Severity Framework
CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Snyk CCSS
Rule category
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
General/ Storage
Is your environment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
CIS-ControlsCSA-CCMISO-27001NIST-800-53PCI-DSSSOC-2
- Snyk IDSNYK-CC-00023
- creditSnyk Research Team
Description
By enabling object versioning, data is protected from overwrites and deletions.
How to fix?
Set the aws_s3_bucket versioning block enabled field to true.
- Ensure that an aws_s3_bucket
versioningblock sets the fieldenabledtotrue. - If you're using a version greater or equal to version 4.0 of the AWS provider, you can now use the aws_s3_bucket_versioning resource to provide versioning. Ensure that the
versioning_configurationblock sets the fieldstatustoEnabled.
Example configuration:
# Example < v4.0.0
resource "aws_s3_bucket" "example" {
bucket = "example"
versioning {
enabled = true
}
}
# Example >= v4.0.0
resource "aws_s3_bucket" "example2" {
bucket = "example2"
}
resource "aws_s3_bucket_versioning" "example" {
bucket = aws_s3_bucket.example2.id
versioning_configuration {
status = "Enabled"
}
}
Set Properties.VersioningConfiguration.Status attribute to Enabled.