S3 bucket versioning is disabled Affecting S3 service in AWS

Snyk CCSS

General / Storage

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CIS-Controls CSA-CCM ISO-27001 NIST-800-53 PCI-DSS SOC-2

Snyk ID SNYK-CC-00023
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

By enabling object versioning, data is protected from overwrites and deletions.

How to fix?

Set the aws_s3_bucket versioning block enabled field to true.

Ensure that an aws_s3_bucket versioning block sets the field enabled to true.
If you're using a version greater or equal to version 4.0 of the AWS provider, you can now use the aws_s3_bucket_versioning resource to provide versioning. Ensure that the versioning_configuration block sets the field status to Enabled.

Example Configuration

# Example < v4.0.0
resource "aws_s3_bucket" "example" {
  bucket = "example"
  versioning {
    enabled = true
  }
}

# Example >= v4.0.0
resource "aws_s3_bucket" "example2" {
  bucket = "example2"
}

resource "aws_s3_bucket_versioning" "example" {
  bucket = aws_s3_bucket.example2.id
  versioning_configuration {
    status = "Enabled"
  }
}

References

Versioning S3 Bucket User Guide

S3 bucket versioning is disabled Affecting S3 service in AWS

Severity

Description

How to fix?

Example Configuration

References