Home Security & Health Security Audit AWS IAM accounts with MFA enabled at user level

AWS IAM accounts with MFA enabled at user level

-

Having a well thought out cloud security strategy is the key to getting ahead in the cloud game. Security solutions built for cloud can bring benefits for businesses as compared to using legacy on-premises security solutions slowing down your cloud deployments. Implementing security best practices related to AWS IAM service and MFA status are necessary as they play very important roles in maintaining your infrastructure’s security posture.

What is MFA status in AWS IAM?

MFA (Multi-Factor Authentication) status provides extra layers of security to AWS users above their traditional system of authentication which comprises of usernames and passwords. When MFA is enabled, the user gets prompted for an extra authentication response from their registered MFA device along with their username and password. All these factors combined, provide increased security to the user’s account and prevent misuse of AWS accounts or resources.

Why MFA status should be active at each individual user level?

It is necessary to ensure that each and every IAM user in your cloud infrastructure doesn’t have your AWS management console password. Or even if they have the console password make sure that MFA status is enabled at the user level. Users with AWS management console credentials having disabled MFA is an unfavorable situation. This is because it puts your security and privacy control of your entire AWS infrastructure at risk. There can be situations where your password or resource can get misused.

How does Centilytics help you?

Centilytics provides a dedicated insight for keeping track of your MFA status at the user level and gives warnings whenever a misconfigured IAM user is detected in your account.

Insight Descriptions:

There can be 2 possible scenarios:

Severity Description
OK This indication will be displayed when the corresponding account either does not have console credentials or has both console credentials and MFA status is enabled for that account.
CRITICAL This will be displayed alongside those accounts which have console password and do not have MFA enabled.

 

Description of further columns are as follows:

  1. Account-ID: This column shows the respective account ID of the user’s account.AWS IAM 1
  2. Account Name: This column shows the corresponding account name to the user’s account.AWS IAM 3
  3. IAM User name: This column shows the username of the IAM user.AWS IAM 7
  4. Custom severity description: This column shows the custom description of the IAM user.AWS IAM 5

Filters applicable:

Filter Name Description
Account Id Applying the account Id filter will display data for the selected account Id.
Compliance Applying the compliance filter will display only those security checks which fall under the selected compliance.
Severity Applying severity filter will display resources according to the selected severity type i.e. selecting critical will display all resources with critical severity. Same will be the case for Warning and OK severity types
Resource Tags Applying resource tags filter will display those resources which have been assigned the selected resource tag. For e.g., A user has tagged some public snapshots by a resource tag named environment. Then selecting an environment from the resource tags filter will display all those resources tagged by the tag name environment.
Resource Tags Value Applying resource tags value filter will display data which will have the selected resource tag value. For e.g. – Let’s say a user has tagged some resource by a tag named environment and has a value say production (environment: production). Hence, the user can view data of all the resources which have “environment:production” tag assigned. The user can use the tag value filter only when a tag name has been provided.

 

Compliances Covered:

Compliance Name Reference No. Link
CIS 1.1.0 https://d0.awsstatic.com/whitepapers/
compliance/AWS_CIS_Foundations_Benchmark.pdf

 

Read About

Cloud