diff --git a/builtin/providers/aws/resource_aws_s3_bucket.go b/builtin/providers/aws/resource_aws_s3_bucket.go
index 214878530b..9eb321bf85 100644
--- a/builtin/providers/aws/resource_aws_s3_bucket.go
+++ b/builtin/providers/aws/resource_aws_s3_bucket.go
@@ -147,8 +147,10 @@ func resourceAwsS3Bucket() *schema.Resource {
 			},
 
 			"versioning": {
-				Type:     schema.TypeSet,
+				Type:     schema.TypeList,
 				Optional: true,
+				Computed: true,
+				MaxItems: 1,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"enabled": {
@@ -156,15 +158,13 @@ func resourceAwsS3Bucket() *schema.Resource {
 							Optional: true,
 							Default:  false,
 						},
+						"mfa_delete": {
+							Type:     schema.TypeBool,
+							Optional: true,
+							Default:  false,
+						},
 					},
 				},
-				Set: func(v interface{}) int {
-					var buf bytes.Buffer
-					m := v.(map[string]interface{})
-					buf.WriteString(fmt.Sprintf("%t-", m["enabled"].(bool)))
-
-					return hashcode.String(buf.String())
-				},
 			},
 
 			"logging": {
@@ -647,14 +647,20 @@ func resourceAwsS3BucketRead(d *schema.ResourceData, meta interface{}) error {
 		return err
 	}
 	log.Printf("[DEBUG] S3 Bucket: %s, versioning: %v", d.Id(), versioning)
-	if versioning.Status != nil && *versioning.Status == s3.BucketVersioningStatusEnabled {
+	if versioning != nil {
 		vcl := make([]map[string]interface{}, 0, 1)
 		vc := make(map[string]interface{})
-		if *versioning.Status == s3.BucketVersioningStatusEnabled {
+		if versioning.Status != nil && *versioning.Status == s3.BucketVersioningStatusEnabled {
 			vc["enabled"] = true
 		} else {
 			vc["enabled"] = false
 		}
+
+		if versioning.MFADelete != nil && *versioning.MFADelete == s3.MFADeleteEnabled {
+			vc["mfa_delete"] = true
+		} else {
+			vc["mfa_delete"] = false
+		}
 		vcl = append(vcl, vc)
 		if err := d.Set("versioning", vcl); err != nil {
 			return err
@@ -1250,7 +1256,7 @@ func resourceAwsS3BucketAclUpdate(s3conn *s3.S3, d *schema.ResourceData) error {
 }
 
 func resourceAwsS3BucketVersioningUpdate(s3conn *s3.S3, d *schema.ResourceData) error {
-	v := d.Get("versioning").(*schema.Set).List()
+	v := d.Get("versioning").([]interface{})
 	bucket := d.Get("bucket").(string)
 	vc := &s3.VersioningConfiguration{}
 
@@ -1262,6 +1268,13 @@ func resourceAwsS3BucketVersioningUpdate(s3conn *s3.S3, d *schema.ResourceData)
 		} else {
 			vc.Status = aws.String(s3.BucketVersioningStatusSuspended)
 		}
+
+		if c["mfa_delete"].(bool) {
+			vc.MFADelete = aws.String(s3.MFADeleteEnabled)
+		} else {
+			vc.MFADelete = aws.String(s3.MFADeleteDisabled)
+		}
+
 	} else {
 		vc.Status = aws.String(s3.BucketVersioningStatusSuspended)
 	}
@@ -1377,7 +1390,7 @@ func resourceAwsS3BucketReplicationConfigurationUpdate(s3conn *s3.S3, d *schema.
 	hasVersioning := false
 	// Validate that bucket versioning is enabled
 	if versioning, ok := d.GetOk("versioning"); ok {
-		v := versioning.(*schema.Set).List()
+		v := versioning.([]interface{})
 
 		if v[0].(map[string]interface{})["enabled"].(bool) {
 			hasVersioning = true
diff --git a/website/source/docs/providers/aws/r/s3_bucket.html.markdown b/website/source/docs/providers/aws/r/s3_bucket.html.markdown
index fce4e282fd..85e97a1246 100644
--- a/website/source/docs/providers/aws/r/s3_bucket.html.markdown
+++ b/website/source/docs/providers/aws/r/s3_bucket.html.markdown
@@ -316,6 +316,7 @@ The `CORS` object supports the following:
 The `versioning` object supports the following:
 
 * `enabled` - (Optional) Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket.
+* `mfa_delete` - (Optional) Enable MFA delete for either `Change the versioning state of your bucket` or `Permanently delete an object version`. Default is `false`.
 
 The `logging` object supports the following: