More Info:

Your AWS S3 buckets should have the versioning flag enabled in order to preserve and recover overwritten and deleted S3 objects as an extra layer of data protection and/or data retention.

Risk Level

Low

Address

Reliability, Security

Compliance Standards

HIPAA, NIST, SOC2, PCIDSS, HITRUST, NISTCSF

Remediation

Using Console

Sure, here are the step-by-step instructions to remediate the S3 bucket versioning misconfiguration in AWS using the AWS console:

  1. Log in to the AWS Management Console and navigate to the S3 service.
  2. Select the bucket that needs versioning enabled.
  3. Click on the “Properties” tab and select “Versioning”.
  4. Click on the “Enable Versioning” button.
  5. In the pop-up window, click on the “Enable Versioning” button again to confirm.
  6. Once versioning is enabled, you will see a new column in the bucket’s file list showing the version ID for each file.

That’s it! With these simple steps, you have successfully remediated the S3 bucket versioning misconfiguration in AWS.

Using CLI

To remediate the misconfiguration of S3 buckets not having versioning enabled in AWS, you can follow the below steps using AWS CLI:

  1. Open the AWS CLI on your local machine or EC2 instance.

  2. First, you need to list all the S3 buckets in your AWS account. To do this, run the following command:

    aws s3api list-buckets

    This command will list all the S3 buckets in your AWS account.

  3. Next, you need to enable versioning for each S3 bucket that does not have it enabled. To enable versioning, run the following command:

    aws s3api put-bucket-versioning --bucket BUCKET_NAME --versioning-configuration Status=Enabled

    Replace BUCKET_NAME with the name of the S3 bucket you want to enable versioning for. This command will enable versioning for the specified S3 bucket.

  4. Repeat step 3 for each S3 bucket that does not have versioning enabled.

  5. Once you have enabled versioning for all your S3 buckets, you can verify that versioning is enabled by running the following command:

    aws s3api get-bucket-versioning --bucket BUCKET_NAME

    Replace BUCKET_NAME with the name of the S3 bucket you want to verify versioning for. This command will return the versioning configuration for the specified S3 bucket.

By following these steps, you can remediate the misconfiguration of S3 buckets not having versioning enabled in AWS using AWS CLI.

Using Python

To remediate the misconfiguration of S3 Buckets not having versioning enabled in AWS, you can follow these steps using Python:

  1. Import the Boto3 library to interact with AWS services:
import boto3
  1. Create a client for the S3 service:
s3 = boto3.client('s3')
  1. List all the S3 buckets in your account:
response = s3.list_buckets()
buckets = [bucket['Name'] for bucket in response['Buckets']]
  1. Iterate through each S3 bucket and enable versioning:
for bucket in buckets:
    try:
        s3.put_bucket_versioning(
            Bucket=bucket,
            VersioningConfiguration={
                'Status': 'Enabled'
            }
        )
        print(f"Versioning enabled for bucket: {bucket}")
    except Exception as e:
        print(f"Error enabling versioning for bucket: {bucket}. Error: {e}")
  1. This script will enable versioning for all S3 buckets in your AWS account. You can run this script periodically to ensure that new buckets created in the future also have versioning enabled.

Note: Make sure you have appropriate permissions to enable versioning for S3 buckets in your AWS account.

Additional Reading: