AWS Config Rule: MFA ENABLED FOR IAM CONSOLE ACCESS

MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS

Fernando Honig

Last Update há um ano

Description: Checks whether AWS Multi-Factor Authentication (MFA) is enabled for all AWS Identity and Access Management (IAM) users that use a console password. The rule is compliant if MFA is enabled. 


Trigger type: Periodic


AWS Region: All supported AWS regions



How to Resolve Manually

To resolve this manually, sign in to the AWS Management Console. Navigate to IAM. In the left menu, select Users.


Click on the IAM User that this rule is marking as NON_COMPLIANT and go to the Security Credentials tab.


In the Sign-In Credentials section, check the Assigned MFA device. Click on Manage and select the MFA device you want to assign to this user.


For more information about MFA Supported devices click here


How to Resolve with StackZone

This remediation can be enabled through the StackZone Config Rule UI


Go to Baseline Services -> Config Rules Global -> IAM -> Remediation and enable IAM User Console Deactivate Remediation


This remediation will remove Console Access for any users which do not have MFA enabled


Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here

Was this article helpful?

1 out of 1 liked this article

Still need help? Message Us