This topic describes the managed rule that is related to Resource Access Management
(RAM) and the methods to fix non-compliance issues.
Checks whether multi-factor authentication (MFA) is enabled for a RAM user of your
Trigger type: configuration change
Applicable resource type: ACS::RAM::User
Input parameter: none
Cause: MFA is not enabled for a RAM user of your account. Solution: After you enable
MFA, Cloud Config detects the configuration change and automatically starts to re-evaluate
the resource within 10 minutes. You can fix this non-compliance issue by using one
of the following methods:
- RAM Console
For information about how to enable MFA in the RAM console, see Enable an MFA device for a RAM user.
You can also call the UpdateLoginProfile API operation. To enable MFA for the RAM
user, set MFABindRequired to true. For more information, see UpdateLoginProfile.