There are three ways for an IAM user to interact with the AWS cloud. AWS CLI, REST API and of course, the web console (dashboard). While the console is the easiest way to accomplish most tasks, there are several tasks that can only be done through the CLI.  Setting up an MFA delete on S3 is one of those tasks.

MFA Delete on S3 buckets (Can only be done via CLI).

To install CLI, you need Python runtime and PIP.
Step 1 – Install Python and PIP
a) https://www.python.org/downloads/release/python-365/
b) https://github.com/BurntSushi/nfldb/wiki/Python-&-pip-Windows-installation

Step 2  – Install the AWS CLI using the following PIP command from a cmd prompt

$ pip install awscli –upgrade –user

Step 3 – Configure AWS CLI – using your Access Key and Secret Key.

$ aws configure
AWS Access Key ID [None]: MYACCESSKEYEXAMPLE
AWS Secret Access Key [None]: afdfrXUtnGSAD/K7MDENG/bPxRfiCYEXAMPLEKEY
Default region name [None]: us-west-2
Default output format [None]: json

Step 4 – Now, here’s the tricky part. There is no separate MFA command on the S3 API.

So, it is part of the versioning set of commands on the bucket.

put-bucket-versioning
--bucket <value>
[--content-md5 <value>]
[--mfa <value>]
--versioning-configuration <value>
[--cli-input-json <value>]
[--generate-cli-skeleton <value>]

aws s3 put-bucket-versioning s3://my-bucket/path –mfadelete = “enabled”

Thats it. Try that out and see if it works. 

 

For cloud migration projects or cloud consulting on AWS, GCP or Azure, contact Cloud Migration Architect

Anuj holds professional certifications in Google Cloud, AWS as well as certifications in Docker and App Performance Tools such as New Relic. He specializes in Cloud Security, Data Encryption and Container Technologies.

Initial Consultation

Anuj Varma – who has written posts on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.