Description:
S3 Object Versioning can be used to protect from unintended overwrites and deletions. Versioning helps to keep multiple variants of an object in the same bucket and can be used to preserve, retrieve, and restore every version of every object stored in the S3 bucket
Rationale:
Enable versioning for a bucket, Amazon S3 automatically generates a unique version ID for the object being stored. For example, in one bucket, you can have two objects with the same key, but different version IDs. If you notice a significant increase in the number of HTTP 503-slow down responses received for Amazon S3 PUT or DELETE object requests to a bucket that has S3 Versioning enabled, you might have one or more objects in the bucket for which there are millions of versions.
Impact:
Versioning-enabled buckets can help you recover objects from accidental deletion or overwrite.
Default Value:
Versioning is not enabled by default and has to be explicitly enabled for each bucket.
Pre-Requisite:
Sign in as admin or IAM user with required permissions
Need alteast one s3 bucket exists
Remediation:
Test Plan:
Sign in to the AWS Management Console.
Navigate to s3 console at https://s3.console.aws.amazon.com/
In the Buckets list, choose the name of the bucket that you want to examine
Choose Properties tab.
In Properties under Bucket Versioning section, we can see the Bucket versioning is enabled or not.
Using AWS CLI :
Run the list-buckets command to list all existing S3 buckets in your account.
aws s3api list-buckets --query 'Buckets[*].Name'
This command returns the output name of each S3 bucket available in your AWS account.
Run the get-bucket-versioning command using the name of the bucket that you want to examine, to determine if the selected S3 bucket has object versioning enabled. If the get-bucket-versioning command does not return any CLI output, the S3 Versioning feature is not enabled for the selected bucket.
aws s3api get-bucket-versioning --bucket myapp-status-reports
Implementation Steps:
Sign in to the AWS Management Console
Open the S3 console at https://console.aws.amazon.com/s3.
In the Buckets list, choose the name of the bucket that you want to enable versioning for.
Choose Properties.
Using versioning in S3 buckets - Amazon Simple Storage Service
put-bucket-versioning — AWS CLI 1.20.4 Command Reference
Go to Bucket versioning section and click on Edit
Choose Enable in Bucket Versioning.
Click on Save changes.
Using AWS CLI:
aws s3api put-bucket-versioning --bucket DOC-EXAMPLE-BUCKET1 --versioning-configuration Status=EnabledBackout Plan:
Sign in to the AWS Management Console.
Navigate to s3 console at https://s3.console.aws.amazon.com/
In the Buckets list, choose the name of the bucket that you want to disable
Choose Properties tab.
In Properties under Bucket Versioning section, click on edit and choose Suspend
Note:
As Versioning maintains multiple copies of the same objects as whole and charges accrue for multiple versions for e.g. for a 1GB file with 5 copies with minor differences, you would consume 5GB of S3 storage space and be charged for the same.
Objects that are stored in your bucket before you set the versioning state have a version ID of null. When you enable versioning, existing objects in your bucket do not change. What changes is how Amazon S3 handles the objects in future requests.
The bucket owner (or any user with appropriate permissions) can suspend versioning to stop accruing object versions. When you suspend versioning, existing objects in your bucket do not change. What changes is how Amazon S3 handles objects in future requests.
Reference:
