stackoom
  简体   繁体   中英

How to disable MFA delete on your S3 bucket through AWS CLI?

 原文  2019-10-01 14:09:03       amazon-web-services/ amazon-s3

Question

I understand how to enable MFA delete, however, I was wondering if you can disable it after you've enabled it? This is what I did to enable:

aws s3api put-bucket-versioning --bucket bucket-name --versioning-configuration Status=Enabled,MFADelete=Enabled --mfa "arn:aws:iam::xxxxxxxxxx:mfa/root-account-mfa-device xxxxx"

I tried this to disable:

aws s3api put-bucket-versioning --bucket bucket-name --versioning-configuration Status=Disabled,MFADelete=Disabled --mfa "arn:aws:iam::xxxxxxxx:mfa/root-account-mfa-device xxxx"

But I got the following error:

An error occurred (MalformedXML) when calling the PutBucketVersioning operation: The XML you provided was not well-formed or did not validate against our published schema

3 answers

solution1
 1  2020-02-05 05:37:50

Based on what I have learned so far, the only way to disable 'MFA Delete' is by running the following on the AWS CLI:

aws s3api put-bucket-versioning --bucket {bucketname} --versioning-configuration "MFADelete=Disabled,Status=Suspended" --mfa " {arn of mfa-device} {current 6 digit code from MFA device} "

Also, user must own the MFA device represented by the {arn of mfa-device} .

solution2
 0  2019-10-01 14:15:07

You can try to disable MFA using admin console.

  1. Go to your AWS Account name & Click on the drop down menu & Select My Security Credentials.
  2. Under Multi Factor authentication (MFA), You can View details like Device Type, Serial Number & Actions. Within Actions column, select Deactivate Link.
  3. A Pop is displayed Showing “Are you sure you want to deactivate the device: Serial Number ”. Then Click on Deactivate to Successfully Disable the MFA

More details.

solution3
 0  2021-05-29 23:56:47

Frankly I've been stuck with the same issue, but when I gave precedence to {MFADelete} over versioning status it eventually worked fine.

aws s3api put-bucket-versioning --bucket bucket_name --versioning-configuration MFADelete=Disabled,Status=Enabled --mfa "{arn of root-mfa-device} {current 6 digit code from MFA device}" --profile profile_name

PS: I've looked up some posts and found that schema could change based on the call/action.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to delete aws s3 bucket in aws cli How to delete multiple images at once in S3 bucket with AWS CLI How to delete multiple files in S3 bucket with AWS CLI AWS S3 bucket MFA enable Delete Multiple Subfolders in S3 Bucket using AWS CLI s3 aws rm CLI recursive, rm delete bucket Enable AWS S3 MFA delete with the console AWS - S3 - Create bucket which is already existing - through CLI AWS CLI S3 Bucket to Bucket copying? How do I delete a versioned bucket in AWS S3 using the CLI?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM