Ensure MFA Delete is enabled on S3 buckets Rule
This rule ensures that MFA Delete is enabled on S3 buckets for added security measures.
| Rule | Ensure MFA Delete is enabled on S3 buckets |
| Framework | cis_v150 |
| Severity | ✔ Critical |
Rule Description
The MFA (Multi-Factor Authentication) Delete feature provides an additional layer of security by requiring MFA authentication for certain privileged bucket operations, such as permanently deleting objects or changing the bucket versioning state. Enabling MFA Delete helps to prevent accidental or unauthorized deletions.
Troubleshooting Steps
If MFA Delete is not enabled on S3 buckets for cis_v150, follow these troubleshooting steps:
- 1.Identify the S3 buckets that do not have MFA Delete enabled.
- 2.Check if the bucket has versioning enabled. MFA Delete can only be set for versioned buckets.
- 3.Verify if the buckets require MFA authentication for object deletions.
- 4.Review the IAM policies and ensure that the appropriate MFA policies are configured.
- 5.Confirm that the MFA device is properly associated and functioning correctly.
Necessary Codes
There are no specific codes required for this rule. However, you may need to update the bucket's permissions or IAM policies if necessary.
Remediation Steps
To enable MFA Delete on S3 buckets for cis_v150, follow these steps:
- 1.Open the AWS Management Console and navigate to the S3 service.
- 2.Identify the bucket for which you want to enable MFA Delete.
- 3.Ensure that versioning is enabled for the bucket. MFA Delete can only be set for versioned buckets.
- 4.Go to the bucket settings and click on "Properties."
- 5.Under the "Versioning" section, click "Edit."
- 6.Check the box next to "Enable MFA Delete" and click "Save Changes."
- 7.You will be prompted to provide the root account's MFA device authentication information.
- 8.Enter the MFA code from the device associated with the root account and click "Save Changes."
- 9.Verify that MFA Delete has been successfully enabled for the bucket.
Note: Enabling MFA Delete may result in additional prompts for MFA authentication when performing certain operations on the bucket. Make sure you have your MFA device available when working with the bucket.
Conclusion
By following the above steps, you can ensure that MFA Delete is enabled on S3 buckets for cis_v150. This provides an additional layer of security and mitigates the risk of accidental or unauthorized deletions of objects in the bucket.