Do you know that you can secure your S3 Bucket by integrating the MFA to avoid any object deletion accidently?
The answer is Yes...!!
You can enable the MFA on S3 bucket but first you will need to enable the versioning on the bucket. Also the MFA can't be enable via AWS Management Console so either use AWS CLI or AWS SDK to enable MFA. In this article, I will walk you though the step by step instruction to enable MFA.
Step - 1: Configure MFA Device
AWS Support multiple types of MFA device both physical hardware on virtual. In this blog, we will configure virtual MFA
Login in your AWS Account, on right top click on Avatar and select Security Credentials , select the first option Authentication App
I will be using Twillo Authy app for authentication. Generate the secret key and enter into Authy app to configure new account, as shown in figure below
Once configure it'll show virtual device under the MFA on AWS Console
Step - 2: Enable the Versioning on S3 Bucket
If versioning is not enable on S3 bucket make sure to enable that before enabling the MFA. We will use AWS CLI to configure the Versioning.
aws s3api put-bucket-versioning --bucket <bucket_name> --versioning-configuration Status=Enabled
Step - 3: Enable the MFA
We will be using following AWS CLI command to enable versioning.
aws s3api put-bucket-versioning --bucket <bucket_name>--versioning-configuration Status=Enabled,MFADelete=Enabled --mfa "arn:aws:iam::<>:mfa/root-account-mfa-device Passcode"
MFA Serial can be found into AWS Console
tarrahhhh! Congratulation, you have configured the MFA for S3 Bucket.
If you like this article than don't forget to share it with others ;)
Top comments (0)