lacework-global-94

Ensure the S3 bucket requires Multi-Factor Authentication (MFA) to delete objects

Description

The bucket Access Control List (ACL) or policy controls the ability to delete objects in the bucket. If objects in the bucket are permanent, MFA delete can help prevent accidental deletion by requiring a second factor.

Remediation

Enable MFA delete through the AWS CLI. Please see AWS documentation for a complete understanding:

https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html

<VersioningConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">

  <Status>VersioningState</Status>

  <MfaDelete>MfaDeleteState</MfaDelete>

</VersioningConfiguration>

Ensure the S3 bucket requires Multi-Factor Authentication (MFA) to delete objects​

Description​

Remediation​

Ensure the S3 bucket requires Multi-Factor Authentication (MFA) to delete objects

Description

Remediation