I understand how to enable MFA delete, however, I was wondering if you can disable it after you've enabled it? This is what I did to enable:
aws s3api put-bucket-versioning --bucket bucket-name --versioning-configuration Status=Enabled,MFADelete=Enabled --mfa "arn:aws:iam::xxxxxxxxxx:mfa/root-account-mfa-device xxxxx"
I tried this to disable:
aws s3api put-bucket-versioning --bucket bucket-name --versioning-configuration Status=Disabled,MFADelete=Disabled --mfa "arn:aws:iam::xxxxxxxx:mfa/root-account-mfa-device xxxx"
But I got the following error:
An error occurred (MalformedXML) when calling the PutBucketVersioning operation: The XML you provided was not well-formed or did not validate against our published schema
Based on what I have learned so far, the only way to disable 'MFA Delete' is by running the following on the AWS CLI:
aws s3api put-bucket-versioning --bucket {bucketname} --versioning-configuration "MFADelete=Disabled,Status=Suspended" --mfa " {arn of mfa-device} {current 6 digit code from MFA device} "
Also, user must own the MFA device represented by the {arn of mfa-device} .
You can try to disable MFA using admin console.
Frankly I've been stuck with the same issue, but when I gave precedence to {MFADelete} over versioning status it eventually worked fine.
aws s3api put-bucket-versioning --bucket bucket_name --versioning-configuration MFADelete=Disabled,Status=Enabled --mfa "{arn of root-mfa-device} {current 6 digit code from MFA device}" --profile profile_name
PS: I've looked up some posts and found that schema could change based on the call/action.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.