Ensure that your AWS S3 buckets are using Multi-Factor Authentication (MFA) Delete feature in order to prevent the deletion of any versioned S3 objects (files).
Using MFA-protected S3 buckets will enable an extra layer of protection to ensure that the S3 objects (files) cannot be accidentally or intentionally deleted by the AWS users that have access to the buckets. Note: Only the bucket owner that is logged in as AWS root account can enable MFA Delete feature and perform DELETE actions on S3 buckets.
To determine if your S3 buckets have MFA Delete feature enabled, perform the following:
To enable MFA Delete protection for your S3 buckets via AWS CLI (enabling it via AWS Management Console is not currently supported), perform the following: