I am working on trusted advisor and need to check whether MFA is enabled for root level also? Its in Security section of Trusted advisor Dashboard. I am working in Python using Boto.
To check the MFA status of IAM usersOpen the IAM console at https://console.aws.amazon.com/iam/ . In the navigation pane, choose Users. The MFA column tells you about the MFA device that is enabled. If no MFA device is active for the user, the console displays None.
You can identify the users in your account with an assigned SMS MFA device. To do so, go to the IAM console, choose Users from the navigation pane, and look for users with SMS in the MFA column of the table.
Using AWS Console 04 Click on the name of the Amazon IAM user that you want to examine. 05 Select the Security credentials tab to access the configuration information available for the IAM user credentials. 06 In the Sign-in credentials section, check the Assigned MFA device attribute value.
You would use the GetAccountSummary
API call in IAM which is available as the get_account_summary
method call in boto.iam.IAMConnection
.
import boto.iam
conn = boto.iam.connect_to_region('us-east-1')
summary = conn.get_account_summary()
This returns a Python dictionary containing a lot of information about your account. Specifically, to find out if MFA is enabled;
if summary['AccountMFAEnabled']:
# MFA is enabled
else:
# MFA is not enabled
This answer updates to boto3 and assumes that you have only one account configured in your ~/.aws/config or ~/.aws/credentials file:
import boto3
client = boto3.client('iam')
if client.get_account_summary()['SummaryMap']['AccountMFAEnabled']:
root_has_mfa = True
else:
root_has_mfa = False
If you'd prefer to have the dictionary that get_account_summary returns, you can do that too:
import boto3
client = boto3.client('iam')
summary = client.get_account_summary()['SummaryMap']
if summary['AccountMFAEnabled']:
root_has_mfa = True
else:
root_has_mfa = False
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With