Ensure MFA Delete is enabled on S3 buckets Rule

This rule ensures MFA Delete is enabled on S3 buckets for improved security and compliance.

Rule	Ensure MFA Delete is enabled on S3 buckets
Framework	cis_v140
Severity	✔ Medium

Rule Description:

MFA (Multi-Factor Authentication) Delete is a security feature provided by Amazon S3 (Simple Storage Service) that adds an extra layer of protection to prevent accidental or unauthorized deletion of objects in S3 buckets. Enabling MFA Delete requires the use of an additional authentication factor, such as a virtual MFA device, to successfully delete objects from an S3 bucket. This helps to mitigate the risk of data loss or unauthorized modifications.

The rule 'cis_v140' ensures that MFA Delete is enabled on all S3 buckets within the AWS environment. By enforcing this rule, you can enhance the security of your S3 buckets and minimize the potential impact of accidental deletions or unauthorized access.

Troubleshooting Steps:

If the MFA Delete feature is not enabled for an S3 bucket, you may encounter the following issues:

Accidental deletions: Without MFA Delete, there is a higher risk of accidental deletions leading to permanent data loss.
Unauthorized modifications: Without the additional authentication factor, unauthorized individuals may be able to modify or delete objects within the S3 bucket.
Compliance risks: Not conforming to this rule may violate compliance requirements, such as those outlined in the CIS benchmark.

To troubleshoot and enable MFA Delete on S3 buckets, follow the steps below.

Enable MFA Delete on S3 Buckets:

1.
Identify the S3 buckets that do not have MFA Delete enabled.
- You can use the AWS Management Console, AWS CLI, or AWS SDKs/APIs.
- For AWS CLI, use the following command:
  aws s3api get-bucket-versioning --bucket <bucket-name>

2.
Check the current versioning configuration for each bucket.
- If the bucket does not have versioning enabled, you will need to enable it before enabling MFA Delete.
- To enable versioning for a bucket using AWS CLI, run the following command:
  aws s3api put-bucket-versioning --bucket <bucket-name> --versioning-configuration Status=Enabled

3.
Enable MFA Delete for each bucket that has versioning enabled.
- Using the AWS Management Console, navigate to the properties of the S3 bucket.
- Under the 'Versioning' section, click on 'Edit'.
- Enable the 'MFA Delete' option and provide the required MFA device details.
- Click 'Save' to apply the changes.

4.
Validate the MFA Delete configuration.
- Use the AWS CLI to verify that MFA Delete is now enabled for the bucket:
  aws s3api get-bucket-versioning --bucket <bucket-name>
- The output should show
  "MFADelete" : "Enabled"

5.

Review and repeat the above steps for all S3 buckets without MFA Delete.

By following these steps, you can enable MFA Delete on S3 buckets, helping to maintain a higher level of security and reducing the risk of accidental data loss or unauthorized modifications.

NOTE: Ensure that you have the necessary permissions to implement changes on S3 buckets and configure MFA Delete.

Ensure MFA Delete is enabled on S3 buckets Rule

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Rule Description:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Troubleshooting Steps:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Enable MFA Delete on S3 Buckets:

Is your System Free of Underlying Vulnerabilities? Find Out Now

Rule Description:

Troubleshooting Steps:

Enable MFA Delete on S3 Buckets:

Is your System Free of Underlying Vulnerabilities?
Find Out Now