Skip to content

v0.44.1
Compare
Choose a tag to compare
@cloudpossebot cloudpossebot released this 12 Nov 19:55
0.44.1
6947cac
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

🚀 Enhancements

Dynamic block for versioning added @nnsense (#118)

what

Enabling versioning on a bucket is a permanent action that cannot be disabled. For this reason, when versioning attribute is added to the s3 resource, the bucket is prepared to be versioned and put in suspended mode. The only way to avoid this and keep the versioning disabled is to not add the versioning attribute at all.

We were discussing this in this bug and @aknysh posted a snipped which is removing the attribute, making it possible to set versioning off instead of enabled but suspended.

I'm just adding that snippet, there's another PR which is apparently changing more than just the versioning and it seems abandoned (opened in February 2021, had no updates from August).

Note: there's a comment into this module's main:

#bridgecrew:skip=BC_AWS_S3_16:Skipping `Ensure S3 bucket versioning is enabled` because dynamic blocks are not supported by checkov

But I see that some basic handling for dynamic blocks has been added in checkov
bridgecrewio/checkov#836

So if you're using checkov it would be interesting to remove the comment and see if it works now

why

  • In a very quick deployment, where versioning is less important than speed, having a delay before an object can be written could be an issue (See the note here)
  • If the buckets are created by terraform and deleted by a script, the versioned bucket's deletion is much more complex than a non-versioned one.
  • User's preference

Contributors

nnsense and aknysh
Assets 2
Loading