Enable MFADelete on S3 with Life Cycle Configuration

It is not possible to have both MFADelete and life cycle configuration enabled on an S3 bucket at the same time because they serve different purposes and are mutually exclusive. MFADelete is a bucket-level setting that enables you to require that all users who want to delete objects in an S3 bucket be authenticated using an AWS multi-factor authentication (MFA) device. This provides an extra layer of security for the bucket by preventing unauthorized deletion of objects.

On the other hand, a life cycle configuration is a set of rules that define actions that Amazon S3 applies to a group of objects. These actions can include transitioning objects to different storage classes, archiving objects to the Amazon S3 Glacier storage class, or permanently deleting objects. Life cycle configurations allow you to manage the storage and expiration of objects in an S3 bucket, but they do not provide any additional security for those objects.

Because MFADelete and life cycle configuration serve different purposes, it is not possible to have both enabled on the same S3 bucket. However, you can use other security measures, such as bucket policies and IAM policies, to control access to and prevent unauthorized deletion of objects in your S3 bucket.

I wish it was possible.