S3 Bucket Should Have MFA Delete Enabled
More Info:
AWS S3 buckets should use Multi-Factor Authentication (MFA) Delete feature in order to prevent the deletion of any versioned S3 objects (files).Risk Level
LowAddress
SecurityCompliance Standards
CISAWS, CBPTriage and Remediation
Remediation
Using Console
Using Console
Sure, here are the step-by-step instructions to remediate the S3 Bucket misconfiguration of not having MFA Delete enabled in AWS:
- Log in to your AWS Management Console.
- Navigate to the S3 service.
- Click on the S3 bucket that you want to remediate.
- Click on the “Properties” tab.
- Scroll down to the “Delete” section and click on “Edit”.
- Select the “Enable MFA delete” checkbox.
- Click on “Save changes”.
- A pop-up window will appear asking you to enter your MFA code. Enter the code and click on “Save changes”.
- MFA Delete is now enabled for your S3 bucket.
Using CLI
Using CLI
To remediate the misconfiguration “S3 Bucket Should Have MFA Delete Enabled” for AWS using AWS CLI, follow these steps:Note: Replace “your-bucket-name” with the name of your S3 bucket, and “your-serial-number” and “MFA-code” with your MFA device’s serial number and code respectively.This command should output the versioning configuration of your S3 bucket, which should include “MFADelete”: “Enabled”.
- Open your terminal and install AWS CLI if it is not already installed.
- Run the following command to enable MFA delete for your S3 bucket:
- Verify that MFA delete is enabled for your S3 bucket by running the following command:
- Test that MFA delete is working by attempting to delete an object from your S3 bucket using the AWS Management Console or AWS CLI. You should be prompted to enter an MFA code to confirm the deletion.
Using Python
Using Python
To remediate S3 bucket MFA delete enabled misconfiguration in AWS using Python, follow the below steps:Note: Replace
-
Install the
boto3library if not already installed using the command!pip install boto3 - Import the necessary libraries and create an S3 client object:
- Get the bucket’s current versioning configuration using the
get_bucket_versioningmethod:
- If the versioning is not enabled, enable it using the
put_bucket_versioningmethod:
- Get the bucket’s current MFA delete configuration using the
get_bucket_mfa_deletemethod:
- If the MFA delete is not enabled, enable it using the
put_bucket_mfa_deletemethod:
- To enable MFA delete, you need to provide the serial number of the MFA device and the current token code. You can prompt the user to input this information or retrieve it from a secure location.
your-bucket-name, your-mfa-serial-number and your-mfa-token-code with the actual values.- Once the above steps are completed, the S3 bucket should have MFA delete enabled.