Skip to content

Spaces buckets should have versioning enabled

Default Severity: medium

Explanation

Versioning is a means of keeping multiple variants of an object in the same bucket. You can use the Spaces (S3) Versioning feature to preserve, retrieve, and restore every version of every object stored in your buckets. With versioning you can recover more easily from both unintended user actions and application failures.

Possible Impact

Deleted or modified data would not be recoverable

Suggested Resolution

Enable versioning to protect against accidental or malicious removal or modification

Insecure Example

The following example will fail the digitalocean-spaces-versioning-enabled check.

 resource "digitalocean_spaces_bucket" "bad_example" {
   name   = "foobar"
   region = "nyc3"
 }

 resource "digitalocean_spaces_bucket" "bad_example" {
   name   = "foobar"
   region = "nyc3"

   versioning {
    enabled = false 
   }
 }

Secure Example

The following example will pass the digitalocean-spaces-versioning-enabled check.

 resource "digitalocean_spaces_bucket" "good_example" {
   name   = "foobar"
   region = "nyc3"

   versioning {
    enabled = true
   }
 }