How to Find AWS IAM Users Without MFA Enabled
Multi-factor authentication (MFA) adds an extra layer of protection on top of a username and password.
When MFA is enabled, a user is prompted for an authentication code from their configured MFA device in addition to their username and password.
This security check is part of the CIS Amazon Web Services Benchmarks and is rated severity high.
This guide assumes that you have already installed and configured Resoto to collect your AWS cloud resources.
Execute the following
searchcommand in Resoto Shell or Resoto UI:
> search is(aws_iam_user) and password_enabled==true and mfa_active==false
kind=aws_iam_user, ..., region=resoto-poweruser
kind=aws_iam_user, ..., account=poweruser-team
searchcommand into the
> search is(aws_iam_user) and password_enabled==true and mfa_active==false | dump
The command output will list the details of all non-compliant
- Enable MFA for users account.
- MFA is a simple best practice that adds an extra layer of protection on top of your user name and password.
- Recommended to use hardware keys over virtual MFA.
Please refer to the AWS IAM documentation for details.