| Plugin Title | Users MFA Enabled |
| Cloud | AWS |
| Category | IAM |
| Description | Ensures a multi-factor authentication device is enabled for all users within the account |
| More Info | User accounts should have an MFA device setup to enable two-factor authentication |
| AWS Link | http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingPasswordPolicies.html |
| Recommended Action | Enable an MFA device for the user account |
- Log into the AWS Management Console.
- Select the "Services" option and search for IAM.
- Scroll down the left navigation panel and choose "Users".
- Select the "User" that needs to be verified and click on the "User name" to access the selected "IAM User".
- Click on the "Security Credentials" under the configuration page.
- Scroll down the "Security Credentials" tab and check the "Assigned MFA device".Check the "Multi-factor authentication (MFA)" section for any active devices. If "Not assigned " is showing against "Assigned MFA device" than a multi-factor authentication device is not enabled for the selected user account.
- Repeat steps number 2 - 6 to check another IAM user.
- On "Your Security Credentials" page scroll down and click on the "Multi-factor authentication (MFA)" and click on the "Manage" link to enable a multi-factor authentication device.
- Click on the "Virtual MFA device" and click on "Continue".
- Now install the AWS MFA compatible application on mobile device or computer. Once the application is installed click on the "Show QR code" and scan the code with pre-installed application.
- Enter two consecutive MFA codes generated from application in "MFA code 1" and "MFA code 2" and click on the "Assign MFA" button.
- On successful setup will get the following message "You have successfully assigned virtual MFA".
- Repeat steps number 8 - 12 to enable multi-factor authentication device for all other IAM users.
