S3 buckets can be versioned.
When the S3 bucket is unversioned it means that a new version of an object overwrites an existing one in the S3 bucket.

It can lead to unintentional or intentional information loss.

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

[source,javascript]
----
const s3 = require('aws-cdk-lib/aws-s3');

new s3.Bucket(this, 'id', {
    bucketName: 'bucket',
    versioned: false // Sensitive
});
----
The default value of `versioned` is `false` so the absence of this parameter is also sensitive.

== Compliant Solution

[source,javascript]
----
const s3 = require('aws-cdk-lib/aws-s3');

new s3.Bucket(this, 'id', {
    bucketName: 'bucket',
    versioned: true
});
----

include::../see.adoc[]

* https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3.Bucket.html#versioned[AWS CDK version 2] - Using versioning in S3 buckets

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

=== Highlighting

* If the argument is set to false: the argument assignment
* If the argument is a variable: primary the assignment of the argument, secondary the assignment of the value to the variable
* If the argument is missing: the constructor of the bucket

=== Message

* If primary: Make sure an unversioned S3 bucket is safe here.
* If secondary: Propagated setting
* If missing: Omitting the "versioned" argument disables S3 bucket versioning. Make sure it is safe here.

endif::env-github,rspecator-view[]