[ S3 MFA-DELETE ]
bucket 파일 삭제를 보호하기 위한 MFA (QR 코드 인증 등 2차 인증) 사용
MFA delete 는 CLI 에서만 설정이 가능
MFA delete 설정시 파일 영구 삭제 MFA 인증이 있어야 가능
일반적인 삭제는 가능하나 삭제된 이력을 삭제(영구삭제)할 수 없음
- MFA (multi factor authentication) forces user to generate a code on a device (usually a mobile phone or hardware) before doing important operations on S3
- To use MFA-Delete, enable versioning on the S3 bucket
- You will need MFA to permanently delete an object version, suspend versioning on the bucket
- You won't need MFA for enabling versioning listing deleted versions
- Only the bucket owner (root account) can enable/disable MFA-DELETE
- MFA-Delete currently can only be enabled using the CLI
반응형
'infra & cloud > AWS' 카테고리의 다른 글
| [AWS] 9-3. Storage Classes + Glacier (0) | 2021.04.06 |
|---|---|
| [AWS] 9-2. S3 Access Logs, S3 Replication (0) | 2021.04.04 |
| [AWS] 8. AWS CLI : configuration (0) | 2021.04.01 |
| [AWS] 7-3. S3 Websites : CORS, Eventual Consistency, Strong Consistency (0) | 2021.04.01 |
| [AWS] 7-2. S3 Security (0) | 2021.03.29 |