turbot/alicloud_compliance

Control: 1.3 Ensure MFA is enabled for the 'root' account

Description

With MFA enabled, anytime the “root” account logs on to Alibaba Cloud, it will be prompted for username and password followed by an authentication code from the virtual MFA device. It is recommended that MFA be enabled for the “root” user.

Remediation

From Console

Perform the following to enable MFA for “root” account

  1. Logon to RAM console by using your Alibaba Cloud account (root account).
  2. Move the pointer over the account icon in the upper-right corner and click Security Settings.
  3. In the Account Protection section, Click Edit.
  4. On the displayed page, select a scenario and select TOTP.
  5. Click Submit.
  6. On the displayed page, click Verify now.
  7. Enter the verification code and click Submit.
  8. Download and install a mobile application that supports TOTP MFA, such as Google Authenticator, on your mobile phone. Note: If you already installed Google Authenticator, click Next.
    • For iOS: Install Google Authenticator from the App Store.
    • For Android: Install Google Authenticator from the Google Play Store.
  • Note: You need to install a QR code scanner from the Google Play Store for Google Authenticator to identify QR codes.
  1. After you install Google Authenticator, go back to the Identity Verification page and click Next.
  2. Open Google Authenticator and tap BEGIN SETUP.
    • Tap Scan barcode and scan the QR code on the Identity Verification page.
    • Tap Manual entry, enter the username and key, and then tap the check mark (√) icon.
  • Note: You can obtain the username and key by moving the pointer over Scan failed on the Identity Verification page.
  1. On the Identity Verification page, enter the 6-digit verification code obtained from Google Authenticator and click Next.
  • Note: The verification code is refreshed at an interval of 30 seconds.

Usage

Run the control in your terminal:

powerpipe control run alicloud_compliance.control.cis_v100_1_3

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run alicloud_compliance.control.cis_v100_1_3 --share

SQL

This control uses a named query:

ram_root_account_mfa_enabled

Tags