AWS_Cloudtrail_5
AWS CloudTrail logging bucket should use Multi-Factor Authentication (MFA) Delete feature in order to prevent the deletion of any versioned log files.
Using AWS CLI
1. MFA Delete has to be enabled at the same time when you set the versioning state for your bucket. Run put-bucket-versioning command (OSX/Linux/UNIX) to enable versioning and MFA delete for the selected bucket.
2. Use the MFA device enabled for your AWS root account and replace the highlighted details with your own details: the --mfa
parameter value should have the following format: arn:aws:iam::aws_account_id:mfa/root-account-mfa-device mfa_device_passcode
3. Run get-bucket-versioning command (OSX/Linux/UNIX) using the bucket name to determine if versioning and MFA delete protection were enabled
Want to Know More?
Learn how our partners are managing their cloud security and compliance with Cloudlytics.
I hereby accept the GDPR and Privacy Policy, by subscribing to the newsletters.