Free Assessment

Amazon_S3_16

Ensure S3 bucket should have versioning MFA delete enabled

Description

Using MFA-protected S3 buckets will enable an extra layer of protection to ensure that the S3 objects (files) cannot be accidentally or intentionally deleted by the AWS users that have access to the buckets. Note: Only the bucket owner that is logged in as AWS root account can enable MFA Delete feature and perform DELETE actions on S3 buckets.

Remediation

Perform the following to enable versioning MFA delete for all s3 buckets:

  1. Run list-buckets command (OSX/Linux/UNIX) to list all S3 buckets available in your AWS account:
    aws s3api list-buckets –query ‘Buckets[*].Name’
  2. The command output should return the name of each S3 bucket available in your AWS account :
    [sample-bucket”]

  3. Since MFA Delete requires the object versioning as dependency, the best practice is to enable these two S3 features at the same time. Run put-bucket-versioning command (OSX/Linux/UNIX) to enable versioning and MFA delete for the selected bucket (use the MFA device activated for your AWS root account and replace the highlighted details with your own access details):

    aws s3api put-bucket-versioning
    –bucket&nbsp

Service

S3

Severity

Low

Compliance

Mapping

Want to Know More?

Learn how our partners are managing their cloud security and compliance with Cloudlytics.

I hereby accept the GDPR and Privacy Policy, by subscribing to the newsletters.

Cloudlytics

Solutions

Resources

Company

Legal

Facebook Twitter Linkedin Youtube
Start Free Trial
Login

CLOSE

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!

Learn More