We've recently noticed that the AWS Control Tower control: "Detect whether MFA is enabled for AWS IAM users of the AWS Console" is reporting a false positive result (NON_COMPLIANT) for a user that was deleted over a week ago.
One thing we have noticed is that the false positive result is being picked up in us-east-2 when normally IAM non-compliant is picked up in us-east-1 so I don't know whether this may be related to the incorrect results being displayed.
Has anyone experienced this issue before? How do we get it resolved as the results are misleading to user?
Note: We have tried re-evaluating the AWS Config for the control and redeploying the Controls and Landing Zone in case it was a configuration issue but it seems more related to a data issue being report from IAM.
