Using root access keys run the aws s3api list-buckets
command to return list of S3 buckets
Example Output:
{
"Owner": {
"DisplayName": "<OwnerName>",
"ID": "<Id>"
},
"Buckets": [
{
"CreationDate": "1970-01-01T00:00:000Z",
"Name": "<BucketName>"
}
}
Run aws iam list-mfa-devices
command to get MFA device arn
Example output:
{
"MFADevices": [
{
"UserName": "<Username>",
"SerialNumber": "arn:aws:iam::<AWSAccountId>:mfa/root-account-mfa-device",
"EnableDate": "1970-01-01T00:00:00Z"
}
]
}
Run the below command to enable versioning and MFA delete. Enabling object versioning is required as dependency.
aws s3api put-bucket-versioning --bucket <BucketName>
--versioning-configuration { "MFADelete"="Enabled", "Status"="Enabled" }
--mfa 'arn:aws:iam::<AccountId>:mfa/root-account-mfa-device <MfaDevicePassCode>'
Example Output:
{
"Status": "Enabled",
"MFADelete": "Enabled"
}