ram-user-mfa-check
This metric checks whether RAM users have enabled MFA secondary logon.
Trigger type: configuration change
Resource: ACS::RAM::User
Request parameters: none
Fix: Check whether RAM users enable MFA secondary logon. Otherwise, this rule is not compliant. On the console logon management page, set MFA to yes. Config detects your changes within 10 minutes and automatically starts the audit.
Console operation: Enter the RAM console, choose identities> users to enter the user details, and modify the value of "must enable MFA" in authentication management> console logon management.
API operation: Call the UpdateLoginProfile API to modify the logon configuration of the user and set MFABindRequired to true.