This topic describes the managed rules that are related to Resource Access Management (RAM) and the rectification methods that target at non-compliant RAM resources.
Rule name: ram-user-mfa-check
Checks whether multi-factor authentication (MFA) is enabled for a RAM user under your account.
Trigger type: configuration change
Applicable resource type: ACS::RAM::User
Input parameter: none
To enable MFA for the RAM user in the RAM console, perform the following steps: Log on to the RAM console. In the left-side navigation pane, choose Identities > Users. On the page that appears, click the name of the target RAM user. On the Authentication tab, click Modify Logon Settings in the Console Logon Management section. In the right-side pane that appears, set Enable MFA to Required and click OK. For more information, see Enable an MFA device for a RAM user.
- You can also call the UpdateLoginProfile operation and set MFABindRequired to true to enable MFA for the RAM user. For more information, see UpdateLoginProfile.