Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to check whether MFA is enabled for root account in AWS using boto?

Tags:

python

amazon-web-services

api

boto

I am working on trusted advisor and need to check whether MFA is enabled for root level also? Its in Security section of Trusted advisor Dashboard. I am working in Python using Boto.

like image 975
upaang saxena Avatar asked Mar 30 '15 06:03

upaang saxena

People also ask

How do you check if MFA is enabled for a user in AWS?

To check the MFA status of IAM usersOpen the IAM console at https://console.aws.amazon.com/iam/ . In the navigation pane, choose Users. The MFA column tells you about the MFA device that is enabled. If no MFA device is active for the user, the console displays None.

How can you quickly determine which of your IAM users have configured multi-factor authentication MFA )?

You can identify the users in your account with an assigned SMS MFA device. To do so, go to the IAM console, choose Users from the navigation pane, and look for users with SMS in the MFA column of the table.

How do you enable MFA with IAM users?

Using AWS Console 04 Click on the name of the Amazon IAM user that you want to examine. 05 Select the Security credentials tab to access the configuration information available for the IAM user credentials. 06 In the Sign-in credentials section, check the Assigned MFA device attribute value.

2 Answers

You would use the GetAccountSummary API call in IAM which is available as the get_account_summary method call in boto.iam.IAMConnection.

import boto.iam
conn = boto.iam.connect_to_region('us-east-1')
summary = conn.get_account_summary()

This returns a Python dictionary containing a lot of information about your account. Specifically, to find out if MFA is enabled;

if summary['AccountMFAEnabled']:
    # MFA is enabled
else:
    # MFA is not enabled
like image 171
garnaat Avatar answered Sep 27 '22 15:09

garnaat

This answer updates to boto3 and assumes that you have only one account configured in your ~/.aws/config or ~/.aws/credentials file:

import boto3

client = boto3.client('iam')

if client.get_account_summary()['SummaryMap']['AccountMFAEnabled']:
    root_has_mfa = True
else:
    root_has_mfa = False

If you'd prefer to have the dictionary that get_account_summary returns, you can do that too:

import boto3

client = boto3.client('iam')

summary = client.get_account_summary()['SummaryMap']

if summary['AccountMFAEnabled']:
    root_has_mfa = True
else:
    root_has_mfa = False
like image 22
eatsfood Avatar answered Sep 27 '22 17:09

eatsfood
Sign in to Comment

Related questions

How to add a simple "colorbar" to a network-graph plot in python?
How to gzip a bytearray in Python?
PPM to JPEG/JPG conversion for Python 3.4.1
Where is mimetools.choose_boundary function in Python3?
Mysql with Python can't insert record with autoincrement id, why?
How to insert a carriage return in a ReportLab paragraph?
typeerror 'bytes' object is not callable
How to find the sum of number layer in ndarray
Django Rest: The view does not want to import
Is there a bit-wise trick for checking the divisibility of a number by 2 or 3?
Python can't find file
"None" in python log-file
How to set the xticklabels for date in matplotlib
Django creating a custom model field
Does pep8 fail to recognize `# noqa` in some instances?
How to check if valid excel file in python xlrd library
Jinja2 - Keep undefined variables
Representing Coordinates in GeoAlchemy2
Apply Mask Array 2d to 3d
Curl how to POST multipart/form-data data and How to Read multipart/form-data in flask request

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!