Back to All Checks
Low S3 Regional

S3 general purpose buckets should have MFA delete enabled

CIS v5.0.0CIS v3.0.0NIST 800-53

Description

Checks whether multi-factor authentication (MFA) delete is enabled for an Amazon S3 general purpose bucket. The control fails if MFA delete is not enabled for the bucket. The control does not produce findings for buckets that already have a lifecycle configuration.

Remediation

Enable MFA delete on S3 buckets with versioning enabled to add an extra layer of security for delete operations.

Steps

  1. Open the Amazon S3 console.
  2. Select the bucket and go to 'Properties' > 'Bucket Versioning'.
  3. Enable versioning if not already enabled.
  4. Enable MFA delete (requires MFA device).
  5. Confirm the change with your MFA device.

Compliance

CIS v5.0.0CIS v3.0.0NIST 800-53
Start Your Free Security Check