v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/oci_compliance
Overview
3Dashboards
133Controls
43Queries
2Variables
GitHub

Control: 5.1.3 Ensure Versioning is Enabled for Object Storage Buckets

Description

A bucket is a logical container for storing objects. Object versioning is enabled at the bucket level and is disabled by default upon creation. Versioning directs Object Storage to automatically create an object version each time a new object is uploaded, an existing object is overwritten, or when an object is deleted. You can enable object versioning at bucket creation time or later.

Versioning object storage buckets provides for additional integrity of your data. Management of data integrity is critical to protecting and accessing protected data. Some customers want to identify object storage buckets without versioning in order to apply their own data lifecycle protection and management policy.

Remediation

From Console

  1. Follow the audit procedure above.
  2. For each bucket in the returned results, click the Bucket Display Name.
  3. Click Edit next to Object Versioning: Disabled.
  4. Click Enable Versioning.

From CLI

  1. Follow the audit procedure.
  2. For each of the buckets identified, execute the following command:
oci os bucket update --bucket-name <bucket name> --versioning Enabled

Default Value

Object versioning is Disabled.

Usage

Run the control in your terminal:

powerpipe control run oci_compliance.control.cis_v200_5_1_3

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run oci_compliance.control.cis_v200_5_1_3 --share

SQL

This control uses a named query:

objectstorage_bucket_versioning_enabled

Tags

category = Compliance
cis = true
cis_item_id = 5.1.3
cis_level = 2
cis_section_id = 5.1
cis_type = automated
cis_version = v2.0.0
plugin = oci
service = OCI/ObjectStorage