def control_1_14_hardware_mfa_enabled_root():
cont = Control('1.14',
'Ensure hardware MFA is enabled for the "root" account',
True)
root_account_MFA = IAM_CLIENT.get_account_summary(
)['SummaryMap']['AccountMFAEnabled']
if root_account_MFA == 1:
hardware_MFA_paginator = IAM_CLIENT.get_paginator(
'list_virtual_mfa_devices')
for resp in hardware_MFA_paginator.paginate(AssignmentStatus='Any'):
for hardware_MFA in resp['VirtualMFADevices']:
if "mfa/root-account-mfa-device" in hardware_MFA[
'SerialNumber']:
cont.result = True
break
if cont.result is False:
cont.fail_reason = 'The root account does not have Hardware MFA'
else:
cont.fail_reason = 'The root account does not have MFA enabled'
return {
'control_id': cont.id,
'scored': cont.scored,
'desc': cont.desc,
'result': cont.result,
'fail_reason': cont.fail_reason,
'offenders': cont.offenders
}
def control_1_13_mfa_enabled_root():
cont = Control('1.13', 'Ensure MFA is enabled for the "root" account',
True)
root_account_MFA = IAM_CLIENT.get_account_summary(
)['SummaryMap']['AccountMFAEnabled']
if root_account_MFA == 1:
cont.result = True
else:
cont.fail_reason = 'The root account does not have MFA enabled'
return {
'control_id': cont.id,
'scored': cont.scored,
'desc': cont.desc,
'result': cont.result,
'fail_reason': cont.fail_reason,
'offenders': cont.offenders
}