Do you know that you can secure your S3 Bucket by integrating the MFA to avoid any object deletion accidentally?
The answer is Yes…!!
You can enable the MFA on S3 bucket but first, you will need to enable the versioning on the bucket. Also, the MFA can’t be enabled via AWS Management Console so either use AWS CLI or AWS SDK to enable MFA. In this article, I will walk you through the step-by-step instructions to enable MFA.
Step — 1: Configure MFA Device
AWS Support multiple types of MFA device both physical hardware on virtual. In this blog, we will configure virtual MFA
Login to your AWS Account, on the right top, click on Avatar and select Security Credentials, select the first option Authentication App
I will be using Twillo Authy app for authentication. Generate the secret key and enter it into the Authy app to configure a new account, as shown in the figure below
Once configure it’ll show the virtual device under the MFA on AWS Console
Step — 2: Enable the Versioning on S3 Bucket
If versioning is not enabled on the S3 bucket make sure to enable that before enabling the MFA. We will use AWS CLI to configure the Versioning.
```
aws s3api put-bucket-versioning — bucket <bucket_name> — versioning-configuration Status=Enabled
```
Step — 3: Enable the MFA
We will be using the following AWS CLI command to enable versioning.
```
aws s3api put-bucket-versioning — bucket <bucket_name> — versioning-configuration Status=Enabled,MFADelete=Enabled — mfa “arn:aws:iam::<>:mfa/root-account-mfa-device Passcode”
```
MFA Serial can be found in AWS Console
Tarrah! Congratulation, you have configured the MFA for S3 Bucket. 😄
If you like this article then hit the clap icon 👏 don’t forget to share it with others ;)
