Alibaba Cloud RAM does not enforce MFA
Description
This policy ensures that Multi-Factor Authentication (MFA) is enforced for Alibaba Cloud RAM (Resource Access Management) accounts. Enforcing MFA significantly strengthens account security by requiring a second form of authentication, in addition to a password, to access resources. This prevents unauthorized access even if the password is compromised.
Failing to enforce MFA increases the risk of unauthorized access, which can lead to potential data breaches or misuse of cloud resources.
Code Example
go
resource "alicloud_ram_security_preference" "example" {
...
+ enforce_mfa_for_login = true
}Remediation
Terraform
- Resource: alicloud_ram_security_preference
- Arguments: enforce_mfa_for_login
To mitigate this issue, ensure the `enforce_mfa_for_login` attribute in the `alicloud_ram_security_preference` resource is set to `true`.
Example:
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0024 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform |
| Checkov ID | CKV_ALI_24 |