This is a bit of a silly question - I have an S3 bucket that contains some important production data.
I'm looking to back this data up. S3 versioning seems to be a very good way.
One concern I have is that enabling S3 versioning could affect the existing files. Is it safe to enable versioning before I backup the files offsite?
This depends on what you mean by "back up".
Objects stored in Amazon S3 are automatically replicated between multiple data centres within the region. So, AWS is automatically taking care of backups for you.
However, if you are worried about accidentally deleting or overwriting an object, then using Versioning is a good idea. It will allow you to retrieve versions of the objects that have been deleted or overwritten. (Note: You'll pay the full storage cost of old versions as well as current versions.)
Activating versioning does not impact existing objects. Once versioning is activated, it will automatically apply to all objects in the bucket so deleting or overwriting previously-existing objects will function the same as new objects.
Another form of backup you might consider is Cross-Region Replication. This tells S3 to replicate objects from one bucket to a bucket in a different region. The replica bucket can even belong to another AWS account. This has the benefit of keeping objects safe even if somebody intentionally deletes them.
Imagine a scenario with a Systems Administrator who has delete permissions in S3. If they become upset with management and decide to delete all their data, there would be another copy of that data in the replica bucket. This bucket could belong to a different account where the System Administrator does not have permissions to delete data. The downside is that you pay for both copies of the data. The upside is that your data is safe and your company can continue to operate.