Benchmark: 2. Use multi-factor authentication (MFA)
Description
MFA is the best way to protect accounts from inappropriate access. Always set up MFA on your Root user and AWS Identity and Access Management (IAM) users.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-top-10Start the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 2. Use multi-factor authentication (MFA).
Run this benchmark in your terminal:
powerpipe benchmark run aws_top_10.benchmark.account_security_use_mfaSnapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_top_10.benchmark.account_security_use_mfa --shareControls
- IAM root user MFA should be enabled
- IAM users with console access should have MFA enabled
- IAM user MFA should be enabled
- IAM administrator users should have MFA enabled
- IAM root user virtual MFA should be enabled