MFA Has Been Enabled for Console Login
Rule Details
Parameter |
Description |
---|---|
Rule Name |
mfa-enabled-for-iam-console-access |
Identifier |
mfa-enabled-for-iam-console-access |
Description |
If MFA is not enabled for an IAM user who has a console password, this IAM user is noncompliant. |
Tag |
iam |
Trigger Type |
Configuration change |
Filter Type |
iam.users |
Configure Rule Parameters |
None |
Applicable Scenario
Multi-factor authentication (MFA) adds an additional layer of security protection on top of the identity credentials for an account. It is recommended that you enable MFA authentication for your account and privileged users created using your account. After MFA authentication is enabled, you need to enter verification codes after your username and password are authenticated. MFA devices, together with your username and password, ensure the security of your account and resources.
Solution
Before binding a virtual MFA device, ensure that you have installed an MFA application (such as Google Authenticator or Microsoft Authenticator) on your mobile device. For details, see Binding a Virtual MFA Device.
Rule Logic
- If an IAM user is in the disabled state, this user is compliant.
- If an IAM user is not allowed to access the management console, this user is compliant.
- If an IAM user that is enabled and is allowed to access the management console has MFA enabled, this user is compliant.
- If an IAM user that is enabled and that is allowed to access the management console has MFA disabled, this user is noncompliant.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot