RAM User MFA Enabled
ID: rule:aliyun:ram-user-mfa-check
Severity: high
IaC Types: ROS, Terraform
Description
RAM users with console access should have multi-factor authentication (MFA) enabled.
Reason for Violation
RAM users without MFA are vulnerable to password compromise, posing a significant security risk.
Recommendation
Enable MFA for the RAM user by setting LoginProfile.MFABindRequired to true.
Resource Types
- ROS:
ALIYUN::RAM::User - Terraform:
alicloud_ram_login_profile