MFAdelete

MFAdelete, also known as MFA Delete, is a security feature for Amazon S3 buckets that have versioning enabled. When MFA Delete is enabled, certain deletion operations require additional authentication in the form of a valid multi-factor authentication (MFA) token. The intent is to provide an extra safeguard against accidental or malicious data loss by requiring both standard credentials and an MFA code for specific destructive actions.

Enabling and configuring MFA Delete can only be performed by the AWS account root user. The feature

With MFA Delete active, ordinary delete operations that create delete markers still occur, but permanently deleting

Limitations and considerations include operational impact and reliance on the root account for enabling or disabling