enable MFA delete for s3 buckets

Hi,

please follow this detailled guidance to allow S3 MFA delete for a bucket: https://repost.aws/knowledge-center/s3-bucket-mfa-delete

You have a boto3 example for 1 bucket here: https://gist.github.com/jicowan/29868780e3c78ba7d48e1d501e58ef3f

If you iterate this exemple in a loop on the buckets that you want to enable, you will implement what you need.

Best,

Didier

Yes, it is possible to enable MFA delete for multiple S3 buckets using a Python script with Boto3. Here's a general outline of how you can achieve this :-

The sample of the script you can use

import boto3

# Initialize Boto3 S3 client
s3_client = boto3.client('s3')

# List of S3 bucket names
bucket_names = ['bucket1', 'bucket2', 'bucket3']

# MFA serial number and MFA token
mfa_serial = 'arn:aws:iam::123456789012:mfa/user'
mfa_token = '123456'

# Enable MFA delete for each bucket
for bucket_name in bucket_names:
    # Enable versioning for the bucket
    s3_client.put_bucket_versioning(
        Bucket=bucket_name,
        VersioningConfiguration={
            'Status': 'Enabled'
        }
    )

    # Enable MFA delete for the bucket
    s3_client.put_bucket_mfa(
        Bucket=bucket_name,
        MFA='{} {}'.format(mfa_serial, mfa_token),
        Enabled=True
    )

    print(f'MFA delete enabled for {bucket_name}')

print('All buckets updated successfully')

Replace 'bucket1', 'bucket2', 'bucket3' with the names of your S3 buckets, and 'arn:aws:iam::123456789012:mfa/user' with your MFA serial number and '123456' with your MFA token.

Run the Script: Execute the Python script, and it will enable MFA delete for each specified S3 bucket.

Please ensure that you have the necessary permissions to modify the versioning and MFA delete settings for the S3 buckets. Additionally, use caution when making changes to production resources.