Fernando Honig

Last Update há um ano

Description: Checks whether AWS Multi-Factor Authentication (MFA) is enabled for all AWS Identity and Access Management (IAM) users that use a console password. The rule is compliant if MFA is enabled. 

Trigger type: Periodic

AWS Region: All supported AWS regions

How to Resolve Manually

To resolve this manually, sign in to the AWS Management Console. Navigate to IAM. In the left menu, select Users.

Click on the IAM User that this rule is marking as NON_COMPLIANT and go to the Security Credentials tab.

In the Sign-In Credentials section, check the Assigned MFA device. Click on Manage and select the MFA device you want to assign to this user.

For more information about MFA Supported devices click here

How to Resolve with StackZone

This remediation can be enabled through the StackZone Config Rule UI

Go to Baseline Services -> Config Rules Global -> IAM -> Remediation and enable IAM User Console Deactivate Remediation

This remediation will remove Console Access for any users which do not have MFA enabled

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here

Was this article helpful?

1 out of 1 liked this article

Still need help? Message Us