Closed luarx closed 1 year ago
CONTEXT Now users can configure multiple MFA devices (https://aws.amazon.com/blogs/security/you-can-now-assign-multiple-mfa-devices-in-iam/).
This page is outdated https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_aws_my-sec-creds-self-manage.html Because if users want to create a new MFA virtual device using a different name than their aws user name, it will not be able to.
Some of the lines that must be changed (*"Resource": "arn:aws:iam:::user/${aws:username}"**):
{ "Sid": "AllowManageOwnVirtualMFADevice", "Effect": "Allow", "Action": [ "iam:CreateVirtualMFADevice", "iam:DeleteVirtualMFADevice" ], "Resource": "arn:aws:iam::*:mfa/${aws:username}" }, { "Sid": "AllowManageOwnUserMFA", "Effect": "Allow", "Action": [ "iam:DeactivateMFADevice", "iam:EnableMFADevice", "iam:ListMFADevices", "iam:ResyncMFADevice" ], "Resource": "arn:aws:iam::*:user/${aws:username}" },
Could you update this? Thanks in advance!
@luarx - The self-managed MFA policy examples have been updated to address the reported issue.
Thanks for taking the time to send us feedback!
CONTEXT Now users can configure multiple MFA devices (https://aws.amazon.com/blogs/security/you-can-now-assign-multiple-mfa-devices-in-iam/).
This page is outdated https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_aws_my-sec-creds-self-manage.html Because if users want to create a new MFA virtual device using a different name than their aws user name, it will not be able to.
Some of the lines that must be changed (*"Resource": "arn:aws:iam:::user/${aws:username}"**):
Could you update this? Thanks in advance!