Powerpipe Detection Mods →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-aws-top-10
Overview
1Dashboards
62Benchmarks
5Queries
11Variables
GitHub

Control: IAM root user virtual MFA should be enabled

Description

Enable this rule to restrict access to resources in the AWS Cloud.

Usage

Run the control in your terminal:

powerpipe control run aws_top_10.control.iam_root_user_virtual_mfa

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_top_10.control.iam_root_user_virtual_mfa --share

SQL

This control uses a named query:

select
  'arn:' || s.partition || ':::' || s.account_id as resource,
  case
    when account_mfa_enabled and serial_number is not null then 'ok'
    else 'alarm'
  end status,
  case
    when account_mfa_enabled = false then 'MFA is not enabled for the root user.'
    when serial_number is null then 'MFA is enabled for the root user, but the MFA associated with the root user is a hardware device.'
    else 'Virtual MFA enabled for the root user.'
  end reason
  , s.account_id
from
  aws_iam_account_summary as s
  left join aws_iam_virtual_mfa_device on serial_number = 'arn:' || s.partition || ':iam::' || s.account_id || ':mfa/root-account-mfa-device';

Tags

plugin = aws
service = AWS/IAM