An S3 bucket must have a lifecycle configuration
Description
This policy detects whether an S3 bucket in AWS has a lifecycle configuration or not. A lifecycle configuration on an S3 bucket helps to manage objects so they can be automatically transitioned to other storage classes or expire after a certain period. This is crucial for cost effective data management and storage optimization.
Code Example
go
resource "aws_s3_bucket" "bucket" {
bucket = "bucket"
acl = "private”
lifecycle_rule {
id = "expire"
status = "Enabled"
prefix = "logs/"
transition {
days = 30
storage_class = "STANDARD_IA"
}
expiration {
days = 90
}
}
}Remediation
Terraform
- Resource: aws_s3_bucket
- Arguments: lifecycle_rule
To fix the issue, it is needed to configure a lifecycle_rule under the respective S3 bucket in your terraform file specifying the id, status, prefix, transition, and expiration.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0495 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV2_AWS_61 |