How to enable mfa bucket delete using lambda function and include on terraform


I am using terraform code for doing deployment in aws. My requirement is i have to enable MFA delete on s3 bucket using terraform.

As analyze found no support on cloudformation template. So thought to proceed to use lambda function and include on cloudformation template of s3 bucket

But here noticed the problem, for enabling mfa we must use root account access key and secretkey and also mfa otp. How to achieve in lambda function. Can anybody suggest me.

Or else any best suggestion for my scenario, please let me know

asked a month ago154 views
1 Answer

Hi. Using the root account credentials and MFA in a Lambda function is generally not recommended, as it goes against the principle of least privilege and secure access management practices. Instead, you can achieve the same goal by following the AWS recommended approach, which involves using an AWS Identity and Access Management (IAM) role with the necessary permissions to enable MFA Delete on the S3 bucket.

profile pictureAWS
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions