Skip to content
This repository has been archived by the owner on Apr 9, 2024. It is now read-only.

Change the logic to find IAM roles with programmatic access #1

Open
Chan9390 opened this issue Nov 22, 2018 · 0 comments
Open

Change the logic to find IAM roles with programmatic access #1

Chan9390 opened this issue Nov 22, 2018 · 0 comments

Comments

@Chan9390
Copy link
Owner

Currently the implementation is : https://github.com/Chan9390/aws-mfa-enforce/blob/master/handler.js#L43

It checks for the PasswordLastUsed parameter and determines if the user has management console.

But it fails in the following scenario:

  1. IAM user given both Management Console and Programmatic access
  2. The Management Console access is then removed
  3. This policy adds that IAM user with only Programmatic access to the MFAGroup since the PasswordLastUsed param is still present.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant