Ensure that S3 Bucket has MFA option enabled for changing Bucket Versioning settings and permanently deleting object versions

Other Security Rules

Description

S3 Buckets should be protected from ransomware attacks by configuring versioning and MFA Delete. Doing so will disallow immediate bucket content removal, data encryption, or any other harmful modifications.

Disabled versioning is also considered a violation by this rule. The reason for that is that the attacker may make the bucket vulnerable by disabling object versioning with the s3:PutBucketVersioning permission.

Enable S3 bucket versioning and MFA Delete via the AWS Management Console

Step 1. Log in to the AWS Management Console and open the S3 console at https://console.aws.amazon.com/s3.

Step 2. Under "All Buckets,"" click on the target S3 bucket.

Step 3. Click on the Properties tab.

Step 4. Find the "Bucket Versioning" section.

Step 5. Click on Edit and enable versioning.

Step 6. Follow the AWS instructions to add the MFA Delete option via CLI or SDK.