Ensure Alibaba Cloud RAM enforces MFA

Error: Alibaba Cloud RAM does not enforce MFA

Bridgecrew Policy ID: BC_ALI_IAM_10
Checkov Check ID: CKV_ALI_24
Severity: LOW

Alibaba Cloud RAM does not enforce MFA

Description

Enforcing MFA helps protect your data from unauthorized access or tampering by requiring users to provide additional verification before accessing resources. By enabling MFA, you can help ensure that only authorized users with the correct credentials can access your resources.

Fix - Runtime

Fix - Buildtime

Terraform

resource "alicloud_ram_security_preference" "pass" {
  enable_save_mfa_ticket        = false
  allow_user_to_change_password = true
  enforce_mfa_for_login         = true
}