---
title: "Lifecycle Workflow and Security Considerations"
slug: "lifecycle-workflow-and-security-considerations"
updated: 2026-01-06T21:44:07Z
published: 2026-01-06T21:44:07Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://docs.wasabi.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Lifecycle Workflow and Security Considerations

## Workflow for Lifecycle Rule Implementation

Lifecycle rules cannot be created or enabled on S3 buckets with activated [MFA-Delete](https://docs.wasabi.com/apidocs/operations-on-buckets#mfa-multifactor-authentication-delete) because these features are mutually exclusive.

1. Disable MFA-Delete using the CLI command:

```plaintext
aws s3api put-bucket-versioning --bucket BUCKETNAME --versioning-configuration MFADelete=Disabled,Status=Enabled --mfa "arn:aws:iam::ACCOUNTID:mfa/root-account-mfa-device MFACODE” --endpoint-url=https://s3.BUCKETREGION.wasabisys.com –profile WASABIPROFILE
```
2. Apply lifecycle configuration. Lifecycle actions can be created or enabled using the Console or the following AWS CLI command:

```plaintext
aws s3api put-bucket-lifecycle-configuration –bucket BUCKETNAME --lifecycle-configuration file://lifecycle.json --endpoint-url=https://s3.BUCKETREGION.wasabisys.com –profile WASABIPROFILE
```

### Security Considerations

When disabling MFA-Delete for lifecycle rules:

- Audit deletion policies carefully.
- Use bucket policies with s3:DeleteObject condition keys.
- If needed, enable [administrative logging](https://docs.wasabi.com/docs/administrative-logging) for deletion events.
- Consider [Object Lock](https://docs.wasabi.com/docs/object-locking-enable) as an alternative data protection.

This constraint exists because automated lifecycle actions bypass MFA authentication requirements, creating potential security policy violations. Administrators must choose between automated lifecycle management and manual deletion controls.