This topic describes the managed rule that is related to Resource Access Management (RAM) and the methods to fix non-compliance issues.

ram-user-mfa-check

Checks whether multi-factor authentication (MFA) is enabled for a RAM user of your account.

Trigger type: configuration change

Applicable resource type: ACS::RAM::User

Input parameter: none

Cause: MFA is not enabled for a RAM user of your account. Solution: After you enable MFA, Cloud Config detects the configuration change and automatically starts to re-evaluate the resource within 10 minutes. You can fix this non-compliance issue by using one of the following methods:
  • RAM Console

    For information about how to enable MFA in the RAM console, see Enable an MFA device for a RAM user.

  • API

    You can also call the UpdateLoginProfile API operation. To enable MFA for the RAM user, set MFABindRequired to true. For more information, see UpdateLoginProfile.