Articles → AWS → Enable MFA For S3 Bucket

Enable MFA For S3 Bucket



  1. Create an S3 bucket
  2. Enable MFA for the account
  3. Enable transfer acceleration on the S3 bucket
  4. Write the command to enable MFA for the S3 bucket
  5. Output

Create An S3 Bucket

Picture showing the S3 bucket created in AWS console
Click to Enlarge

Enable MFA For The Account

Enable Transfer Acceleration On The S3 Bucket

Write Command To Enable MFA For S3 Bucket

aws s3api put-bucket-versioning --profile <Your_Profile> --bucket <Bucket_Name> --versioning-configuration Status=Enabled,MFADelete=Enabled --mfa "<ARN_OF_MFA_DEVICE> <Code>"

  1. Your_Profile → Your profile stored in c:\users\[username]\.aws\config
  2. Picture showing the profile information in config file
    Click to Enlarge

  3. Bucket_Name → The S3 bucket on which MFA will be enabled
  4. ARN_OF_MFA_DEVICE → This is the ARN of your MFA device. You can get this value from the Your Security Credentials section
  5. Picture showing the Your Security Credentials screen for getting the ARN of MFA device
    Click to Enlarge

  6. Code → This is the six-digit code generated in the authenticator

Picture showing the MFA Delete enabled in S3 bucket
Click to Enlarge


Picture showing the error message when user is trying to delete an object from S3 bucket
Click to Enlarge

Disable MFA

  "Bucket": "gyansangrah",
  "VersioningConfiguration": {
    "Status": "Suspended",
    "MFADelete": "Disabled"

aws s3api put-bucket-versioning --bucket <bucket name> --cli-input-json <versioning-config.json file path> --mfa "<ARN_OF_MFA_DEVICE> <Code>"

Posted By  -  Karan Gupta
Posted On  -  Friday, August 5, 2022
Updated On  -  Thursday, August 3, 2023


Your Email Id  
Query/FeedbackCharacters remaining 250