diff --git a/rules/S6255/terraform/rule.adoc b/rules/S6255/terraform/rule.adoc
index eff754569c..6394abe0ec 100644
--- a/rules/S6255/terraform/rule.adoc
+++ b/rules/S6255/terraform/rule.adoc
@@ -20,7 +20,7 @@ It's recommended to enable S3 MFA delete, note that:
 
 == Sensitive Code Example
 
-A versioned S3 bucket doesn't have MFA delete enabled:
+A versioned S3 bucket does not have MFA delete enabled for AWS provider version 3 or below:
 
 [source,terraform]
 ----
@@ -33,14 +33,29 @@ resource "aws_s3_bucket" "example" { # Sensitive
 }
 ----
 
-
-== Compliant Solution
-
-MFA delete is enabled (https://github.com/hashicorp/terraform-provider-aws/issues/629[it's not possible to set this option] to a new S3 bucket with Terraform but the Terraform template can be updated that way it reflects the state):
+A versioned S3 bucket does not have MFA delete enabled for AWS provider version 4 or above:
 
 [source,terraform]
 ----
-resource "aws_s3_bucket" "example" { # Compliant 
+resource "aws_s3_bucket" "example" {
+  bucket = "example"
+}
+
+resource "aws_s3_bucket_versioning" "example" { # Sensitive
+  bucket = aws_s3_bucket.example.id
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+----
+
+== Compliant Solution
+
+MFA delete is enabled for AWS provider version 3 or below:
+
+[source,terraform]
+----
+resource "aws_s3_bucket" "example" {
   bucket = "example"
 
   versioning {
@@ -50,6 +65,24 @@ resource "aws_s3_bucket" "example" { # Compliant
 }
 ----
 
+MFA delete is enabled for AWS provider version 4 or above:
+
+[source,terraform]
+----
+resource "aws_s3_bucket" "example" {
+  bucket = "example"
+}
+
+resource "aws_s3_bucket_versioning" "example" {
+  bucket = aws_s3_bucket.example.id
+  versioning_configuration {
+    status = "Enabled"
+    mfa_delete = "Enabled"
+  }
+  mfa = "${var.MFA}"
+}
+----
+
 == See
 
 * https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/[OWASP Top 10 2021 Category A7] - Identification and Authentication Failures