S3 lifecycle configuration does not set a period for aborting failed uploads

Description

This policy is verifying that there is a specified time period set for aborting failed uploads in the Amazon S3 lifecycle configuration. This is critical for preventing incomplete multipart uploads from consuming unnecessary storage, which could increase costs and potentially slow down system performance. If a multipart upload event fails, without a specified abort period, the partially uploaded data will continue to occupy space and accumulate associated charges.

Code Example

resource "aws_s3_bucket_lifecycle_configuration" "pass" {
  bucket = aws_s3_bucket.bucket.id

  rule {
+   abort_incomplete_multipart_upload {
+     days_after_initiation = 7
+   }
    filter {}
    id = "log"
    status = "Enabled"
  }
}

Remediation

Terraform

Resource: aws_s3_bucket_lifecycle_configuration
Arguments: abort_incomplete_multipart_upload

To achieve this, you need to add the `abort_incomplete_multipart_upload` attribute.

Rule Details

Field	Value
ID	IAC-0347
Severity	MEDIUM
IaC Type	Terraform
Frameworks	Terraform, TerraformPlan
Checkov ID	CKV_AWS_300

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

S3 lifecycle configuration does not set a period for aborting failed uploads

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

S3 lifecycle configuration does not set a period for aborting failed uploads ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

S3 lifecycle configuration does not set a period for aborting failed uploads

Description

Code Example

Remediation

Rule Details

References