By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Need help disabling MFA Delete on S3 bucket: How can I resolve this issue?

0

I'm encountering difficulties while trying to disable MFA Delete on my S3 bucket in AWS . Despite following various guides and attempting different CLI commands, I keep encountering errors that prevent me from completing the task successfully so I can empty and delete my bucket definitely.

Main Issue: The primary issue appears to be the unexpected error message indicating that "DevPay and Mfa are mutually exclusive authorization methods," even though I haven't activated DevPay and don't know how to get rid of that.

Steps Taken: I've tried adjusting IAM (Identity and Access Management) policies and roles, including removing MFA requirements. I've attempted different CLI commands, including those provided in AWS documentation and community forums. I've ensured that my IAM user has appropriate permissions to modify S3 bucket settings.

Additional Notes: The bucket has Object Lock enabled, which might affect certain operations. Is there a way to suspend Object Lock temporarily to resolve this issue? I'm seeking assistance in resolving this issue and would appreciate any insights or suggestions from the community.

Topics
StorageSecurity, Identity, & ComplianceManagement & Governance
Tags
Amazon Simple Storage ServiceAWS Identity and Access ManagementAWS Management ConsoleAWS Command Line InterfaceAWS Account Management
Language
English
Naty
asked 14 days ago783 views
2 Answers
0
Accepted Answer

Hello.

I think you need to be the root user of the AWS account to perform operations such as MFA deletion of the S3 bucket.
Therefore, please sign in to your AWS account as the root user by following the steps in the document below.
https://docs.aws.amazon.com/signin/latest/userguide/introduction-to-root-user-sign-in-tutorial.html

After signing in as a root user, try running the following AWS CLI command.
I think you can disable it by specifying "MFADelete=Disabled" as a command option.
https://awscli.amazonaws.com/v2/documentation/api/latest/reference/s3api/put-bucket-versioning.html

aws s3api put-bucket-versioning --bucket DOC-EXAMPLE-BUCKET1 --versioning-configuration Status=Enabled,MFADelete=Disabled --mfa "SERIAL 123456"
profile picture
EXPERT
Riku_Kobayashi
answered 14 days ago
profile pictureAWS
EXPERT
Didier_Durand
reviewed 13 days ago
  • Naty
    13 days ago

    The weird thing is that I did all that from my root account. I tried again a few minutes ago following your steps and got the same from CLI "An error occurred (InvalidRequest) when calling the PutBucketVersioning operation: DevPay and Mfa are mutually exclusive authorization methods."

  • Riku_Kobayashi EXPERT
    12 days ago

    I think it's probably not running as the root user. Please try disabling MFA deletion after configuring the AWS CLI by issuing an access key for the root user as shown in the stackoverflow answer below. Be sure to delete the root user's access key when the operation is complete. https://stackoverflow.com/questions/45602558/devpay-and-mfa-are-mutually-exclusive-authorization-methods

  • Naty
    10 days ago

    I did that and it worked! Thank you!

0

Have you tried disabling MFA Delete using the root account? I think that's required.

profile pictureAWS
EXPERT
AWS-User-alantam
answered 14 days ago
  • Naty
    13 days ago

    That's the weird thing, I was doing all that from my root account and still can't disable the MFA Delete option. I even tried logging out and logging in multiple times to my root account.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content