The Root User Has MFA Enabled
Rule Details
|
Parameter |
Description |
|---|---|
|
Rule Name |
root-account-mfa-enabled |
|
Identifier |
root-account-mfa-enabled |
|
Description |
If the root user does not have MFA enabled, this root user is noncompliant. |
|
Tag |
iam |
|
Trigger Type |
Periodic |
|
Filter Type |
Account |
|
Configure Rule Parameters |
None |
Applicable Scenario
Multi-factor authentication (MFA) adds an additional layer of security protection on top of the identity credentials for an account. It is recommended that you enable MFA authentication for your account and privileged users created using your account. After MFA authentication is enabled, you need to enter verification codes after your username and password are authenticated. MFA devices, together with your username and password, ensure the security of your account and resources.
Solution
Before binding a virtual MFA device, ensure that you have installed an MFA application (such as Google Authenticator or Microsoft Authenticator) on your mobile device. For details, see Binding a Virtual MFA Device.
Rule Logic
- If the root user already has MFA enabled, this root user is compliant.
- If the root user does not have MFA enabled, this root user is noncompliant.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
