Skip to main content


Ensure the S3 bucket requires Multi-Factor Authentication (MFA) to delete objects


The bucket Access Control List (ACL) or policy controls the ability to delete objects in the bucket. If objects in the bucket are permanent, MFA delete can help prevent accidental deletion by requiring a second factor.


Enable MFA delete through the AWS CLI. Please see AWS documentation for a complete understanding:

<VersioningConfiguration xmlns="">