Disabled AWS S3 object versioning High

Disabled versioning is detected for AWS S3 object. Make sure that versioning is enabled for AWS S3 object.

Detector ID
cloudformation/disabled-s3-versioning-cloudformation@v1.0
Category
Common Weakness Enumeration (CWE) external icon

Noncompliant example

1Resources:
2  Resource:
3    Type: AWS::S3::Bucket
4    Properties:
5      # Noncompliant: AWS S3 object versioning is not enabled.
6      BucketName: !Sub "${AWS::StackName}-bucket"
7      AccessControl: Private
8      LoggingConfiguration:
9        DestinationBucketName: String
10        LogFilePrefix: String
11      PublicAccessBlockConfiguration:
12        BlockPublicAcls: true
13        BlockPublicPolicy: true
14        IgnorePublicAcls: true
15        RestrictPublicBuckets: true

Compliant example

1Resources:
2  Resource:
3    Type: AWS::S3::Bucket
4    Properties:
5      BucketName: !Sub "${AWS::StackName}-bucket"
6      # Compliant:  AWS S3 object versioning is enabled.
7      VersioningConfiguration:
8        Status: Enabled
9      AccessControl: Private
10      LoggingConfiguration:
11        DestinationBucketName: String
12        LogFilePrefix: String
13      PublicAccessBlockConfiguration:
14        BlockPublicAcls: true
15        BlockPublicPolicy: true
16        IgnorePublicAcls: true
17        RestrictPublicBuckets: true