kalpik/Enforce-MFA.ps1

## Enforce-MFA.ps1
Import-Module -Name AWSPowerShell.NetCore

$users = Get-IAMUserList

foreach($user in $users.UserName)
{
    # Do not add API-only users to MFA jail
    try {
        $null = Get-IAMLoginProfile -UserName $user
    }
    catch {
        Write-Output "Removing API-only user '$user' from MFA jail"
        Remove-IAMUserFromGroup -GroupName 'ForceMFA' -UserName $user -Force
        continue
    }
    if(Get-IAMMFADevice -UserName $user)
    {
        Write-Output "Removing user '$user' from MFA jail, as they have MFA enabled"
        Remove-IAMUserFromGroup -GroupName 'ForceMFA' -UserName $user -Force
    }
    else
    {
        Write-Output "Adding user '$user' to MFA jail, as they have MFA disabled"
        Add-IAMUserToGroup -GroupName 'ForceMFA' -UserName $user -Force
    }
}
	Import-Module -Name AWSPowerShell.NetCore

	$users = Get-IAMUserList

	foreach($user in $users.UserName)
	{
	# Do not add API-only users to MFA jail
	try {
	$null = Get-IAMLoginProfile -UserName $user
	}
	catch {
	Write-Output "Removing API-only user '$user' from MFA jail"
	Remove-IAMUserFromGroup -GroupName 'ForceMFA' -UserName $user -Force
	continue
	}
	if(Get-IAMMFADevice -UserName $user)
	{
	Write-Output "Removing user '$user' from MFA jail, as they have MFA enabled"
	Remove-IAMUserFromGroup -GroupName 'ForceMFA' -UserName $user -Force
	}
	else
	{
	Write-Output "Adding user '$user' to MFA jail, as they have MFA disabled"
	Add-IAMUserToGroup -GroupName 'ForceMFA' -UserName $user -Force
	}
	}