DEV Community

Cover image for Secure the S3 Bucket with MFA
waqas_ahmed01 for AWS Community Builders

Posted on • Edited on

Secure the S3 Bucket with MFA

Do you know that you can secure your S3 Bucket by integrating the MFA to avoid any object deletion accidently?

The answer is Yes...!!
You can enable the MFA on S3 bucket but first you will need to enable the versioning on the bucket. Also the MFA can't be enable via AWS Management Console so either use AWS CLI or AWS SDK to enable MFA. In this article, I will walk you though the step by step instruction to enable MFA.

Step - 1: Configure MFA Device

AWS Support multiple types of MFA device both physical hardware on virtual. In this blog, we will configure virtual MFA

Login in your AWS Account, on right top click on Avatar and select Security Credentials , select the first option Authentication App

AWS Supported MFA Devices

I will be using Twillo Authy app for authentication. Generate the secret key and enter into Authy app to configure new account, as shown in figure below

Twillo Authy App

Image description

Once configure it'll show virtual device under the MFA on AWS Console

Virtual Device Type AWS Console

Step - 2: Enable the Versioning on S3 Bucket

If versioning is not enable on S3 bucket make sure to enable that before enabling the MFA. We will use AWS CLI to configure the Versioning.

aws s3api put-bucket-versioning --bucket <bucket_name> --versioning-configuration Status=Enabled
Enter fullscreen mode Exit fullscreen mode

Enable Versioning for S3 Bucket

Step - 3: Enable the MFA

We will be using following AWS CLI command to enable versioning.

aws s3api put-bucket-versioning --bucket <bucket_name>--versioning-configuration Status=Enabled,MFADelete=Enabled --mfa "arn:aws:iam::<>:mfa/root-account-mfa-device Passcode"
Enter fullscreen mode Exit fullscreen mode

MFA Serial can be found into AWS Console

Virtual MFA Device Serial No:

Image description

tarrahhhh! Congratulation, you have configured the MFA for S3 Bucket.

If you like this article than don't forget to share it with others ;)

Top comments (0)