Using MFA-protected S3 buckets will enable an extra layer of protection to ensure that the S3 objects (files) cannot be accidentally or intentionally deleted by the AWS users that have access to the buckets. Note: Only the bucket owner that is logged in as AWS root account can enable MFA Delete feature and perform DELETE actions on S3 buckets.
Perform the following to enable versioning MFA delete for all s3 buckets:
Since MFA Delete requires the object versioning as dependency, the best practice is to enable these two S3 features at the same time. Run put-bucket-versioning command (OSX/Linux/UNIX) to enable versioning and MFA delete for the selected bucket (use the MFA device activated for your AWS root account and replace the highlighted details with your own access details):
aws s3api put-bucket-versioning