🚀 Join our AI Wargame at Black Hat Asia and our Workshop + Wargame at NDC Sydney .


S3 Versioning Not Enabled

if S3 object versioning is not enabled, tampering of objects will not be recoverable. This increases likelihood of denial of service.

Remediation

resource "aws_s3_bucket" "example" {
  bucket = "example-bucket"
}

resource "aws_s3_bucket_acl" "example" {
  bucket = aws_s3_bucket.example.id
  acl    = "private"
}

resource "aws_s3_bucket_versioning" "versioning_example" {
  bucket = aws_s3_bucket.example.id
  versioning_configuration {
    status = "Enabled"
  }
}

Reference: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_versioning

Metadata

  • Severity: informational
  • Slug: s3-versioning-not-enabled

OWASP

  • A05:2021: Security Misconfiguration

Available Labs

Open Aws labs in SecDim Play for this vulnerability.

Deco line
Deco line

Play AppSec WarGames

Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.

For Companies Play Now
Deco line
Deco line

Got a comment?

Join our secure coding and AppSec community. A discussion board to share and discuss all aspects of secure programming, AppSec, DevSecOps, fuzzing, cloudsec, AIsec code review, and more.

Read more