Control: AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.02 - Ensure MFA Delete is enabled on S3 buckets

Configures auditing against a CIS Benchmark item.

Level: 2

Once MFA Delete is enabled on your sensitive and classified S3 bucket it requires the user to have two forms of authentication.

Resource Types

This control targets the following resource types:

AWS > S3 > Bucket

In Your Workspace

Controls by Resource report
Controls by Control Type report

Developers

Control Type URI

tmod:@turbot/aws-cisv2-0#/control/types/r020102

Category URI

tmod:@turbot/cis#/control/categories/v071406

GraphQL

query controlType(id: "tmod:@turbot/aws-cisv2-0#/control/types/r020102") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/aws-cisv2-0#/control/types/r020102'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/aws-cisv2-0#/control/types/r020102"