Allowing multiple MFA devices for S3 MFADelete?

0

In looking here regarding enabling MFA deletion on an S3 bucket, and checking the AWS CLI v2 docs on the subject, it isn't clear to me how to configure a bucket to allow the use of multiple MFA devices for authentication. That is, allow any one of several registered MFA devices to authenticate requests for deletions.

The idea here is to allow a small group of employees, each with their own MFA devices, to have access to programmatically delete objects from an S3 bucket that's configured to require MFA. With only a single device configured per-bucket, we're in a "hit by a bus" situation.

Is there a way to do this? Or are we better off pursuing a shared MFA solution (KeepassXC, Dashlane, etc.). An online password management tool that allows shared (controlled) access to an MFA token would work, but if possible I'd prefer to devise a solution that stays within AWS IAM.

Thanks!

1 Answer
0

Hii ..., S3 MFA delete is huge management overhead for the Cloud Administrator. Its actually not recomended to share the MFA of root user with others or having Multiple MFA devices because its a** security concern.** S3 MFA is enabled for a critical data where a root account holder is only allowed to authorize to delete.

answered 24 days ago
profile picture
EXPERT
reviewed 24 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions