AI CloudAdvisor (Beta)

My Presets

You must be logged in to save or view your saved configuration templates

Security Controls

Service Control PoliciesConfig RulesCloudWatch Alarms and Event RulesCloudFormation Guard RulesLogging & Monitoring ConfigurationsBackups & DRAuto Remediation RulesConformance PacksBilling and Cost ManagementS3 Bucket PoliciesSecurity Groups & NACLsIAM PoliciesVPC Endpoint Policies

AWS Services

Guided Walkthroughs

Configuration Packages

Reference Guides

Other

AI CloudAdvisor (Beta)

Configuration Stack
0

My Presets

Security Controls

Service Control PoliciesConfig RulesCloudWatch Alarms and Event RulesCloudFormation Guard RulesLogging & Monitoring ConfigurationsBackups & DRAuto Remediation RulesConformance PacksBilling and Cost ManagementS3 Bucket PoliciesSecurity Groups & NACLsIAM PoliciesVPC Endpoint Policies

AWS Services

Guided Walkthroughs

Configuration Packages

Reference Guides

Other

IAM Policies

Allows IAM Users to Self-Manage an MFA Device.

An IAM policy that allows IAM users to self-manage an MFA device. This policy provides the permissions necessary to complete this action using the AWS API or AWS CLI only.

Premium: 15-minute comprehensive assessment for your AWS Organization and Accounts
AWS Documentation
Try out CloudAdvisor: Your AI-Powered Assistant for AWS Cloud

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "iam:CreateVirtualMFADevice",
                "iam:EnableMFADevice",
                "iam:ResyncMFADevice",
                "iam:DeleteVirtualMFADevice"
            ],
            "Resource": [
                "arn:aws:iam::*:mfa/${aws:username}",
                "arn:aws:iam::*:user/${aws:username}"
            ],
            "Effect": "Allow"
        },
        {
            "Action": [
                "iam:DeactivateMFADevice"
            ],
            "Resource": [
                "arn:aws:iam::*:mfa/${aws:username}",
                "arn:aws:iam::*:user/${aws:username}"
            ],
            "Effect": "Allow",
            "Condition": {
                "Bool": {
                    "aws:MultiFactorAuthPresent": "true"
                }
            }
        },
        {
            "Action": [
                "iam:ListMFADevices",
                "iam:ListVirtualMFADevices",
                "iam:ListUsers"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

Actions



Customize Template

No policy variables to customize
* Required field

Upgrade to Premium for More Features
Sign up

Guided Walkthroughs
Step-by-step configuration wizards for your environment
Dedicated Security Account
AWS Backup Strategy
VPC Connectivity Setup
Automated Patching
All Guides
Configuration Packages
Pre-built packages for common configuration
Common SCPs
CloudFormation Guard Rules
Auto Remediation Rules
IAM Monitoring & Compliance
All Packages
Automated Assessments
  • 350+ security checks
  • Well-architected reviews
  • Detailed compliance reports
  • Remediation templates
  • Email summaries
  • Learn more