Red Hat Ceph Storage release notes state the following:
Support for S3 MFA-Delete
With this release, the Ceph Object Gateway supports S3 MFA-Delete using Time-Based One-Time Password (TOTP) one-time passwords as an authentication factor. This feature adds security against inappropriate data removal. You can configure buckets to require a TOTP one-time token in addition to standard S3 authentication to delete data.
The related RH BZ is: https://bugzilla.redhat.com/show_bug.cgi?id=1397212
I have not read anything about support for this in the v10 draft doc's for S3.
Will it be supported in V10 ?
Amazon ref's:
https://docs.aws.amazon.com/AmazonS3/la ... elete.html
https://aws.amazon.com/iam/features/mfa/?audit=2019q1
-
- Enthusiast
- Posts: 43
- Liked: 8 times
- Joined: Aug 24, 2012 11:59 am
- Contact:
-
- Chief Product Officer
- Posts: 31773
- Liked: 7274 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: V10: Feature question - S3 MFA-Delete
No, it's not supported - nor it can be supported, because we do need the ability to delete objects in a fully automated fashion (without TOTP) for the backup retention policy to work. In other words, we need to be able to delete older backups outside of your retention policy automatically. Thanks!
Who is online
Users browsing this forum: No registered users and 20 guests