AWS Config Rule: MFA ENABLED FOR IAM CONSOLE ACCESS
MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS
Fernando Honig
Last Update 2 года назад
Description: Checks whether AWS Multi-Factor Authentication (MFA) is enabled for all AWS Identity and Access Management (IAM) users that use a console password. The rule is compliant if MFA is enabled.
Trigger type: Periodic
AWS Region: All supported AWS regions
How to Resolve Manually
To resolve this manually, sign in to the AWS Management Console. Navigate to IAM. In the left menu, select Users.
Click on the IAM User that this rule is marking as NON_COMPLIANT and go to the Security Credentials tab.
In the Sign-In Credentials section, check the Assigned MFA device. Click on Manage and select the MFA device you want to assign to this user.
For more information about MFA Supported devices click here
How to Resolve with StackZone
This remediation can be enabled through the StackZone Config Rule UI
Go to Baseline Services -> Config Rules Global -> IAM -> Remediation and enable IAM User Console Deactivate Remediation
This remediation will remove Console Access for any users which do not have MFA enabled
Want to know more about StackZone and how to make your cloud management simple and secure?
Check our how it works section with easy to follow videos or just create your own StackZone Account here