standard
turbot/aws_compliance

Trigger: Detect & correct IAM root users with MFA disabled

Detect IAM root users with MFA disabled.

Query

select
concat('<root_account>', ' [', account_id, ']') as title,
account_id,
sp_connection_name as conn
from
aws_iam_account_summary
where
account_mfa_enabled = false;

Schedule

15m

Tags

category = Compliance
mod = aws
service = AWS/IAM