Amazon S3 supports creating objects as well as deleting objects. When you do not want to keep an
Amazon S3 Object
in S3 Bucket and want to reduce your monthly bill, then you can delete the object usind DELETE Object Rest API. Once it gets deleted from Amazon S3, you cann't retrieve it back. To protect your data from unwanted delete or accidentally delete, we recommend you to enable MFA Delete on your S3 Bucket.
MFA (Multi-Factor Authentication) Delete
is used to enforce second authentication with MFA Code, when accessing sensitive Amazon S3 resources.
You have the option of enabling MFA Delete at the same time when you specify the versioning state of the bucket. Once you enabled MFA delete, all future requests to change the versioning state or delete a version will require the request header
. When MFA Delete option enabled on S3 Bucket on every Delete Object Rest API request you must send registered MFA Device's Serial Number and its AuthenticationCode. After successfully authentication, S3 Object get deleted from Amazon S3.
Enable MFA Delete on the S3 Bucket in one of the two ways:
Enable MFA DELETE Option on Bucket using Amazon S3 REST API
- Write your own software code to enable MFA Delete use PUT Versioning Rest API in your code with VersioningConfiguration xml which contains MFA Delete and Versioning Status.
Enable MFA DELETE Option on Bucket using Bucket Explorer
- You can enable MFA Delete and S3 Versioning on S3 Bucket using Bucket Explorer User Interface if you do not want to write software code.
Enable MFA Delete using Amazon REST S3 API:
To enable MFA Delete using Amazon S3 API, you can send a PUT request which includes "x-amz-mfa" request header. The Requests that include
must use HTTPS.
The following request enables versioning and MFA Delete on bucket.
PUT /?versioning HTTPS/1.1
MFA Delete using Bucket Explorer:
Bucket Explorer provides you with
Set Versioning with MFA Delete
option to prevent malicious access. While the "PUT Versioning" API allows you to set versioning on the bucket by using codes, Bucket Explorer lets you do that easily and not need to write any codes at all.
Follow the steps below to set MFA delete on bucket using Bucket Explorer:
Run Bucket Explorer.
Connect to your AWS S3 Account using Bucket Explorer.
Select the desired S3 Bucket from bucket table, on which you want to set versioning with MFA Delete.
Right click on that bucket and choose "
" option or click on "
" button on bucket toolbar. It will show drop down options. Select "
" among them.
Click on "Set" option.
A Set Versioning window will appear with two options to enable "Versioning" and "MFA Delete".
If you have already enabled Versioning then you can choose "MFA Delete" option to delete existing version(s) using MFA or you can choose both options to enable "Versioning" and "MFA Delete".
Then click on Set button.
It will ask for the
and a valid
from authentication device.
Enter these valid values and click on Done.
Versioning with MFA delete will be enabled successfully.