Alibaba Cloud OSS bucket has versioning disabled

Description

This policy ensures that versioning is enabled for Alibaba Cloud OSS (Object Storage Service) buckets. Versioning helps protect against accidental deletion or overwriting of objects by maintaining multiple versions of an object. Enabling versioning is a best practice for data protection and recovery in case of user errors or malicious actions.

Failing to enable versioning could lead to irreversible data loss if objects are deleted or modified unintentionally.

Code Example

resource "alicloud_oss_bucket" "example" {
  ...

  versioning {
+    status = "Enabled"
  }
}

Remediation

Terraform

Resource: alicloud_oss_bucket
Arguments: versioning.status

To mitigate this issue, ensure the `versioning.status` attribute in the `alicloud_oss_bucket` resource is set to `Enabled`.

Example:

Rule Details

Field	Value
ID	IAC-0010
Severity	LOW
IaC Type	Terraform
Frameworks	Terraform
Checkov ID	CKV_ALI_10

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Alibaba Cloud OSS bucket has versioning disabled

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Alibaba Cloud OSS bucket has versioning disabled ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Alibaba Cloud OSS bucket has versioning disabled

Description

Code Example

Remediation

Rule Details

References