IAM groups should have MFA enforcement activated.
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | iam |
| Provider | AWS |
| Vulnerability Type | omission |
Description#
IAM groups are configured without enforcing multi-factor authentication (MFA), allowing users to access resources with only a password. This setup lacks an important security layer against unauthorized access in case credentials are compromised.
Impact#
Without MFA enforcement, attackers who obtain user passwords can access sensitive AWS resources, increasing the risk of data breaches, privilege escalation, and unauthorized actions within the cloud environment.
Resolution#
Use terraform-module/enforce-mfa/aws to ensure that MFA is enforced