S3 bucket versioning and lifecycle policies should be enabled

Description

S3 bucket versioning and lifecycle policies are used to protect data availability and integrity. By enabling object versioning, data is protected from overwrites and deletions. Lifecycle policies ensure sensitive data is deleted when appropriate.

Console Remediation Steps

Enable versioning:

  • Navigate to S3.

  • Select the desired S3 bucket.

  • Select the Properties tab.

  • Click Versioning.

  • Check Enable Versioning.

Enable lifecycle policy:

  • Navigate to S3.

  • Select the desired S3 bucket.

  • Select the Management tab.

  • Click Add lifecycle rule.

  • Follow the steps documented here to add a lifecycle rule.

CLI Remediation Steps

  • Enable versioning:

    • aws s3api put-bucket-versioning --bucket <bucket name> --versioning-configuration Status=Enabled

  • Enable lifecycle policy:

    • aws s3api put-bucket-lifecycle-configuration --bucket <bucket name> --lifecycle-configuration file://lifecycle.json

    • See documentation for JSON sample here.