<  Back to rules search

S3 bucket MFA Delete feature is enabled

s3
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Description

Set up the Multi-Factor Authentication (MFA) delete feature to prevent deletion of Amazon S3 objects.

Rationale

Remediation

MFA-protected Amazon S3 buckets ensure S3 objects cannot be accidentally or intentionally deleted by AWS users who have access to your bucket.

From the console

MFA DELETE cannot be enabled in the AWS Console. See the CLI remediation below for configuration instructions.

From the command line

  1. Run put-bucket-versioning with your bucket name, versioning configuration, and MFA configuration.

put-bucket-acl.sh

  aws s3api put-bucket-versioning
    --bucket your-s3-bucket-name
    --versioning-configuration '{"MFADelete":"Enabled","Status":"Enabled"}'
    --mfa 'arn:aws:iam::aws_account_id:mfa/root-account-mfa-device'