AWS Console Login Without MFA

This rule monitors for failed AWS console logins without the use of MFA.


Remediation Effort



MFA adds an additional layer of security above passwords to user logins. Best practice is to require MFA for all user logins, and this rule can serve as a supplement to such configurations to ensure they are not accidentally or intentionally subverted.


Investigate why this user was able to authenticate without MFA. Enable MFA for the user, and modify permissions to ensure further logins without MFA cannot happen.


  • CIS AWS Benchmark 3.2: "Ensure a log metric filter and alarm exist for Management Console sign-in without MFA"

Last updated