Skip to content

Instantly share code, notes, and snippets.

@khobbits

khobbits/MFAALLOW.json

Last active May 3, 2016 01:36
Show Gist options
  • Save khobbits/746b0d44d0d0a144bfd37aa36e134ca9 to your computer and use it in GitHub Desktop.
Save khobbits/746b0d44d0d0a144bfd37aa36e134ca9 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
MFAALLOW.json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1437382689000",
"Effect": "Allow",
"Action": [
"iam:CreateVirtualMFADevice",
"iam:DeactivateMFADevice",
"iam:DeleteVirtualMFADevice",
"iam:EnableMFADevice",
"iam:ListMFADevices",
"iam:ListVirtualMFADevices",
"iam:ResyncMFADevice",
"iam:ListAttachedUserPolicies"
],
"Resource": [
"arn:aws:iam::<accountnumber>:user/${aws:username}",
"arn:aws:iam::<accountnumber>:mfa/${aws:username}"
]
},
{
"Sid": "Stmt1437382689001",
"Effect": "Allow",
"Action": [
"iam:ListUsers",
"iam:ListGroupsForUser",
"iam:ListUserPolicies",
"iam:ListAccessKeys",
"iam:ListSigningCertificates",
"iam:GetLoginProfile",
"iam:GetAccountSummary",
"iam:ListAccountAliases"
],
"Resource": [
"*"
]
}
]
}
Raw
MFADENY.json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1437382689000",
"Effect": "Deny",
"NotAction": [
"iam:CreateVirtualMFADevice",
"iam:DeactivateMFADevice",
"iam:DeleteVirtualMFADevice",
"iam:EnableMFADevice",
"iam:ResyncMFADevice",
"iam:ListAttachedUserPolicies",
"iam:ListUsers",
"iam:ListGroupsForUser",
"iam:ListUserPolicies",
"iam:ListAccessKeys",
"iam:ListSigningCertificates",
"iam:ListMFADevices",
"iam:ListVirtualMFADevices",
"iam:GetLoginProfile",
"iam:GetAccountSummary",
"iam:ListAccountAliases",
"sts:GetSessionToken"
],
"Resource": [
"*"
],
"Condition": {
"Bool": {
"aws:MultiFactorAuthPresent": "false"
}
}
},
{
"Sid": "Stmt1437382689003",
"Effect": "Deny",
"NotAction": [
"iam:CreateVirtualMFADevice",
"iam:DeactivateMFADevice",
"iam:DeleteVirtualMFADevice",
"iam:EnableMFADevice",
"iam:ResyncMFADevice",
"iam:ListAttachedUserPolicies",
"iam:ListUsers",
"iam:ListGroupsForUser",
"iam:ListUserPolicies",
"iam:ListAccessKeys",
"iam:ListSigningCertificates",
"iam:ListMFADevices",
"iam:ListVirtualMFADevices",
"iam:GetLoginProfile",
"iam:GetAccountSummary",
"iam:ListAccountAliases",
"sts:GetSessionToken"
],
"Resource": [
"*"
],
"Condition": {
"Null": {
"aws:MultiFactorAuthPresent": "true"
}
}
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment