AWS

IllegalVersioningConfigurationException - Illegal Versioning Configuration

Hitting an **IllegalVersioningConfigurationException** means your S3 bucket versioning configuration is invalid—the versioning settings might conflict, MFA delete configuration is incorrect, or versioning state transition is invalid. This client-side error (4xx) happens when AWS validates S3 versioning configuration. Most common when MFA delete configuration is incorrect, but also appears when versioning configuration parameters are invalid, conflicting versioning settings exist, versioning state conflicts occur, or invalid versioning transitions are attempted.

#Common Causes

  • Identity: IAM policy allows versioning but configuration invalid. Service Control Policy (SCP) restricts versioning settings.
  • Network: VPC endpoint versioning restrictions. API Gateway versioning configuration limits.
  • Limits: Invalid versioning configuration parameters. Conflicting versioning settings. MFA delete configuration error. Invalid versioning transition.

Solutions

  1. 1Step 1: Diagnose - Check current versioning configuration: aws s3api get-bucket-versioning --bucket BUCKET_NAME. Review versioning status (Enabled/Suspended/None). Check MFA delete status.
  2. 2Step 2: Diagnose - Review versioning configuration parameters: Check if Status is valid (Enabled/Suspended). Verify MFA delete format if enabled. Check for conflicting settings.
  3. 3Step 3: Diagnose - Verify MFA delete configuration: If MFA delete enabled, verify MFA device ARN format: arn:aws:iam::ACCOUNT_ID:mfa/DEVICE_NAME. Check MFA code format.
  4. 4Step 4: Fix - Enable versioning correctly: aws s3api put-bucket-versioning --bucket BUCKET_NAME --versioning-configuration Status=Enabled. Or suspend: Status=Suspended.
  5. 5Step 5: Fix - Configure MFA delete correctly: aws s3api put-bucket-versioning --bucket BUCKET_NAME --versioning-configuration Status=Enabled,MFADelete=Enabled --mfa "arn:aws:iam::ACCOUNT_ID:mfa/DEVICE_NAME CODE". Verify: aws s3api get-bucket-versioning --bucket BUCKET_NAME.

</>Code Examples

Versioning Configuration Management
1# Check current versioning configuration
2aws s3api get-bucket-versioning --bucket my-bucket
3
4# Enable versioning correctly
5aws s3api put-bucket-versioning \
6  --bucket my-bucket \
7  --versioning-configuration Status=Enabled
8
9# Enable versioning with MFA delete (requires MFA)
10aws s3api put-bucket-versioning \
11  --bucket my-bucket \
12  --versioning-configuration Status=Enabled,MFADelete=Enabled \
13  --mfa "arn:aws:iam::123456789012:mfa/root-account-mfa-device 123456"
14
15# Suspend versioning
16aws s3api put-bucket-versioning \
17  --bucket my-bucket \
18  --versioning-configuration Status=Suspended
19
20# Verify configuration
21aws s3api get-bucket-versioning --bucket my-bucket
22
23# Check versioning status
24aws s3api list-object-versions \
25  --bucket my-bucket \
26  --prefix my-prefix/

Related Errors

InvalidArgumentBucketVersioningNotSupported

Provider Information

This error code is specific to AWS services. For more information, refer to the official AWS documentation.

IllegalVersioningConfigurationException - Illegal Versioning Configuration | AWS Error Reference | Error Code Reference