Amazon Simple Storage Service
Developer Guide (API Version 2006-03-01)

Using MFA Delete

If a bucket's versioning configuration is MFA Delete–enabled, the bucket owner must include the x-amz-mfa request header in requests to permanently delete an object version or change the versioning state of the bucket. Requests that include x-amz-mfa must use HTTPS. The header's value is the concatenation of your authentication device's serial number, a space, and the authentication code displayed on it. If you do not include this request header, the request fails.

For more information about authentication devices, see

Example Deleting an Object from an MFA Delete Enabled Bucket

The following example shows how to delete my-image.jpg (with the specified version), which is in a bucket configured with MFA Delete enabled. Note the space between [SerialNumber] and [AuthenticationCode]. For more information, see DELETE Object.

DELETE /my-image.jpg?versionId=3HL4kqCxf3vjVBH40Nrjfkd HTTPS/1.1
x-amz-mfa: 20899872 301749
Date: Wed, 28 Oct 2009 22:32:00 GMT
Authorization: AWS AKIAIOSFODNN7EXAMPLE:0RQf4/cRonhpaBX5sCYVf1bNRuU=

For more information about enabling MFA delete, see MFA Delete.