My Saved Presets
You must be logged in to view saved presets

Loading Library ...

Require MFA to Stop an Amazon EC2 Instance

This SCP requires that multi-factor authentication (MFA) is enabled before a principal or root user can stop an Amazon EC2 instance.

See Related Configuration Items for a Configuration Package to deploy multiple SCPs to an AWS Account.

Configuration template includes a CloudFormation custom resource to deploy into an AWS account.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "ec2:StopInstances",
                "ec2:TerminateInstances"
            ],
            "Resource": "*",
            "Effect": "Deny",
            "Condition": {
                "BoolIfExists": {
                    "aws:MultiFactorAuthPresent": false
                }
            }
        }
    ]
}

Actions



Customize Template

No policy variables to customize
* Required field

© 2024 asecurecloud. All rights reserved.