CloudTrail Logs S3 Bucket Has MFA Delete Disabled

Overview

This check ensures that S3 buckets used by CloudTrail for storing logs have MFA Delete enabled. Enabling MFA Delete provides an extra layer of security by requiring additional authentication before allowing the permanent deletion of objects in the bucket. Without MFA Delete, an attacker who gains access to the necessary permissions could potentially delete CloudTrail logs, compromising the ability to detect and investigate security incidents.

Vendor

AWS

Cloud Service

References

https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html

Severity

Item Types

AWS::S3::Bucket

Overview​

Vendor​

Cloud Service​

References​

Severity​

Item Types​