lacework-global-94
Ensure the S3 bucket requires Multi-Factor Authentication (MFA) to delete objects
Description
The bucket Access Control List (ACL) or policy controls the ability to delete objects in the bucket. If objects in the bucket are permanent, MFA delete can help prevent accidental deletion by requiring a second factor.
Remediation
Enable MFA delete through the AWS CLI. Please see AWS documentation for a complete understanding:
https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html
<VersioningConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<Status>VersioningState</Status>
<MfaDelete>MfaDeleteState</MfaDelete>
</VersioningConfiguration>