Skip to content

S3 MFA Delete Hands OnΒΆ

We can create a new S3 bucket, make sure it's versioning is turned on.

Then we'll see that under the Versioning there is an option for multi-factor authentication delete, but we cannot activate it through the console.

We can go into our root user, make sure that MFA is enabled for it. Make a access key for the root user.

We can then enable the MFA delete:

$ aws s3api put-bucket-versioning --bucket BUCKETNAME --versioning-configuration Status=Enabled,MFADelete=Enabled --mfa "MFA:ARN CODE" --profile root-profile

Disabling MFA delete:

$ aws s3api put-bucket-versioning --bucket BUCKETNAME --versioning-configuration Status=Enabled,MFADelete=Disabled --mfa "MFA:ARN CODE" --profile root-profile