turbot/alicloud_compliance

Query: ram_user_console_access_mfa_enabled

Usage

powerpipe query alicloud_compliance.query.ram_user_console_access_mfa_enabled

SQL

select
'acs:ram::' || account_id || ':user/' || user_name as resource,
case
when password_exist and not mfa_active then 'alarm'
else 'ok'
end as status,
case
when not password_exist then user_name || ' password login disabled.'
when password_exist and not mfa_active then user_name || ' password login enabled but no MFA device configured.'
else user_name || ' password login enabled and MFA device configured.'
end as reason
, account_id as account_id
from
alicloud_ram_credential_report;

Controls

The query is being used by the following controls: