04 - S3 Bucket MFA Delete

 

Ensure your S3 buckets have MFA delete enabled for sensitive buckets

Ensure that your S3 buckets have MFA delete enabled to block accidental or malicious deletion. This is considered a security best practice and should always be done. Ensuring this is enabled will help with NIST,PCI-DSS and GDPR compliance.

Audit & Remediation

  • In order to validate this, this must be carried out via the aws cli.
                
aws s3api get-bucket-versioning	--bucket my-bucket-12345452345
  • Since MFA Delete requires the object versioning as dependency, the best practice is to enable these two S3 features at the same time. Run put-bucket-versioning command (OSX/Linux/UNIX) to enable versioning and MFA delete for the selected bucket (use the MFA device activated for your AWS root account and replace the highlighted details with your own access details):
                
aws s3api put-bucket-versioning --bucket my-bucket-12345452345 --versioning-configuration '{"MFADelete":"Enabled","Status":"Enabled"}' --mfa 'arn:aws:iam::aws_account_id:mfa/root-account-mfa-device passcode'
  • Repeat the outlined steps for each S3 bucket that you have.
See all of your AWS S3 Buckets in a single place!

Do you want to see all S3 Buckets in once place for all regions and all accounts?
Login to our online demo to see exactly what this looks like.
demo.intelligentdiscovery.io

 

Other Key Features

Inventory

Consolidate your inventory management with consistent and frequent security logs, inventories, and change logs. Dashboard reporting for extensive analytical value.

learn more +

Cost & Usage

Access consolidated capacity, cost, and volume tools in a scaling environment without impacting production or breaking the bank.

learn more +

Contact us

LDAPTIVE, LLC.
Mount Pleasant, SC
USA
Email: info@ldaptive.com
Intelligent Discovery ™

LDAPTIVE, LLC 2018 © All Rights Reserved. Privacy Policy | Terms of Service