2 Answers
- Newest
- Most votes
- Most comments
1
I think MFA devices aren't included in the data AWS Config captures for AWS::IAM::User
, so there's also no change to the data when an MFA device is attached to or detached from a user. You can confirm that from the raw JSON resource data of a user with an MFA device registered: there's no trace of it in the captured resource data.
1
Hi Bruno, AWS Config provides a managed rule for iam-user-mfa-enabled. Is there a limitation with this managed rule that doesn't meet your use case?
If you need to create your own implementation, generating and parsing the IAM credential report with a AWS Lambda function should be feasible.
answered 2 months ago
Relevant content
- asked 7 months ago
- asked 2 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 years ago