Skip to content

Commit

Permalink
Update self-service-mfa managed policy (#52)
Browse files Browse the repository at this point in the history
  • Loading branch information
@posquit0
posquit0 authored Dec 12, 2022
1 parent 05f0ce9 commit d0a96a1
Showing 1 changed file with 20 additions and 11 deletions.
31 changes: 20 additions & 11 deletions modules/managed-policies/policies/self-service-mfa.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,29 +8,38 @@
"Resource": "*"
},
{
"Sid": "AllowManageOwnVirtualMFADevice",
"Sid": "AllowIndividualUserToManageTheirOwnMFA",
"Effect": "Allow",
"Action": [
"iam:CreateVirtualMFADevice",
"iam:DeleteVirtualMFADevice"
],
"Resource": "arn:aws:iam::*:mfa/${aws:username}"
},
{
"Sid": "AllowManageOwnUserMFA",
"Effect": "Allow",
"Action": [
"iam:GetUser",
"iam:DeactivateMFADevice",
"iam:DeleteVirtualMFADevice",
"iam:EnableMFADevice",
"iam:GetUser",
"iam:ListMFADevices",
"iam:ResyncMFADevice"
],
"Resource": [
"arn:aws:iam::*:mfa/*",
"arn:aws:iam::*:user/${aws:username}",
"arn:aws:iam::*:user/*/${aws:username}"
]
},
{
"Sid": "AllowIndividualUserToDeactivateOnlyTheirOwnMFAOnlyWhenUsingMFA",
"Effect": "Allow",
"Action": [
"iam:DeactivateMFADevice"
],
"Resource": [
"arn:aws:iam::*:mfa/*",
"arn:aws:iam::*:user/${aws:username}"
],
"Condition": {
"Bool": {
"aws:MultiFactorAuthPresent": "true"
}
}
},
{
"Sid": "DenyAllExceptListedIfNoMFA",
"Effect": "Deny",
Expand Down

0 comments on commit d0a96a1

Please sign in to comment.