AWS Console Login Without MFA
This rule monitors for failed AWS console logins without the use of MFA.
Risk
Remediation Effort
Medium
Low
MFA adds an additional layer of security above passwords to user logins. Best practice is to require MFA for all user logins, and this rule can serve as a supplement to such configurations to ensure they are not accidentally or intentionally subverted.
Remediation
Investigate why this user was able to authenticate without MFA. Enable MFA for the user, and modify permissions to ensure further logins without MFA cannot happen.
References
  • CIS AWS Benchmark 3.2: "Ensure a log metric filter and alarm exist for Management Console sign-in without MFA"
Copy link