3.10 Ensure S3 buckets have versioning enabled


Amazon S3 can further protect your data using versioning. Be sure to enable this feature.

Versioning is a means of keeping multiple variants of an object in the same bucket. You can use versioning to preserve, retrieve, and restore every version of every object stored in your Amazon S3 bucket. With versioning, you can easily recover from both unintended user actions and application failures. By default, requests retrieve the most recently written version. You can retrieve older versions of an object by specifying a version of the object in a request.
Versioning-enabled buckets enable you to recover objects from accidental deletion or overwrite. For example:<div class="itemizedlist">


If you delete an object, instead of removing it permanently, Amazon S3 inserts a delete marker, which becomes the current object version. You can always restore the previous version.

If you overwrite an object, it results in a new object version in the bucket. You can always restore the previous version.



Using the Amazon unified command line interface:

* Enable versioning for all the S3 buckets that does not have this feature enabled

aws s3api put-bucket-versioning --bucket <s3_bucket_name_>_ --versioning-configuration Status=Enabled

See Also


Item Details


References: 800-53|CP-10

Plugin: amazon_aws

Control ID: eff3c513b7539a227738bc0ea4e762e5f90b18dd5908cec4e5b94b0f784b08d3