Ensure that S3 object versioning is enabled for your Amazon S3 buckets in order to preserve and recover overwritten and deleted S3 objects as an extra layer of data protection and/or data retention.
This rule can help you with the following compliance standards:
- PCI
- APRA
- MAS
- NIST4
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Versioning-enabled Amazon S3 buckets will allow you to preserve, retrieve, and restore every version of an S3 object. S3 versioning can be used for data protection and retention scenarios such as recovering objects that have been accidentally/intentionally deleted or overwritten by AWS users or applications and archiving previous versions of objects to Amazon S3 Glacier for long-term low-cost storage. With S3 versioning, you can easily recover from both unintended user actions and application failures.
Audit
To determine if object versioning is enabled for your Amazon S3 buckets, perform the following operations:
Remediation / Resolution
To enable S3 object versioning for your Amazon S3 buckets, perform the following operations:
References
- AWS Documentation
- Amazon S3 FAQs
- Protecting Data in Amazon S3
- Using Versioning
- Enabling Bucket Versioning
- Managing Objects in a Versioning-Enabled Bucket
- AWS Command Line Interface (CLI) Documentation
- s3api
- list-buckets
- get-bucket-versioning
- put-bucket-versioning
- CloudFormation Documentation
- AWS::S3::Bucket
- Terraform Documentation
- AWS Provider