S3 Buckets should be protected from ransomware attacks by configuring versioning and MFA Delete. Doing so will disallow immediate bucket content removal, data encryption, or any other harmful modifications.
Disabled versioning is also considered a violation by this rule. The reason for that is that the attacker may make the bucket vulnerable by disabling object versioning with the s3:PutBucketVersioning permission.
Step 1. Log in to the AWS Management Console and open the S3 console at https://console.aws.amazon.com/s3.
Step 2. Under "All Buckets,"" click on the target S3 bucket.
Step 3. Click on the Properties tab.
Step 4. Find the "Bucket Versioning" section.
Step 5. Click on Edit and enable versioning.
Step 6. Follow the AWS instructions to add the MFA Delete option via CLI or SDK.
Updated 2 months ago