Back to All Checks
Medium S3

S3 general purpose buckets should have Object Lock enabled

NISTHIPAA

Description

Checks if S3 buckets are configured to use Object Lock.

Remediation

To configure Object Lock for an S3 bucket, follow these steps:

Steps

  1. Sign in to the AWS Management Console and open the Amazon S3 console.
  2. In the Buckets list, choose the name of the bucket you want to enable Object Lock for.
  3. Choose the 'Properties' tab.
  4. In the 'Object Lock' section, choose 'Edit'.
  5. Select 'Enable Object Lock'. Note that once Object Lock is enabled for a bucket, it cannot be disabled.
  6. Choose the default retention mode and period for new objects placed in the bucket. You can choose between 'Governance' mode (users can't overwrite or delete an object version or alter its lock settings unless they have special permissions) or 'Compliance' mode (the protected version can't be overwritten or deleted by any user, including the root user).
  7. Click 'Save changes'.
  8. Apply Object Lock configuration to the objects in the bucket as needed.

Compliance

NISTHIPAA
Start Your Free Security Check