Ensure RAM Security Preference is Enforce MFA Login
SecurityPreference is used to configure security preferences for Resource Access Management (RAM) users. Specifies whether MFA is required for all RAM users when they log on to the Alibaba Cloud Management Console by using usernames and passwords.
Risk Level: high
Platform: Alicloud
Spectral Rule ID: TFALCLD055
REMEDIATION
set enforce_mfa_for_login to 'true' or define resource alicloud_ram_security_preference
+ resource "alicloud_ram_user" "user0" {...}
- enforce_mfa_for_login = false
+ enforce_mfa_for_login = true
+ resource "alicloud_ram_security_preference" "example2" {...}
Read more:
- https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/ram_security_preference#enforce_mfa_for_login
- https://www.alibabacloud.com/help/en/resource-orchestration-service/latest/aliyun-ram-securitypreference
- https://www.alibabacloud.com/help/en/terraform/latest/create-a-ram-user
Updated over 1 year ago