|   Trend Micro Cloud One™
Open menu

AWS IAM user has signed in without MFA

Cloud Conformity allows you to automate the auditing process of this resolution page. Register for a 14 day evaluation and check your compliance level for free!

Start a Free Trial Product features
Last updated: 15 September 2017
Risk level: High (should be achieved)
Rule ID: RTM-003

Cloud Conformity Real-Time Threat Monitoring and Analysis (RTMA) engine detected an AWS authentication session initiated by an IAM user without using MFA. An IAM user is an identity within your Amazon Web Services account that has specific custom permissions (for example, permissions to manage EC2 instances within a particular AWS region). You can use an IAM user name and password to sign in to your AWS Management Console to access all your resources - when the user has admin-level privileges (similar to root), or to access a certain service or resource - when the user has a specific set of privileges.

This rule can help you with the following compliance standards:

This rule can help you work with the AWS Well-Architected Framework

This rule resolution is part of the Cloud Conformity Real-Time Threat Monitoring


As a security best practice, it is always recommended to supplement your IAM user names and passwords by requiring a one-time passcode during authentication. This method is known as AWS Multi-Factor Authentication and allows you to enable extra security for your privileged IAM users. Multi-Factor Authentication (MFA) is a simple and efficient method of verifying your IAM user identity by requiring an authentication code generated by a virtual or hardware device on top of your usual access credentials (i.e. user name and password). The MFA device signature adds an additional layer of protection on top of your existing user credentials making your AWS account virtually impossible to breach without the unique code generated by the device.

Cloud Conformity recommends using Multi-Factor Authentication every time you sign in to your AWS account using a privileged IAM user (user with access to sensitive resources provisioned within your AWS account) in order to secure the access to your Amazon Web Services resources and adhere to security best practices.


Monitoring IAM access in real-time for vulnerability assessment is essential for keeping your AWS account safe. When an IAM user has administrator-level permissions (i.e. can modify or remove any resource, access any data in your AWS environment and can use any service or component – except the Billing and Cost Management service), just as with the AWS root account user, it is mandatory to secure the IAM user login with Multi-Factor Authentication.

Implementing MFA-based authentication for your IAM users represents the best way to protect your AWS resources and services against unauthorized users or attackers, as MFA adds extra security to the authentication process by forcing IAM users to enter a unique code generated by an approved authentication device.

Using Cloud Conformity RTMA MFA detection for IAM user authentication will help you enforce MFA-based access for all the privileged IAM users within your organization.


Publication date May 24, 2017

Unlock the Remediation Steps

Gain free unlimited access to our full Knowledge Base

Over 600 rules & best practices for and

Get started for FREE

A verification email will be sent to this address
We keep your information private. Learn more.

Thank you!

Please click the link in the confirmation email sent to

You are auditing:

AWS IAM user has signed in without MFA

Risk level: High