Ensure that your AWS CloudTrail logging bucket use Multi-Factor Authentication (MFA) Delete feature in order to prevent the deletion of any versioned log files.
Using an MFA-protected bucket for AWS CloudTrail will enable the ultimate layer of protection to ensure that your versioned log files cannot be accidentally deleted or intentionally deleted in case your access credentials are compromised. Note: Only the S3 bucket owner (the AWS root account) can enable MFA Delete feature and perform DELETE actions for the CloudTrail logging bucket.
To determine if your CloudTrail logging bucket has MFA Delete enabled, perform the following:
To enable MFA Delete protection for your CloudTrail logging bucket via AWS CLI, perform the following:Note: enabling it via AWS Management Console is not currently supported