S3 mfa delete enabled remediation

Using Console

Using CLI

To remediate the misconfiguration “S3 Bucket Should Have MFA Delete Enabled” for AWS using AWS CLI, follow these steps:

Open your terminal and install AWS CLI if it is not already installed.
Run the following command to enable MFA delete for your S3 bucket:

aws s3api put-bucket-versioning --bucket your-bucket-name --versioning-configuration Status=Enabled,MFADelete=Enabled --mfa "your-serial-number MFA-code"

Note: Replace “your-bucket-name” with the name of your S3 bucket, and “your-serial-number” and “MFA-code” with your MFA device’s serial number and code respectively.

Verify that MFA delete is enabled for your S3 bucket by running the following command:

aws s3api get-bucket-versioning --bucket your-bucket-name

This command should output the versioning configuration of your S3 bucket, which should include “MFADelete”: “Enabled”.

Test that MFA delete is working by attempting to delete an object from your S3 bucket using the AWS Management Console or AWS CLI. You should be prompted to enter an MFA code to confirm the deletion.

By following these steps, you should be able to remediate the misconfiguration “S3 Bucket Should Have MFA Delete Enabled” for AWS using AWS CLI.

Using Python

To remediate S3 bucket MFA delete enabled misconfiguration in AWS using Python, follow the below steps:

Install the boto3 library if not already installed using the command !pip install boto3
Import the necessary libraries and create an S3 client object:

import boto3
s3 = boto3.client('s3')

Get the bucket’s current versioning configuration using the get_bucket_versioning method:

bucket_name = 'your-bucket-name'
versioning = s3.get_bucket_versioning(Bucket=bucket_name)

If the versioning is not enabled, enable it using the put_bucket_versioning method:

if versioning['Status'] != 'Enabled':
    s3.put_bucket_versioning(
        Bucket=bucket_name,
        VersioningConfiguration={
            'Status': 'Enabled'
        }
    )

Get the bucket’s current MFA delete configuration using the get_bucket_mfa_delete method:

mfa_delete = s3.get_bucket_mfa_delete(Bucket=bucket_name)

If the MFA delete is not enabled, enable it using the put_bucket_mfa_delete method:

if not mfa_delete['MFADelete']:
    s3.put_bucket_mfa_delete(
        Bucket=bucket_name,
        MFADelete='Enabled'
    )

To enable MFA delete, you need to provide the serial number of the MFA device and the current token code. You can prompt the user to input this information or retrieve it from a secure location.

mfa_serial = 'your-mfa-serial-number'
mfa_token = 'your-mfa-token-code'
s3.put_bucket_mfa_delete(
    Bucket=bucket_name,
    MFADelete='Enabled',
    MFA='arn:aws:iam::YOUR_ACCOUNT_ID:mfa/{}'.format(mfa_serial),
    VersioningConfiguration={
        'Status': 'Enabled'
    },
    RequestPayer='requester',
    MultiFactorAuthentication={
        'SerialNumber': 'arn:aws:iam::YOUR_ACCOUNT_ID:mfa/{}'.format(mfa_serial),
        'TokenCode': mfa_token
    }
)

Note: Replace your-bucket-name, your-mfa-serial-number and your-mfa-token-code with the actual values.

Once the above steps are completed, the S3 bucket should have MFA delete enabled.

Note: Make sure you have the necessary permissions to perform these actions.

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

S3 mfa delete enabled remediation

Triage and Remediation

Remediation