Logo of Trend Micro
Use the Knowledge Base AI to help improve your Cloud Posture

Enable Versioning for Object Storage Buckets

Trend Vision One™ provides continuous assurance that gives peace of mind for your cloud infrastructure, delivering over 1100 automated best practice checks.

Risk Level: Medium (should be achieved)

Ensure that your Oracle Cloud Infrastructure (OCI) Object Storage buckets are configured with object versioning in order to protect object data from being overwritten or accidentally deleted. Object versioning is a method of keeping multiple variants of an object within the same storage bucket. This preserves data and allows retrieving and restoring every version of every object stored inside the bucket for which versioning has been enabled.

Security
Reliability

With object versioning enabled, Object Storage data can be recovered from both unintended user actions and application failures, as the versioning feature allows you to preserve, retrieve, and restore versions of objects. Object versioning acts as an extra layer of data protection and can be used for retention scenarios such as recovering objects that have been accidentally or intentionally deleted, or overwritten by users or applications.

Audit

To determine if object versioning is enabled for your OCI Object Storage buckets, perform the following operations:

Using OCI Console

01 Sign in to your Oracle Cloud Infrastructure (OCI) account.

02 Navigate to Object Storage & Archive Storage console available at https://cloud.oracle.com/object-storage/.

03 In the left navigation panel, choose Buckets, and select an OCI compartment from the Compartment dropdown menu, to list the Object Storage buckets available within that compartment.

04 Click on the name (link) of the bucket that you want to examine, listed in the Name column.

05 Select the Bucket Information tab and check the Object Versioning feature status, listed under Features. If Object Versioning is set to Disabled, object versioning is not enabled for the selected OCI Object Storage bucket.

06 Repeat steps no. 4 and 5 for each Object Storage bucket created in the selected Oracle Cloud Infrastructure (OCI) compartment.

07 Repeat steps no. 3 – 6 for each OCI compartment available in your Oracle Cloud Infrastructure (OCI) account.

Using OCI CLI

01 Run iam compartment list command (Windows/macOS/Linux) with output query filters to list the ID of each compartment available in your Oracle Cloud Infrastructure (OCI) account: 

oci iam compartment list
	--all
	--query 'data[]."compartment-id"'

02 The command output should return the requested OCI compartment identifiers (IDs): 

[
	"ocid1.tenancy.oc1..aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd",
	"ocid1.tenancy.oc1..aaaabbbbccccddddabcdabcd1234abcd1234abcd1234abcd1234abcd1234"
]

03 Run os bucket list command (Windows/macOS/Linux) with the ID of the OCI compartment that you want to examine as the identifier parameter, the list the name of each Object Storage bucket available in the selected OCI compartment: 

oci os bucket list
	--compartment-id 'ocid1.tenancy.oc1..aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd'
	--all
	--query 'data[]."name"'

04 The command output should return the requested bucket names: 

[
	"cc-project5-data-bucket",
	"cc-tenancy-logging-bucket",
	"cc-cloud-artifacts-bucket"
]

05 Run os bucket get command (Windows/macOS/Linux) with the name of the Object Storage bucket that you want to examine as the identifier parameter and custom output filters to determine if the Object Versioning feature is enabled for the selected bucket: 

oci os bucket get
	--bucket-name 'cc-project5-data-bucket'
	--query 'data."versioning"'

06 The command output should return the versioning feature status: 

"Disabled"

If the os bucket get command output returns "Disabled", as shown in the output example above, object versioning is not enabled for the selected OCI Object Storage bucket.

07 Repeat steps no. 5 and 6 for each Object Storage bucket provisioned in the selected OCI compartment.

08 Repeat steps no. 3 – 7 for each OCI compartment available in your Oracle Cloud Infrastructure (OCI) account.

Remediation / Resolution

To support the retrieval of objects that are mistakenly deleted or overwritten, enable object versioning for your OCI Object Storage buckets by performing the following operations:

Using OCI Console

01 Sign in to your Oracle Cloud Infrastructure (OCI) account.

02 Navigate to Object Storage & Archive Storage console available at https://cloud.oracle.com/object-storage/.

03 In the left navigation panel, choose Buckets, and select an OCI compartment from the Compartment dropdown menu, to list the Object Storage buckets available within that compartment.

04 Click on the name (link) of the bucket that you want to configure, listed in the Name column.

05 Select the Bucket Information tab to access the configuration information available for the selected bucket.

06 In the Features section, choose Edit next to the Object Versioning feature status to change the current configuration.

07 Choose Enable Versioning to enable the Object Versioning feature for the selected Object Storage bucket.

08 Repeat steps no. 4 - 7 for each Object Storage bucket created in the selected Oracle Cloud Infrastructure (OCI) compartment.

09 Repeat steps no. 3 – 8 for each OCI compartment available in your Oracle Cloud Infrastructure (OCI) account.

Using OCI CLI

01 Run os bucket update command (Windows/macOS/Linux) with the name of the Object Storage bucket that you want to configure as the identifier parameter, to add an additional layer of data protection for stored objects by enabling the Object Versioning feature for the selected bucket: 

oci os bucket update
	--bucket-name 'cc-project5-data-bucket'
	--versioning 'Enabled'
	--query 'data."versioning"'

02 The command output should return the versioning feature current status (i.e., "Enabled"): 

"Enabled"

03 Repeat steps no. 1 and 2 for each Object Storage bucket created provisioned in the selected Oracle Cloud Infrastructure (OCI) compartment.

04 Repeat steps no. 1 – 3 for each OCI compartment available in your Oracle Cloud Infrastructure (OCI) account.

References

Publication date Mar 7, 2025

Related ObjectStorage rules