v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Steampipe logo 
Hub
Plugins
turbot/aws
Overview
496Tables
Versions
PowerpipeMods
GitHub
steampipe plugin install aws

Table: aws_iam_virtual_mfa_device - Query AWS Identity and Access Management (IAM) Virtual MFA Devices using SQL

An AWS Identity and Access Management (IAM) Virtual Multi-Factor Authentication (MFA) Device is a two-step authentication process that enhances security by requiring users to authenticate using a virtual or hardware device that produces a six-digit numeric code. The virtual MFA device uses a software application that generates one-time passwords (OTP) on a device such as a smartphone. This provides an additional layer of security for AWS service access, making it more difficult for attackers to compromise accounts.

Table Usage Guide

The aws_iam_virtual_mfa_device table in Steampipe provides you with information about Virtual MFA Devices within AWS Identity and Access Management (IAM). This table allows you, as a security administrator or compliance auditor, to query device-specific details, including the device ARN, enablement status, and associated users. You can utilize this table to gather insights on MFA devices, such as which devices are enabled, which users are associated with a particular device, and more. The schema outlines the various attributes of the Virtual MFA Device for you, including the device ARN, enable date, serial number, and associated tags.

Examples

Basic info

Explore which multi-factor authentication devices are enabled on your AWS account and who they are assigned to. This information can help you manage security settings and ensure that only authorized users have access.

select
  serial_number,
  enable_date,
  user_name
from
  aws_iam_virtual_mfa_device;
select
  serial_number,
  enable_date,
  user_name
from
  aws_iam_virtual_mfa_device;

User details for users with a virtual MFA device assigned

Explore which users have a virtual Multi-Factor Authentication (MFA) device assigned. This is useful to ensure all users are following security best practices and have an additional layer of security enabled.

select
  name,
  u.user_id,
  mfa.serial_number,
  path,
  create_date,
  password_last_used
from
  aws_iam_user u
  inner join aws_iam_virtual_mfa_device mfa on u.name = mfa.user_name;
select
  name,
  u.user_id,
  mfa.serial_number,
  path,
  create_date,
  password_last_used
from
  aws_iam_user u
  join aws_iam_virtual_mfa_device mfa on u.name = mfa.user_name;

Control examples

Schema for aws_iam_virtual_mfa_device

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The AWS Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
assignment_statustext=The status (Unassigned or Assigned) of the device.
enable_datetimestamp with time zoneThe date and time on which the virtual MFA device was enabled.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
regiontextThe AWS Region in which the resource is located.
serial_numbertextThe serial number associated with VirtualMFADevice.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
tagsjsonbA map of tags for the resource.
tags_srcjsonbA list of tags attached with the MFA device.
titletextTitle of the resource.
userjsonbDetails of the IAM user associated with this virtual MFA device.
user_idtextThe user id of the user associated with this virtual MFA device.
user_nametextThe friendly name of the user associated with this virtual MFA device.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_iam_virtual_mfa_device