Description

AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. We identified CloudTrail logging bucket MFA delete attribute is disabled.
  • Recommended Mitigation

    In order to enhance the visibility of API calls in the account, CloudTrail logging for bucket MFA delete attribute should be enabled. more details can be found in <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html#MultiFactorAuthenticationDelete" target="_blank" rel="noopener noreferrer">https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html#MultiFactorAuthenticationDelete</a>