I am looking to enforce all IAM users(local and remote) to enable and activate their MFA devices. I want them all to enable MFA to do their respective tasks.
I am trying with the following policy
{
"Effect": "Allow",
"Action": "*",
"Resource": "*",
"Condition": {"Bool": {"aws:MultiFactorAuthPresent": "true"}}
}
However; this policy applies irrespective of how you are accessing the services, through console or through APIs
There is a lot of automation done by all users and their automation breaks as MFA authentication was not implied.
As a first step, we wish everybody to atleast enables MFA for console login; but the same should not enforce them to use MFA for API calls used in automation.
Is this achievable through IAM policy?
Thanks
Aucun commentaire:
Enregistrer un commentaire