Skip to content

Instantly share code, notes, and snippets.

@michalstala

michalstala/enable-mfadelete.md

Last active September 28, 2018 06:28
Show Gist options
  • Save michalstala/17426f4cc02da964c9fd7d76ef7071b9 to your computer and use it in GitHub Desktop.
Save michalstala/17426f4cc02da964c9fd7d76ef7071b9 to your computer and use it in GitHub Desktop.
Download ZIP
Enable MFA Delete for AWS S3 Buckets using AWS CLI
Raw
enable-mfadelete.md

List all existing S3 buckets

Using root access keys run the aws s3api list-buckets command to return list of S3 buckets

Example Output:

{
    "Owner": {
        "DisplayName": "<OwnerName>",
        "ID": "<Id>"
    },
    "Buckets": [
        {
            "CreationDate": "1970-01-01T00:00:000Z",
            "Name": "<BucketName>"
        }
}

List all MFA devices

Run aws iam list-mfa-devices command to get MFA device arn

Example output:

{
    "MFADevices": [
        {
            "UserName": "<Username>",
            "SerialNumber": "arn:aws:iam::<AWSAccountId>:mfa/root-account-mfa-device",
            "EnableDate": "1970-01-01T00:00:00Z"
        }
    ]
}

Enable MFA Delete

Run the below command to enable versioning and MFA delete. Enabling object versioning is required as dependency.

aws s3api put-bucket-versioning --bucket <BucketName> 
                                --versioning-configuration { "MFADelete"="Enabled", "Status"="Enabled" }
                                --mfa 'arn:aws:iam::<AccountId>:mfa/root-account-mfa-device <MfaDevicePassCode>'

Example Output:

{
    "Status": "Enabled",
    "MFADelete": "Enabled"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment