In my previous blog , I have explained how you can enable versioning on the S3 buckets and configure cross region replication for the buckets , Check here
In this guide , We are going to use the versioning feature and configure MFA delete on the S3 buckets.
Note:
MFA delete can be only implemented by the root AWS account.
And also It can be enabled and disabled only by the root user.
What is MFA Delete?
Securing objects from accidental deletion is one of the major concern.
To avoid such scenarios , AWS has a feature which we can implement on the S3 buckets by applying MFA.
MFA (multi factor authentication) adds a layer of security for the following reasons.
Change the versioning state of the objects
Permanent delete of the versioned objects
Authentication required for MFA delete
While configuring MFA delete on the buckets , There should be two level of authentication required.
By using security credentials
Six digit code from the approved authentication device such as Google authenticator
Enable MFA on S3 Bucket
You can Create S3 buckets and objects using AWS CLI , Refer here
Once you have the S3 bucket and the versioning enabled on it.Versioning be either enabled using the command line interface or using AWS console.
To enable versioning using AWS console , Open the S3 console , Select the bucket.
Then select Properties
Click versioning and then Enable versioning and Click Save
Enabling versioning on the S3 buckets can be done using IAM users But activating and de-activating MFA delete can only be done using Root account.
Install Google Authenticator
Install Google Authenticator in your mobile and then configure MFA for the Root account , As we are going to use this MFA code to enable and disable MFA delete.
From the screenshot below , You can see it throws an Authentication error.Even It is root user , Without MFA the version of the object cannot be deleted.
Deleting version of File using MFA
Lets try to delete the same version of the file using MFA.