Description:

This policy ensures that all Amazon Simple Storage Service (S3) buckets have a storage and a backup retention policy in place. This helps to protect your data in the event of an S3 bucket failure or corruption.

Rationale:

Having a storage and a backup retention policy in place helps to protect your data from loss or corruption. The storage policy ensures that your S3 bucket has enough space to store your data, and the backup retention policy ensures that you can restore your S3 bucket to a previous point in time if necessary.

Impact:

If you do not have a storage and a backup retention policy in place, you may lose your data if your S3 bucket fails or becomes corrupted. This could have a significant impact on your business, as you may not be able to access your data or recover from a disaster.

Default Value:

The default retention period for S3 objects is 90 days. However, you should consider increasing this period to 365 days or more, depending on your business needs.

Pre-requisites:

  • You must have access to the Amazon S3 console.
  • You must have the AWS CLI installed and configured.

Remediation Steps:

  1. Log in to the Amazon S3 console.
  2. Select the S3 bucket that you want to modify.
  3. Click the Properties tab.
  4. In the Lifecycle Management section, click the Add rule button.
  5. Select a retention period of 365 days or more.
  6. Click Save.

Test Plan:

  1. Verify that the backup retention period for the S3 bucket has been updated to 365 days or more.
  2. Verify that you can restore the S3 bucket to a previous point in time by using the backup retention policy.

Implementation Plan:

  1. Create a new AWS IAM policy that allows users to modify the backup retention period for S3 buckets.
  2. Attach the new policy to the IAM users who need to be able to modify the backup retention period for S3 buckets.
  3. Update the backup retention period for all S3 buckets to 365 days or more.

AWS CLI Process:

aws s3api put-bucket-lifecycle-configuration --bucket my-s3-bucket --lifecycle-configuration '{    "Rules": [        {            "Id": "MyRule",            "Prefix": "my-prefix",            "Status": "Enabled",            "Expiration": {                "Days": 365            }        }    ] }'

Using AWS GUI:

  1. Log in to the Amazon S3 console.
  2. Select the S3 bucket that you want to modify.
  3. Click the Properties tab.
  4. In the Lifecycle Management section, click the Add rule button.
  5. Select a retention period of 365 days or more.
  6. Click Save.

Backout Plan:

  1. Restore the backup retention period for the S3 bucket to the default value of 90 days.
  2. Delete the AWS IAM policy that allows users to modify the backup retention period for S3 buckets.

Note:

  • You can also use the Amazon S3 API to modify the backup retention period for S3 buckets.
  • For more information, see the Amazon S3 documentation: https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html.

Reference:

  • Amazon S3 documentation: https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html

Tags and Keywords:

  • s3
  • backup
  • retention
  • policy
  • disaster recovery
  • compliance