S3 bucket versioning is disabled Affecting S3 service in AWS

    Severity Framework Snyk CCSS
    Rule category General / Storage

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
    CIS-Controls CSA-CCM ISO-27001 NIST-800-53 PCI-DSS SOC-2
  • Snyk ID SNYK-CC-00023
  • credit Snyk Research Team


By enabling object versioning, data is protected from overwrites and deletions.

How to fix?

Set the aws_s3_bucket versioning block enabled field to true.

  • Ensure that an aws_s3_bucket versioning block sets the field enabled to true.
  • If you're using a version greater or equal to version 4.0 of the AWS provider, you can now use the aws_s3_bucket_versioning resource to provide versioning. Ensure that the versioning_configuration block sets the field status to Enabled.

Example Configuration

# Example < v4.0.0
resource "aws_s3_bucket" "example" {
  bucket = "example"
  versioning {
    enabled = true

# Example >= v4.0.0
resource "aws_s3_bucket" "example2" {
  bucket = "example2"

resource "aws_s3_bucket_versioning" "example" {
  bucket = aws_s3_bucket.example2.id
  versioning_configuration {
    status = "Enabled"