Amazon Web Services Question posted in
The official Amazon Web Services documentation can be found here.

Amazon web services – Getting Access denied error while using aws cli for enabling MFA delete on S3 bucket

  • Created user and that user having administrator permission and as well S3 bucket full access.
  • Created S3 bucket with default setting.
  • Trying to enable MFA delete via AWS CLI:
aws s3api put-bucket-versioning --bucket testing-mfa-delete --versioning-configuration Status=Enabled,MFADelete=Enabled --mfa "arn:aws:iam::123456789012:mfa/Admin_App" --profile deletemfa

but getting access denied error:

An error occurred (AccessDenied) when calling the PutBucketVersioning operation: Access Denied

Tried but getting error analyzed and found root account had must had right to do. Even though I am also administrator for that tenant but unable to do it.

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    Log into the root user. Generate access key, secret key for that user. Try the below command, it will work.

    aws s3api put-bucket-versioning --bucket elbs --versioning-configuration Status=Enabled,MFADelete=Enabled --mfa "arn:aws:iam::user 348987"


  2. 0

    Based on Turn on MFA delete for Amazon S3 bucket | AWS re:Post, it appears that you need to provide the 6-digit number shown on your device or in your app:

    aws s3api put-bucket-versioning –bucket mybucketname –versioning-configuration MFADelete=Enabled,Status=Enabled –mfa "arn:aws:iam::1XXXXXXX6789:mfa/root-account-mfa-device 123789" –profile deletemfa

    Note the inclusion of the example code 123789 from the MFA device.

    The document also says that it needs to be done from the root user of your AWS Account. This login typically requires an email address as a login. This suggests that using an IAM User is not sufficient, even if they have Administrator permissions.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search