turbot/aws_compliance

Query: iam_user_console_access_mfa_enabled

Usage

powerpipe query aws_compliance.query.iam_user_console_access_mfa_enabled

SQL

select
user_arn as resource,
case
when password_enabled
and not mfa_active then 'alarm'
else 'ok'
end as status,
case
when not password_enabled then user_name || ' password login disabled.'
when password_enabled
and not mfa_active then user_name || ' password login enabled but no MFA device configured.'
else user_name || ' password login enabled and MFA device configured.'
end as reason,
account_id
from
aws_iam_credential_report;

Controls

The query is being used by the following controls: