search

prowler-cloud / prowler

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
https://prowler.com
Apache License 2.0
10.53k stars 1.51k forks source link

fix(iam): update logic of Root Hardware MFA check #4726

Closed sergargar closed 3 weeks ago

sergargar commented 1 month ago

Context

Fix #4652

Description

Update logic of iam_root_hardware_mfa_enabled check so if the ARN of the associated IAM user of the Virtual MFA device is "arn:aws:iam::[aws-account-id]:root", the AWS root account is not using a hardware-based MFA device for MFA protection.

Checklist

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

codecov[bot] commented 1 month ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 89.06%. Comparing base (bcc8d5f) to head (0fe1715). Report is 25 commits behind head on master.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## master #4726 +/- ## ========================================== - Coverage 89.10% 89.06% -0.04% ========================================== Files 913 913 Lines 27913 27912 -1 ========================================== - Hits 24871 24859 -12 - Misses 3042 3053 +11 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

github-actions[bot] commented 3 weeks ago

💚 All backports created successfully

Status Branch Result
✅ v3
✅ v4.3

Questions ?

Please refer to the Backport tool documentation and see the Github Action logs for details