A company wants to verify if multi-factor authentication (MFA) is enabled for all users within its AWS accounts.
Which AWS service or resource will meet this requirement?
A company wants to verify if multi-factor authentication (MFA) is enabled for all users within its AWS accounts.
Which AWS service or resource will meet this requirement?
A company can verify if multi-factor authentication (MFA) is enabled for all users within its AWS accounts by using IAM credential reports. These reports provide a detailed overview of the status of IAM credentials, including whether MFA is active for each user. The report is delivered in CSV format and includes a column that indicates the status of MFA for each user, making it the appropriate tool for this requirement.
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html IAM credential reports are delivered in CSV format. "mfa_active" is one of many columns of this report. When a MFA device is enabled for the user, value of this column is TRUE.
IAM credential reports provide a way to audit the status of all your IAM credentials, including the status of MFA devices.
B. IAM credential reports
B IAM credentials report