Benchmark: BP01 Use strong sign-in mechanisms
Description
Sign-ins (authentication using sign-in credentials) can present risks when not using mechanisms like multi-factor authentication (MFA), especially in situations where sign-in credentials have been inadvertently disclosed or are easily guessed. Use strong sign-in mechanisms to reduce these risks by requiring MFA and strong password policies.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-well-architectedStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select BP01 Use strong sign-in mechanisms.
Run this benchmark in your terminal:
powerpipe benchmark run aws_well_architected.benchmark.well_architected_framework_sec02_bp01Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_well_architected.benchmark.well_architected_framework_sec02_bp01 --shareControls
- IAM password policies for users should have strong configurations
- IAM users should have hardware MFA enabled
- IAM user MFA should be enabled
- IAM users with console access should have MFA enabled
- IAM root user should not have access keys
- IAM administrator users should have MFA enabled
- SageMaker notebook instances root access should be disabled