This rule requires enabling versioning for S3 buckets to ensure data protection and easy recovery.
Rule | S3 bucket versioning should be enabled |
Framework | CISA-cyber-essentials |
Severity | ✔ High |
Rule: S3 Bucket Versioning Should Be Enabled for CISA-Cyber-Essentials
Description
Amazon S3 bucket versioning is a critical feature that keeps multiple versions of an object in the same bucket. This rule mandates that all S3 buckets, especially those that store sensitive data adhering to the CISA (Cybersecurity and Infrastructure Security Agency) cyber essentials, must have bucket versioning enabled. This practice helps to recover from unintended user actions, such as deletions and overwrites, and is also useful for maintaining a history of changes to objects.
Troubleshooting Steps
If S3 bucket versioning is not enabled, you may experience issues with data recovery and maintaining a precise version history of your objects. Follow these steps to troubleshoot and remedy the issue:
1. Verify Bucket Versioning Status
2. Check Bucket Policies and Permissions
3. Look for Lifecycle Policies
Code/CLI Command to Enable Versioning
You can enable S3 bucket versioning through AWS CLI with the following command:
aws s3api put-bucket-versioning --bucket YOUR_BUCKET_NAME --versioning-configuration Status=Enabled
Make sure that you have the necessary permissions and that the AWS CLI is configured with the correct profile to perform this action.
Step by Step Guide for Remediation
Step 1: Enable Versioning via AWS Console
Step 2: Enable Versioning via AWS CLI
Step 3: Confirm that Versioning is Enabled
By following the above guidelines and enabling S3 bucket versioning, you ensure that your storage adheres to the CISA Cyber Essentials' best practices for data protection. This will not only fortify your data management approach but contribute positively to your SEO by demonstrating the reliability and secure management of user data. Remember to document the changes for audit purposes and to inform relevant stakeholders of the updated data security measures.