Rule: S3 Bucket Versioning should be enabled
This rule ensures that S3 bucket versioning is enabled to maintain data integrity and facilitate recovery.
| Rule | S3 bucket versioning should be enabled |
| Framework | FedRAMP Low Revision 4 |
| Severity | ✔ High |
Rule Description
The rule requires that versioning is enabled for Amazon S3 buckets in compliance with the FedRAMP Low Revision 4 security requirements. Versioning allows you to preserve, retrieve, and restore every version of every object in an S3 bucket. This helps in maintaining data integrity and enables recovery from accidental deletions or modifications. Enabling versioning provides an additional layer of protection and aligns with the security measures mandated by FedRAMP Low Revision 4.
Troubleshooting Steps
If versioning is not enabled for an S3 bucket, follow these troubleshooting steps to rectify the issue:
- 1.Verify Bucket Name: Ensure that you have the correct S3 bucket name for which versioning needs to be enabled.
- 2.Permissions: Check if you have sufficient permissions to enable versioning for the bucket. You must have the necessary IAM access policies in place.
- 3.Service Availability: Confirm that the S3 service is available and functioning properly.
- 4.Bucket Policy: Check if there are any bucket policies restricting or denying versioning. Modify the policy if necessary.
- 5.AWS Region: Make sure you are working in the correct AWS region where the bucket is located.
Necessary Codes
If versioning is not already enabled for an S3 bucket, you can enable it using either the AWS Command Line Interface (CLI) or the AWS Management Console.
AWS CLI Command
To enable versioning for an S3 bucket using the AWS CLI, follow these steps:
- 1.Open the terminal or command line interface.
- 2.Execute the following command, replacing "bucket-name" with the actual name of your S3 bucket:
aws s3api put-bucket-versioning --bucket bucket-name --versioning-configuration Status=Enabled
- 1.Verify the command output for any errors or exceptions.
- 2.Once the command has executed successfully, versioning will be enabled for the specified S3 bucket.
AWS Management Console
To enable versioning for an S3 bucket using the AWS Management Console, follow these steps:
- 1.Log in to your AWS Management Console.
- 2.Navigate to the S3 service.
- 3.Find and select the desired bucket from the bucket list.
- 4.Click on the "Properties" tab.
- 5.Under the "Advanced settings" section, click on "Versions".
- 6.Click on the "Enable" button to enable versioning for the selected bucket.
- 7.Verify the bucket's properties to confirm that versioning is now enabled.
Remediation Steps
To remediate non-compliance with the S3 bucket versioning rule, follow these step-by-step guides for using either the AWS CLI or the AWS Management Console.
AWS CLI Remediation
- 1.Open the terminal or command line interface.
- 2.Execute the following command, replacing "bucket-name" with the actual name of your S3 bucket:
aws s3api put-bucket-versioning --bucket bucket-name --versioning-configuration Status=Enabled
- 1.Verify the command output for any errors or exceptions.
- 2.Once the command has executed successfully, versioning will be enabled for the specified S3 bucket.
AWS Management Console Remediation
- 1.Log in to your AWS Management Console.
- 2.Navigate to the S3 service.
- 3.Find and select the desired bucket from the bucket list.
- 4.Click on the "Properties" tab.
- 5.Under the "Advanced settings" section, click on "Versions".
- 6.Click on the "Enable" button to enable versioning for the selected bucket.
- 7.Verify the bucket's properties to confirm that versioning is now enabled.
By following these remediation steps, you will ensure that versioning is enabled for the specified S3 bucket, thereby meeting the requirements of the FedRAMP Low Revision 4 security policy.