Bucket Versioning Should Be Enabled

More Info:

Ensures object versioning is enabled on storage buckets. Object versioning can help protect against the overwriting of objects or data loss in the event of a compromise.

Risk Level

Low

Address

Security, Operational Maturity, Reliability

Compliance Standards

PCIDSS, HITRUST, SOC2, NISTCSF

Triage and Remediation

Remediation

To remediate the “Bucket Versioning Should Be Enabled” misconfiguration in GCP using GCP console, follow these steps:

Go to the GCP console and select the project where the misconfigured bucket is located.
In the top navigation bar, click on the “Storage” option.
Click on the name of the bucket that needs to be remediated.
In the left-hand menu, click on the “Versions” option.
Click on the “Enable versioning” button.
A pop-up window will appear asking you to confirm that you want to enable versioning. Click on the “Enable” button.
Once versioning is enabled, you will see a message confirming that versioning has been enabled for the bucket.
You can now exit the GCP console.

By following these steps, you will have successfully remediated the misconfiguration “Bucket Versioning Should Be Enabled” for the specified bucket in GCP using GCP console.

To remediate the bucket versioning misconfiguration in GCP using GCP CLI, you can follow the below steps:

Open Cloud Shell from the GCP console.
Run the following command to enable versioning for a specific bucket:

gsutil versioning set on gs://[BUCKET_NAME]

Note: Replace [BUCKET_NAME] with the name of the bucket you want to enable versioning for.

Verify that versioning is enabled for the bucket by running the following command:

gsutil versioning get gs://[BUCKET_NAME]

Note: Replace [BUCKET_NAME] with the name of the bucket you enabled versioning for.

The output of the above command should show “Enabled: True” indicating that versioning has been enabled for the bucket.

By following these steps, you can remediate the misconfiguration of bucket versioning not being enabled in GCP using GCP CLI.

To remediate the “Bucket Versioning Should Be Enabled” misconfiguration in GCP using Python, you can follow these steps:

Install the google-cloud-storage library using pip:

pip install google-cloud-storage

Import the necessary modules:

from google.cloud import storage

Initialize the client object:

client = storage.Client()

Get the bucket object:

bucket = client.get_bucket('bucket-name')

Enable versioning for the bucket:

bucket.versioning_enabled = True
bucket.patch()

Verify that versioning is enabled:

bucket.reload()
print(bucket.versioning_enabled)

This will enable versioning for the specified GCP bucket and ensure that all objects uploaded to the bucket have a unique version ID.

Additional Reading:

https://cloud.google.com/storage/docs/using-object-versioning

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation