Table: aws_iam_virtual_mfa_device - Query AWS Identity and Access Management (IAM) Virtual MFA Devices using SQL
An AWS Identity and Access Management (IAM) Virtual Multi-Factor Authentication (MFA) Device is a two-step authentication process that enhances security by requiring users to authenticate using a virtual or hardware device that produces a six-digit numeric code. The virtual MFA device uses a software application that generates one-time passwords (OTP) on a device such as a smartphone. This provides an additional layer of security for AWS service access, making it more difficult for attackers to compromise accounts.
Table Usage Guide
The aws_iam_virtual_mfa_device
table in Steampipe provides you with information about Virtual MFA Devices within AWS Identity and Access Management (IAM). This table allows you, as a security administrator or compliance auditor, to query device-specific details, including the device ARN, enablement status, and associated users. You can utilize this table to gather insights on MFA devices, such as which devices are enabled, which users are associated with a particular device, and more. The schema outlines the various attributes of the Virtual MFA Device for you, including the device ARN, enable date, serial number, and associated tags.
Examples
Basic info
Explore which multi-factor authentication devices are enabled on your AWS account and who they are assigned to. This information can help you manage security settings and ensure that only authorized users have access.
select serial_number, enable_date, user_namefrom aws_iam_virtual_mfa_device;
select serial_number, enable_date, user_namefrom aws_iam_virtual_mfa_device;
User details for users with a virtual MFA device assigned
Explore which users have a virtual Multi-Factor Authentication (MFA) device assigned. This is useful to ensure all users are following security best practices and have an additional layer of security enabled.
select name, u.user_id, mfa.serial_number, path, create_date, password_last_usedfrom aws_iam_user u inner join aws_iam_virtual_mfa_device mfa on u.name = mfa.user_name;
select name, u.user_id, mfa.serial_number, path, create_date, password_last_usedfrom aws_iam_user u join aws_iam_virtual_mfa_device mfa on u.name = mfa.user_name;
Schema for aws_iam_virtual_mfa_device
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
account_id | text | =, !=, ~~, ~~*, !~~, !~~* | The AWS Account ID in which the resource is located. |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
assignment_status | text | = | The status (Unassigned or Assigned) of the device. |
enable_date | timestamp with time zone | The date and time on which the virtual MFA device was enabled. | |
partition | text | The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov). | |
region | text | The AWS Region in which the resource is located. | |
serial_number | text | The serial number associated with VirtualMFADevice. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
tags | jsonb | A map of tags for the resource. | |
tags_src | jsonb | A list of tags attached with the MFA device. | |
title | text | Title of the resource. | |
user | jsonb | Details of the IAM user associated with this virtual MFA device. | |
user_id | text | The user id of the user associated with this virtual MFA device. | |
user_name | text | The friendly name of the user associated with this virtual MFA device. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws
You can pass the configuration to the command with the --config
argument:
steampipe_export_aws --config '<your_config>' aws_iam_virtual_mfa_device