View Code? Open in Web Editor
NEW
Serverless function to automate enforcement of Multi-Factor Authentication (MFA) to all AWS IAM users with access to AWS Management Console.
License: MIT License
aws-mfa-enforce's Introduction
- ๐ Hi, Iโm Chandrapal Badshah
- ๐ Iโm interested in Cloud (mostly AWS) and Cloud Native Security
- ๐๏ธ I'm the maintainer of Hack-with-GitHub and Burp Suite Guide
- ๐ซ If you want to learn more about my work, head over to badshah.io
aws-mfa-enforce's People
Contributors
aws-mfa-enforce's Issues
Currently the implementation is : https://github.com/Chan9390/aws-mfa-enforce/blob/master/handler.js#L43
It checks for the PasswordLastUsed
parameter and determines if the user has management console.
But it fails in the following scenario:
- IAM user given both Management Console and Programmatic access
- The Management Console access is then removed
- This policy adds that IAM user with only Programmatic access to the MFAGroup since the
PasswordLastUsed
param is still present.