S3 Bucket Without Versioning

  • Query id: 9232306a-f839-40aa-b3ef-b352001da9a5
  • Query name: S3 Bucket Without Versioning
  • Platform: Ansible
  • Severity: Medium
  • Category: Observability
  • URL: Github

Description

S3 bucket should have versioning enabled
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
---
- name: foo
  amazon.aws.s3_bucket:
    name: mys3bucket
    policy: "{{ lookup('file','policy.json') }}"
    requester_pays: yes
    tags:
      example: tag1
      another: tag2
- name: foo2
  amazon.aws.s3_bucket:
    name: mys3bucket
    policy: "{{ lookup('file','policy.json') }}"
    requester_pays: yes
    versioning: no
    tags:
      example: tag1
      another: tag2

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: foo
  amazon.aws.s3_bucket:
    name: mys3bucket
    policy: "{{ lookup('file','policy.json') }}"
    requester_pays: yes
    versioning: yes
    tags:
      example: tag1
      another: tag2