S3 bucket versioning and lifecycle policies should be enabled

Description

S3 bucket versioning and lifecycle policies are used to protect data availability and integrity. By enabling object versioning, data is protected from overwrites and deletions. Lifecycle policies ensure sensitive data is deleted when appropriate.

Console Remediation Steps

• Navigate to S3.

• Select the desired S3 bucket.

• Select the Management tab.

• Click Add lifecycle rule.

• Add follow the steps documented here.

• Navigate to S3.

• Select the desired S3 bucket.

• Select the Properties tab.

• Click Versioning.

• Check Enable Versioning.

CLI Remediation Steps

• Enable lifecycle policy:

  • aws s3api put-bucket-lifecycle-configuration --bucket <bucket name> --lifecycle-configuration file://lifecycle.json See documentation for json sample here.

• Enable versioning:

  • aws s3api put-bucket-versioning --bucket <bucket name> --versioning-configuration Status=Enabled

Documentation Links

• How Do I Create a Lifecycle Policy for an S3 Bucket?

• put-bucket-lifecycle-configuration Command Reference

• How Do I Enable or Suspend Versioning for an S3 Bucket?

• put-bucket-versioning Command Reference