standard
turbot/aws_compliance

Trigger: Detect & correct IAM users with console access MFA disabled

Detect IAM users with console access MFA disabled.

Query

select
concat(user_name, ' [', account_id, ']') as title,
user_name,
account_id,
sp_connection_name as conn
from
aws_iam_credential_report
where
password_enabled
and not mfa_active;

Schedule

15m

Tags

category = Compliance
mod = aws
service = AWS/IAM