• With MFA, when a user signs in to an AWS website, they will be prompted for
    • their user name and password (first factor—what they know)
    • an authentication response from their AWS MFA device (second factor—what they have)
  • Multiple factors provide increased security for AWS account settings and resources.
  • Enable MFA for AWS account and for individual IAM users created under account.
  • MFA can be also be used to control access to AWS service APIs.

MFA delete

  • works on Versioned S3 Buckets
  • protects all revisions (including delete markers) from being deleted
  • with a corresponding special delete command that includes valid MFA token from authorised user.
  • If MFA Delete is enabled, user will be prompted for an authentication code for either
    • Change versioning state of bucket
    • Permanently delete an object version
  • To enable MFA Delete you need to specify MFA serial number.
Menu