Reputation: 22914
Does S3 MFA delete prevent the bucket itself from being deleted?
I am working with MFA delete on S3 and it's unclear from the documentation whether enabling MFA delete will prevent the bucket itself from being deleted.
Upvotes: 2
Views: 1098
Answers (2)
Reputation: 178966
You can't delete a bucket as long as the bucket has any objects in it... to delete a bucket requires that all the objects be deleted first... so whether or not you can delete the bucket itself with MFA delete enabled seems somewhat immaterial, though MFA delete doesn't appear to prevent bucket deletion per se.
It is also possible to require an IAM user to authenticate with MFA. If users with permission to delete the bucket all require MFA, then the bucket's existence is protected that way. MFA Delete and IAM with MFA are different features.
Upvotes: 4
Reputation: 36072
I would interpret this line of the MFA delete documentation to mean that NO, you can't delete the bucket itself, only the objects within:
You configure MFA Delete on a bucket to ensure that data in your bucket cannot be accidentally deleted.
The fact that MFA Delete falls under s3 object versioning would add weight to this.
In any case, you should log a documentation bug.
p.s. for some empirical peace of mind, you could also try deleting a bucket via MFA
Upvotes: 1
Related Questions
- How to disable MFA delete on your S3 bucket through AWS CLI?
- AWS S3 MFA delete for non-root users
- AWS S3 MFA delete from web console
- Does s3 lifecycle rules overwrite Deny Delete Bucket or DeleteObject policy is s3 bucket?
- How do one enable MFA delete on S3 bucket for non-root user?
- Why is versioning required to enable MFA delete on S3?
- What is the trick to delete an AWS S3 bucket?
- Enable AWS S3 MFA delete with the console
- Deleting S3 Bucket
- Enable MFA Delete on S3 AWS Bucket