Details:
Using MFA-protected S3 buckets will enable an extra layer of protection to ensure
that the S3 objects (files) cannot be accidentally or intentionally deleted by
the AWS users that have access to the buckets.

Recommendation:
'enabled' should be set to true

Details:
Using MFA-protected S3 buckets will enable an extra layer of protection to ensure
that the S3 objects (files) cannot be accidentally or intentionally deleted by
the AWS users that have access to the buckets.

Recommendation:
'mfa_delete' should be set to true

Details:
Using versioning-enabled S3 buckets will allow you to preserve, retrieve, and
restore every version of an S3 object. S3 versioning can be used for data
protection and retention scenarios such as recovering objects that have been
accidentally/intentionally deleted or overwritten by AWS users or applications
and archiving previous versions of objects to AWS Glacier for long-term low-cost
storage.

Recommendation:
'versioning.enabled' should be true

Details:
AWS Key Management Service (KMS) allows customers to rotate the backing key which
is key material stored within the KMS which is tied to the key ID of the Customer
Created customer master key (CMK). It is the backing key that is used to perform
cryptographic operations such as encryption and decryption. Automated key
rotation currently retains all prior backing keys so that decryption of encrypted
data can take place transparently.

Recommendation:
aws_kms_key[testkey].enable_key_rotation should be set to true

Details:
Enable IAM Access analyzer for IAM policies about all resources. IAM Access
Analyzer is a technology introduced at AWS reinvent 2019. After the Analyzer is
enabled in IAM, scan results are displayed on the console showing the accessible
resources. Scans show resources that other accounts and federated users can
access, such as KMS keys and IAM roles. So the results allow you to determine if
an unintended user is allowed, making it easier for administrators to monitor
least privileges access.

Recommendation:
'aws_accessanalyzer_analyzer' should be set

Details:
Ensure that AWS S3 Server Access Logging feature is enabled in order to record
access requests useful for security audits. By default, server access logging is
not enabled for S3 buckets.

Recommendation:
'logging' should be defined and not null