AWS S3 Bucket Versioning Enforcement

Watches for S3 buckets without versioning enabled and notifies through email asking for approval to enable versioning or delete the bucket.


Download and install Flowpipe ( Or use Brew:

brew tap turbot/tap
brew install flowpipe


git clone
cd public_cloud/aws_s3_bucket_versioning_enforcement

Install mod dependencies:

flowpipe mod install


It is recommended to create a credential_import resource to import your AWS connections:

vi ~/.flowpipe/config/aws.fpc
credential_import "aws" {
source = "~/.steampipe/config/aws.spc"
connections = ["*"]

For more information on importing credentials, please see Credential Import.


Create a notifier resource, which will be used to route inputs and other messages.

For instance:

vi ~/.flowpipe/config/integrations.fpc
integration "email" "my_email" {
from = ""
to = [""]
smtp_tls = "required"
smtps_port = 587
smtp_host = ""
smtp_username = ""
smtp_password = env("FLOWPIPE_EMAIL_APP_PW")
notifier "my_email" {
notify {
integration =

For more examples of integrations and notifiers, please see:

Then set the variable values:

cp flowpipe.fpvars.example flowpipe.fpvars
vi flowpipe.fpvars
# AWS Region
aws_region = "us-east-1"
# Set the AWS credentials profile to use
# aws_cred = "default"
# Steampipe database connection string
# Defaults to local Steampipe database
# You can also set a search path as part of this connection string
# database = "postgresql://steampipe@localhost:9193/steampipe?options=-c%20search_path%3Dput,search,path,here"
# Set the notifier to use for inputs and messages
# Defaults to the "default" notifier
notifier = "my_email"
# Set the schedule for the mod to run
# schedule = "daily"


Start the Steampipe service:

steampipe service start

Note: Please remember to set search_path or search_path_prefix in your Steampipe workspace options to ensure the right connections are queried.

Run the mod with the Flowpipe server:

flowpipe server --verbose