Setup MFA Delete in S3 bucket

Setup MFA Delete in S3 bucket

Enabling MFA (Multi-Factor Authentication) delete functionality on an S3 bucket helps prevent accidental deletion of files.

Step to enable MFA delete on S3 bucket.

1. Make sure S3 bucket version is enabled.

1. Below CLI command to enable MFA delete

aws s3api put-bucket-versioning — bucket s3 bucket name — versioning-configuration Status=Enabled,MFADelete=Enabled — mfa “:aws:iam::(accountnumber):mfa/root-account-mfa-device (pass)”

(pass) -> This is six digit passcode from your MFA device configured.

Once MFA delete is enabled verify the settings inside S3 Bucket -> Properties -> Bucket Versioning.

1. Test to delete version of an object and you will receive below error.