Ensure S3 bucket should have versioning MFA delete enabled


Using MFA-protected S3 buckets will enable an extra layer of protection to ensure that the S3 objects (files) cannot be accidentally or intentionally deleted by the AWS users that have access to the buckets. Note: Only the bucket owner that is logged in as AWS root account can enable MFA Delete feature and perform DELETE actions on S3 buckets.


Perform the following to enable versioning MFA delete for all s3 buckets:

  1. Run list-buckets command (OSX/Linux/UNIX) to list all S3 buckets available in your AWS account:
    aws s3api list-buckets –query ‘Buckets[*].Name’
  2. The command output should return the name of each S3 bucket available in your AWS account :
  3. Since MFA Delete requires the object versioning as dependency, the best practice is to enable these two S3 features at the same time. Run put-bucket-versioning command (OSX/Linux/UNIX) to enable versioning and MFA delete for the selected bucket (use the MFA device activated for your AWS root account and replace the highlighted details with your own access details):

    aws s3api put-bucket-versioning







We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!