This rule mandates enabling versioning for S3 buckets to ensure data protection and easy recovery in case of accidental deletions.
Rule | S3 bucket versioning should be enabled |
Framework | SOC 2 |
Severity | ✔ High |
Rule Description: S3 Bucket Versioning
Overview
Versioning is an Amazon S3 feature that allows you to keep multiple versions of an object in the same bucket. Enabling S3 bucket versioning is highly recommended for SOC 2 compliance as it helps to ensure data integrity, recover from accidental deletions or modifications, and fulfill data retention requirements.
Benefits of S3 Bucket Versioning:
Troubleshooting Steps:
If any issues arise with S3 bucket versioning, follow the troubleshooting steps below:
AWS CLI Commands:
Check Bucket Versioning Configuration:
aws s3api get-bucket-versioning --bucket bucket-name
Replace
bucket-name
with the name of your S3 bucket.Enable Versioning for a Bucket:
aws s3api put-bucket-versioning --bucket bucket-name --versioning-configuration Status=Enabled
Replace
bucket-name
with the name of your S3 bucket.Suspend Versioning for a Bucket:
aws s3api put-bucket-versioning --bucket bucket-name --versioning-configuration Status=Suspended
Replace
bucket-name
with the name of your S3 bucket.Restore Previous Versions of an Object:
To restore a previous version of an object, perform the following steps:
aws s3api list-object-versions --bucket bucket-name --prefix object-key
Replace
bucket-name
with the name of your S3 bucket and object-key
with the key of the object.aws s3api restore-object --bucket bucket-name --key object-key --version-id version-id
Replace
bucket-name
with the name of your S3 bucket, object-key
with the key of the object, and version-id
with the ID of the version you want to restore.Remediation Steps:
Follow the steps below to enable versioning for an S3 bucket:
Once versioning is enabled, all new objects uploaded to the S3 bucket will have versions created automatically.