Control: 5.1.3 Ensure Versioning is Enabled for Object Storage Buckets
Description
A bucket is a logical container for storing objects. Object versioning is enabled at the bucket level and is disabled by default upon creation. Versioning directs Object Storage to automatically create an object version each time a new object is uploaded, an existing object is overwritten, or when an object is deleted. You can enable object versioning at bucket creation time or later.
Versioning object storage buckets provides for additional integrity of your data. Management of data integrity is critical to protecting and accessing protected data. Some customers want to identify object storage buckets without versioning in order to apply their own data lifecycle protection and management policy.
Remediation
From Console
- Follow the audit procedure above.
- For each bucket in the returned results, click the Bucket Display Name.
- Click
Editnext toObject Versioning: Disabled. - Click
Enable Versioning.
From CLI
- Follow the audit procedure.
- For each of the buckets identified, execute the following command:
oci os bucket update --bucket-name <bucket name> --versioning EnabledDefault Value
Object versioning is Disabled.
Usage
Run the control in your terminal:
powerpipe control run oci_compliance.control.cis_v200_5_1_3Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run oci_compliance.control.cis_v200_5_1_3 --shareSQL
This control uses a named query:
objectstorage_bucket_versioning_enabled