|« PreviousNext »|
|Did this page help you? Yes | No | Tell us about it...|
You can add another layer of security by configuring a bucket to enable MFA (Multi-Factor Authentication) Delete. By enabling MFA Delete on your Amazon S3 bucket, you can only change the versioning state of your bucket or permanently delete an object version when you provide two forms of authentication together:
Your AWS account credentials
The concatenation of a valid serial number, a space, and the six-digit code displayed on an approved authentication device
To use MFA Delete, you can use either a hardware or virtual MFA device to generate an authentication code. The following example shows a generated authentication code displayed on a hardware device.
MFA Delete and MFA-protected API access are features intended to provide protection for different scenarios. You configure MFA Delete on a bucket to ensure that data in your bucket cannot be accidentally deleted. MFA-protected API access is used to enforce another authentication factor (MFA code) when accessing sensitive Amazon S3 resources. You can require any operations against these Amazon S3 resources be done with temporary credentials created using MFA. For an example, see Adding Bucket Policy to Require MFA Authentication.
For more information on how to purchase and activate an authentication device, go to http://aws.amazon.com/mfa/.
For more information about configuring a bucket to enable MFA delete, see Configuring a Bucket with MFA Delete.