This metric checks whether RAM users have enabled MFA secondary logon.

Trigger type: configuration change

Resource: ACS::RAM::User

Request parameters: none

Fix: Check whether RAM users enable MFA secondary logon. Otherwise, this rule is not compliant. On the console logon management page, set MFA to yes. Config detects your changes within 10 minutes and automatically starts the audit.

Console operation: Enter the RAM console, choose identities> users to enter the user details, and modify the value of "must enable MFA" in authentication management> console logon management.


API operation: Call the UpdateLoginProfile API to modify the logon configuration of the user and set MFABindRequired to true.