Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: S3 Bucket Versioning Should Be Enabled

This rule ensures that versioning is enabled for Amazon S3 buckets to prevent accidental data loss.

RuleS3 bucket versioning should be enabled
FrameworkSOC 2
Severity
High

Description

S3 bucket versioning is a feature provided by Amazon Simple Storage Service (S3) that allows you to keep multiple versions of an object in the bucket. Enabling versioning for S3 buckets is recommended as part of the SOC 2 compliance requirements. Versioning can help you meet SOC 2 control objectives related to data integrity, data retention, and disaster recovery.

By enabling versioning, each update or delete operation on an object will create a new version of that object. This ensures that previous versions are preserved and can be restored if needed. It provides an extra layer of protection against accidental deletions, malicious tampering, or data loss. Versioning also allows you to preserve and analyze historical versions of objects for audit purposes.

Troubleshooting Steps (if applicable)

If versioning is not enabled for an S3 bucket but is required to comply with SOC 2, follow the steps below to enable it:

  1. 1.

    Verify permissions: Ensure that you have sufficient permissions to enable versioning on the S3 bucket. You need to have

    s3:PutBucketVersioning
    permission for the bucket.

  2. 2.

    Access the AWS Management Console: Go to the AWS Management Console and navigate to the S3 service.

  3. 3.

    Select the bucket: From the list of available buckets, select the target bucket for which you want to enable versioning.

  4. 4.

    Open bucket properties: Once the bucket is selected, click on "Properties" in the top menu bar.

  5. 5.

    Enable versioning: Under the "Versioning" section, click on the "Edit" button.

  6. 6.

    Enable versioning configuration: In the versioning configuration window, select the option to enable versioning and click "Save."

  7. 7.

    Verify versioning status: After enabling versioning, check if the versioning status of the bucket has been changed to "Enabled."

Necessary Codes (if applicable)

If you prefer to use AWS CLI or SDKs to enable versioning for an S3 bucket, you can use the following AWS CLI command:

aws s3api put-bucket-versioning --bucket <bucket-name> --versioning-configuration Status=Enabled

Replace

<bucket-name>
with the actual name of your S3 bucket.

Step-by-Step Guide for Remediation

Follow the step-by-step guide below to enable versioning for an S3 bucket using the AWS Management Console:

  1. 1.

    Sign in to the AWS Management Console.

  2. 2.

    Go to the S3 service.

  3. 3.

    Select the S3 bucket that requires versioning.

  4. 4.

    Click on "Properties" in the top menu bar.

  5. 5.

    In the "Properties" section, locate the "Versioning" option and click on the "Edit" button.

  6. 6.

    In the versioning configuration window, select the option to enable versioning.

  7. 7.

    Click "Save" to save the changes.

  8. 8.

    Verify that the versioning status of the bucket has been changed to "Enabled."

If you prefer to use the AWS CLI:

  1. 1.

    Open the command-line interface or terminal.

  2. 2.

    Run the following AWS CLI command:

aws s3api put-bucket-versioning --bucket <bucket-name> --versioning-configuration Status=Enabled

Replace

<bucket-name>
with the actual name of your S3 bucket.

  1. 1.
    Verify that the versioning status of the bucket has been changed to "Enabled."

By enabling S3 bucket versioning as mentioned above, you comply with the SOC 2 requirement related to version control and data integrity. It provides an added layer of protection and ensures that previous versions of objects are retained in case of accidental deletions or modifications.

Is your System Free of Underlying Vulnerabilities?
Find Out Now