search

awsdocs / iam-user-guide

Official documentation source for the AWS Identity and Access Management (IAM) User Guide
MIT No Attribution
324 stars 355 forks source link

OUTDATED IAM MFA policies documentation #284

Closed luarx closed 1 year ago

luarx commented 1 year ago

CONTEXT Now users can configure multiple MFA devices (https://aws.amazon.com/blogs/security/you-can-now-assign-multiple-mfa-devices-in-iam/).

This page is outdated https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_aws_my-sec-creds-self-manage.html Because if users want to create a new MFA virtual device using a different name than their aws user name, it will not be able to.

Some of the lines that must be changed (*"Resource": "arn:aws:iam:::user/${aws:username}"**):

{
            "Sid": "AllowManageOwnVirtualMFADevice",
            "Effect": "Allow",
            "Action": [
                "iam:CreateVirtualMFADevice",
                "iam:DeleteVirtualMFADevice"
            ],
            "Resource": "arn:aws:iam::*:mfa/${aws:username}"
        },
        {
            "Sid": "AllowManageOwnUserMFA",
            "Effect": "Allow",
            "Action": [
                "iam:DeactivateMFADevice",
                "iam:EnableMFADevice",
                "iam:ListMFADevices",
                "iam:ResyncMFADevice"
            ],
            "Resource": "arn:aws:iam::*:user/${aws:username}"
        },

Could you update this? Thanks in advance!

ljquin commented 1 year ago

@luarx - The self-managed MFA policy examples have been updated to address the reported issue.

Thanks for taking the time to send us feedback!