AWS S3 Object Versioning is disabled
Description
This policy identifies the S3 buckets which have Object Versioning disabled. S3 Object Versioning is an important capability in protecting your data within a bucket. Once you enable Object Versioning, you cannot remove it; you can suspend Object Versioning at any time on a bucket if you do not wish for it to persist. It is recommended to enable Object Versioning on S3.
Code Example
go
+ resource "aws_s3_bucket_versioning" "example" {
+ bucket = aws_s3_bucket.example.id
+
+ versioning_configuration {
+ status = "Enabled"
+ }
+ }Remediation
Terraform
To fix this issue, ensure that `aws_s3_bucket` resources either has `versioning.enabled` set to `true` or is connected to an `aws_s3_bucket_versioning` block with `versioning_configuration.status` set to `Enabled`.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0075 |
| Severity | LOW |
| IaC Type | Cloudformation |
| Frameworks | CloudFormation, Terraform, TerraformPlan, Serverless |
| Checkov ID | CKV_AWS_21 |