Rule: S3 Bucket Versioning Should Be Enabled
This rule ensures that S3 bucket versioning is enabled for improved data protection and recovery processes.
| Rule | S3 bucket versioning should be enabled |
| Framework | NIST 800-53 Revision 5 |
| Severity | ✔ High |
S3 Bucket Versioning for NIST 800-53 Revision 5
Description:
S3 bucket versioning is an Amazon S3 feature that allows you to keep multiple versions of an object in the same bucket. Enabling versioning for your S3 buckets ensures data durability and protection against accidental deletion or overwriting of objects. As per NIST 800-53 Revision 5 standards, it is recommended to enable S3 bucket versioning to provide an additional layer of data protection and compliance.
Troubleshooting Steps:
If you encounter any issues while enabling or managing S3 bucket versioning, you can follow these troubleshooting steps:
- 1.
Issue: Unable to enable versioning for the bucket. Resolution: Ensure that you have the necessary permissions to enable versioning on the bucket. Check IAM policies and ensure you have the
permission.s3:PutBucketVersioning - 2.
Issue: Versioning is enabled, but older versions of objects are not retained. Resolution: Verify that the bucket has versioning enabled by checking the bucket properties. If versioning is enabled, check the lifecycle policies associated with the bucket. Ensure that objects are not being expired or transitioned to a different storage class.
- 3.
Issue: Accidental deletion of important objects. Resolution: Enable MFA Delete for added security. This requires multi-factor authentication (MFA) for any requests that attempt to delete objects with versioning enabled.
Necessary Codes:
If you prefer to use AWS CLI to set up bucket versioning, you can use the following code:
aws s3api put-bucket-versioning --bucket <bucket-name> --versioning-configuration Status=Enabled
Replace
<bucket-name>Step-by-Step Guide for Enabling S3 Bucket Versioning:
- 1.Log in to the AWS Management Console.
- 2.Navigate to the Amazon S3 service.
- 3.Select the desired bucket from the list of available buckets.
- 4.Choose the "Properties" tab.
- 5.Under "Versioning", click on "Edit".
- 6.Select "Enable versioning" and click "Save" to enable versioning for the bucket.
CLI Command for Enabling S3 Bucket Versioning:
If you prefer using AWS CLI to enable versioning for an S3 bucket, follow these steps:
- 1.Open your terminal or command prompt.
- 2.Run the following command:
aws s3api put-bucket-versioning --bucket <bucket-name> --versioning-configuration Status=Enabled
Replace
<bucket-name>Congratulations! You have successfully enabled S3 bucket versioning for NIST 800-53 Revision 5 compliance.