turbot/steampipe-mod-aws-compliance

Query: iam_root_user_account_console_access_mfa_enabled

Usage

powerpipe query aws_compliance.query.iam_root_user_account_console_access_mfa_enabled

Steampipe Tables

SQL

select
'arn:' || partition || ':::' || account_id as resource,
case
when account_password_present and not account_mfa_enabled then 'alarm'
else 'ok'
end as status,
case
when not account_password_present then 'Console sign-in disabled for root account.'
when account_password_present and not account_mfa_enabled then 'Console sign-in enabled for root account but no MFA device configured.'
else 'Console sign-in enabled for root account and MFA device configured.'
end as reason
, account_id
from
aws_iam_account_summary;

Controls

The query is being used by the following controls: