Rule: S3 Bucket Versioning Should Be Enabled
This rule ensures that versioning is enabled for S3 buckets to maintain data integrity and enable easy recovery. There are 61 total compliance issues identified, with a high severity level.
| Rule | S3 bucket versioning should be enabled |
| Framework | RBI Cyber Security Framework |
| Severity | ✔ High |
Rule Description:
S3 bucket versioning should be enabled for compliance with the RBI (Reserve Bank of India) Cyber Security Framework. Enabling versioning allows you to keep multiple versions of an object in your S3 bucket, providing additional security and preservation of data integrity.
Troubleshooting Steps:
If bucket versioning is not enabled or facing issues, follow these troubleshooting steps:
- 1.
Verify bucket versioning status: Check the current status of bucket versioning to ensure it is enabled. This can be verified using the AWS Management Console or AWS CLI.
- 2.
Check bucket permissions: Verify that you have sufficient permissions to enable bucket versioning. Ensure that you have the necessary IAM policies attached to your user or role.
- 3.
Review bucket policy: Check if the bucket policy is correctly configured and allows versioning. Make sure you have the
ands3:GetBucketVersioning
actions allowed in the bucket policy.s3:PutBucketVersioning - 4.
Inspect bucket dependencies: If any object lifecycle policies or replication configurations are present, ensure they are compatible with versioning. Certain configurations may conflict with versioning settings.
- 5.
Review CloudTrail logs: Utilize AWS CloudTrail logs to identify any recent changes or issues related to bucket versioning. This can help in troubleshooting and identifying potential misconfigurations.
Necessary Codes:
There are no specific codes required for the rule itself, but if any issues are identified during troubleshooting, you might need to use AWS CLI commands to enable or modify bucket versioning as explained in the next section.
Step-by-Step Remediation Guide:
Follow these steps to enable bucket versioning for compliance with the RBI Cyber Security Framework using the AWS Management Console and CLI:
Enabling Bucket Versioning via AWS Management Console:
- 1.
Open the AWS Management Console and navigate to the S3 service.
- 2.
Locate the S3 bucket for which you want to enable versioning and select it.
- 3.
Click on the "Properties" tab.
- 4.
Under the "Advanced settings" section, find the "Versioning" option and click on "Edit".
- 5.
Select the "Enable versioning" radio button.
- 6.
Click on "Save changes" to enable versioning for the S3 bucket.
Enabling Bucket Versioning via AWS CLI:
- 1.
Open the AWS CLI or AWS CloudShell.
- 2.
Run the following command to enable bucket versioning:
aws s3api put-bucket-versioning --bucket <bucket-name> --versioning-configuration Status=Enabled
Replace
<bucket-name>- 1.Verify that versioning is enabled by running the following command:
aws s3api get-bucket-versioning --bucket <bucket-name>
Replace
<bucket-name>Conclusion:
Enabling S3 bucket versioning ensures compliance with the RBI Cyber Security Framework by allowing the preservation of multiple versions of objects within the bucket. Troubleshooting steps and remediation guides provided above will assist in resolving any issues related to enabling or configuring bucket versioning.