RAM User MFA Enabled

ID: rule:aliyun:ram-user-mfa-check
Severity: high

Description

RAM users with console access should have multi-factor authentication (MFA) enabled.

Reason for Violation

RAM users without MFA are vulnerable to password compromise, posing a significant security risk.

Recommendation

Enable MFA for the RAM user by setting LoginProfile.MFABindRequired to true.

Resource Types

• ALIYUN::RAM::User