You can optionally add another layer of security by configuring a bucket to enable MFA Delete, which requires additional authentication for either of the following operations:
Change the versioning state of your bucket.
Permanently delete an object version.
β
MFA Delete requires two forms of authentication together:
Your security credentials.
The concatenation of a valid serial number, a space, and the six-digit code displayed on an approved authentication device.
β
MFA Delete thus provides added security in the event, for example, your security credentials are compromised.
β
Only the bucket owner can enable and disable MFA Delete.