AWS Console Login Without MFA

This rule monitors for failed AWS console logins without the use of MFA.

Risk

Remediation Effort

Medium

Low

MFA adds an additional layer of security above passwords to user logins. Best practice is to require MFA for all user logins, and this rule can serve as a supplement to such configurations to ensure they are not accidentally or intentionally subverted.

Remediation

Investigate why this user was able to authenticate without MFA. Enable MFA for the user, and modify permissions to ensure further logins without MFA cannot happen.

References

  • CIS AWS Benchmark 3.2: "Ensure a log metric filter and alarm exist for Management Console sign-in without MFA"