Enabling S3 versioning on a lot of buckets

Question

It's been decreed that all our S3 buckets should have access logs and versioning enabled. Unfortunately I have a lot of S3 buckets. Is there an efficient way of doing this that doesn't involve setting the attributes on each one individually in the console?

Answer 1

You can also develop your own custom AWS Config rule to manage the compliance of AWS S3 Buckets. (versionning and logs enabled)

• https://aws.amazon.com/config/

You can check a lot of examples here:

• https://github.com/awslabs/aws-config-rules

You can adapt this one to your needs:

• https://github.com/awslabs/aws-config-rules/blob/master/python/s3_bucket_default_encryption_enabled.py

Answer 2

For most of the tasks on AWS, the simplest way is using the AWS CLI, especially about the repetitive things.

You can use AWS CLI and simple bash script like this, by rtrouton:

#!/bin/bash

# This script is designed to check the object versioning status of all S3 buckets associated with an AWS account
# and enable object versioning on any S3 buckets where object versioning is not enabled.

# Get list of S3 buckets from Amazon Web Services

s3_bucket_list=$(aws s3api list-buckets --query 'Buckets[*].Name' | sed -e 's/[][]//g' -e 's/"//g' -e 's/,//g' -e '/^$/d' -e 's/^[ \t]*//;s/[ \t]*$//')

# Loop through the list of S3 buckets and check the individual bucket's object version status.

for bucket in $(echo "$s3_bucket_list")
do
  version_status=$(aws s3api get-bucket-versioning --bucket "$bucket" | awk '/Status/ {print $2}' | sed 's/"//g')
   if [[ "$version_status" = "Enabled" ]]; then

      # If the object version status is Enabled, report that the S3 bucket has object versioning enabled.

      echo "The $bucket S3 bucket has object versioning enabled."
  elif [[ "$version_status" != "Enabled" ]]; then

      # If the object version is a status other than Enabled, report that the S3 bucket does not have
      # object versioning enabled, then enable object versioning

      echo "The $bucket S3 bucket does not have object versioning enabled. Enabling object versioning on the $bucket S3 bucket."
      aws s3api put-bucket-versioning --bucket "$bucket" --versioning-configuration Status=Enabled
  fi
done

For more information you can check the following document on the AWS website:

https://docs.aws.amazon.com/cli/latest/reference/s3api/put-bucket-versioning.html