Aqua CSPM

Cross-Account Access External ID and MFA

Quick Info

Plugin TitleCross-Account Access External ID and MFA
CloudAWS
CategoryIAM
DescriptionEnsures that either MFA or external IDs are used to access AWS roles.
More InfoIAM roles should be configured to require either a shared external ID or use an MFA device when assuming the role.
AWS Linkhttps://aws.amazon.com/blogs/aws/mfa-protection-for-cross-account-access/
Recommended ActionUpdate the IAM role to either require MFA or use an external ID.

Detailed Remediation Steps