approach but contribute positively to your SEO by demonstrating the reliability and secure management of user data. Remember to document the changes for audit purposes and to inform relevant stakeholders of the updated data security measures.

Is your System Free of Underlying Vulnerabilities?
Find Out Now