- Newest
- Most votes
- Most comments
As far as I know, currently, you cannot pass MFA status from the Identity Center requirement to the 'Permission Set' created in an account from the IAM IC Service. You will need to require MFA on our IAM IC Users and assume that access to the account was provided only because the user could log in and access the account through Identity Center. The users in IC are not users presented to your member account(s). The access is granted through an assumed Role. This is something the SSO/IC team had been working on but I do not think is released yet. Long and short, that Bool Condition will only work on individual IAM users on a per member account basis.
Hi,
By default, all requests are implicitly denied with the exception of the AWS account root user, which has full access.
Can you try to create an Allow policy with aws:MultiFactorAuthPresent: 'true'
Best regards,
Ricardo Makino
Relevant content
- asked 4 months ago
- asked a year ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 2 months ago