aws-mfa-enforce icon indicating copy to clipboard operation
aws-mfa-enforce copied to clipboard

Published 20 hours ago verified publisher icon Chan9390

Change the logic to find IAM roles with programmatic access

Open Chan9390 opened this issue 6 years ago • 0 comments

Currently the implementation is : https://github.com/Chan9390/aws-mfa-enforce/blob/master/handler.js#L43

It checks for the PasswordLastUsed parameter and determines if the user has management console.

But it fails in the following scenario:

  1. IAM user given both Management Console and Programmatic access
  2. The Management Console access is then removed
  3. This policy adds that IAM user with only Programmatic access to the MFAGroup since the PasswordLastUsed param is still present.

Chan9390 avatar Nov 22 '18 15:11 Chan9390