github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/iam/enforce_user_mfa.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/iam/enforce_user_mfa.go (about)

     1  package iam
     2  
     3  import (
     4  	"github.com/khulnasoft-lab/defsec/pkg/framework"
     5  
     6  	"github.com/khulnasoft-lab/defsec/pkg/severity"
     7  
     8  	"github.com/khulnasoft-lab/defsec/pkg/state"
     9  
    10  	"github.com/khulnasoft-lab/defsec/pkg/scan"
    11  
    12  	"github.com/khulnasoft-lab/defsec/internal/rules"
    13  
    14  	"github.com/khulnasoft-lab/defsec/pkg/providers"
    15  )
    16  
    17  var CheckEnforceUserMFA = rules.Register(
    18  	scan.Rule{
    19  		AVDID:     "AVD-AWS-0145",
    20  		Provider:  providers.AWSProvider,
    21  		Service:   "iam",
    22  		ShortCode: "enforce-user-mfa",
    23  		Frameworks: map[framework.Framework][]string{
    24  			framework.CIS_AWS_1_2: {"1.2"},
    25  			framework.CIS_AWS_1_4: {"1.4"},
    26  		},
    27  		Summary:    "IAM Users should have MFA enforcement activated.",
    28  		Impact:     "User accounts are more vulnerable to compromise without multi factor authentication activated",
    29  		Resolution: "Enable MFA for the user account",
    30  		Explanation: `
    31  IAM user accounts should be protected with multi factor authentication to add safe guards to password compromise.
    32  			`,
    33  		Links: []string{
    34  			"https://console.aws.amazon.com/iam/",
    35  		},
    36  		Severity: severity.Medium,
    37  	},
    38  	func(s *state.State) (results scan.Results) {
    39  
    40  		for _, user := range s.AWS.IAM.Users {
    41  			if user.HasLoggedIn() && len(user.MFADevices) == 0 {
    42  				results.Add("User account does not have MFA", &user)
    43  			} else {
    44  				results.AddPassed(&user)
    45  			}
    46  		}
    47  
    48  		return
    49  	},
    50  )