问题
I'm trying to add MFA-deletion to my S3 bucket with the AWS-cli with the following command:
aws s3api put-bucket-versioning --bucket <my-bucket-name> --versioning-configuration '{"MFADelete":"Enabled","Status":"Enabled"}' --mfa 'arn:aws:iam::<code-found-at-iam-page>:mfa/root-account-mfa-device <my-google-authenticator-code>'
but the response I get is this:
An error occurred (InvalidRequest) when calling the PutBucketVersioning operation: DevPay and Mfa are mutually exclusive authorization methods.
which makes no sense as I have never used DevPay. My security group for the instance has S3FullAccess enabled so that shouldn't be a problem either.
Any suggestions on what the problem might be would be appreciated.
回答1:
I submitted a case to AWS and they answer with this:
That error response typically gets returned when the API cannot perform the MFA Delete task due to the request being made with non-root credentials. The only way to turn on MFA Delete is to use the credentials from the root user of the account
Simple solution!
回答2:
To enable/disable MFA delete on s3 bucket you must configure your aws command line with root access key .
Check the Prerequisites part
https://aws.amazon.com/premiumsupport/knowledge-center/s3-undelete-configuration/
来源:https://stackoverflow.com/questions/45602558/devpay-and-mfa-are-mutually-exclusive-authorization-methods