Policy Packs
Check MFA Is Enabled for AWS IAM Root Accounts

Policy Setting: AWS > IAM > Root > Approved > Custom

Policies

This policy setting is dependent on the following policy types:

Source

resource "turbot_policy_setting" "aws_iam_root_approved_custom" {
resource = turbot_policy_pack.main.id
type = "tmod:@turbot/aws-iam#/policy/types/rootApprovedCustom"
template_input = <<-EOT
{
root {
mfaActive: get(path: "mfa_active")
}
}
EOT
template = <<-EOT
{%- if $.root.mfaActive == "true" -%}
{%- set data = {
"title": "MFA Enabled",
"result": "Approved",
"message": "MFA is enabled on root account"
} -%}
{%- elif $.root.mfaActive == "false" -%}
{%- set data = {
"title": "MFA Enabled",
"result": "Not approved",
"message": "MFA is not enabled on root account"
} -%}
{%- else -%}
{%- set data = {
"title": "MFA Enabled",
"result": "Skip",
"message": "No data for MFA yet"
} -%}
{%- endif -%}
{{ data | json }}
EOT
}