lacework-global-709
4.1.3 Enable Versioning for Object Storage Buckets (Automated)
Description
A bucket is a logical container for storing objects. It is possible to enable object versioning at the bucket level. Object versioning is by default disabled upon creation. Upon each new object upload, existing object overwrite, or object deletion, versioning directs Object Storage to automatically create an object version. You can enable object versioning at bucket creation time or later.
Remediation
From Console:
Login to OCI Console.
Select Storage from the Services menu.
Select Buckets from under the Object Storage & Archive Storage section.
Click an individual bucket under the Name heading.
Click Edit next to Object Versioning: Disabled.
Click Enable Versioning.
From CLI:
Execute the following command:
for region in $(oci iam region list | jq -r '.data[] | .name')
do
echo "Enumerating region $region"
for compid in $(oci iam compartment list --include-root --compartment-id-in-subtree TRUE 2>/dev/null | jq -r '.data[] | .id')
do
echo "Enumerating compartment $compid"
for bkt in $(oci os bucket list --compartment-id $compid --region $region 2>/dev/null | jq -r '.data[] | .name')
do
output=$(oci os bucket get --bucket-name $bkt --region $region 2>/dev/null | jq -r '.data | select(."versioning" == "Disabled").name')
if [ ! -z "$output" ]; then echo $output; fi
done
done
doneFor each of the buckets identified, execute the following command:
oci os bucket update --bucket-name <bucket name> --versioning Enabled
References
https://docs.oracle.com/en-us/iaas/Content/Object/Tasks/usingversioning.htm