S3 bucket versioning and lifecycle policies should be enabled¶
Description¶
S3 bucket versioning and lifecycle policies are used to protect data availability and integrity. By enabling object versioning, data is protected from overwrites and deletions. Lifecycle policies ensure sensitive data is deleted when appropriate.
Remediation Steps¶
AWS Console¶
Enable versioning:
Navigate to S3.
Select the desired S3 bucket.
Select the Properties tab.
Click Versioning.
Check Enable Versioning.
Enable lifecycle policy:
AWS CLI¶
Enable versioning:
aws s3api put-bucket-versioning --bucket <bucket name> --versioning-configuration Status=Enabled
Enable lifecycle policy:
aws s3api put-bucket-lifecycle-configuration --bucket <bucket name> --lifecycle-configuration file://lifecycle.json
See documentation for JSON sample here.
Terraform¶
Ensure that the aws_s3_bucket
versioning
block has theenabled
field set totrue
and that there is at least onelifecycle_rule
block.
Example Configuration¶
resource "aws_s3_bucket" "bucket" {
bucket = "my-bucket"
versioning {
enabled = true
}
lifecycle_rule {
prefix = "config/"
enabled = true
noncurrent_version_transition {
days = 30
storage_class = "STANDARD_IA"
}
noncurrent_version_transition {
days = 60
storage_class = "GLACIER"
}
noncurrent_version_expiration {
days = 90
}
}
# other required fields here
}