Complete the code to enable MFA device for an IAM user.
aws iam enable-mfa-device --user-name [1] --serial-number arn:aws:iam::123456789012:mfa/[1] --authentication-code1 123456 --authentication-code2 789012
The --user-name and --serial-number must match the IAM user name. Here, 'Bob' is the correct user to enable MFA.
Complete the code to create a virtual MFA device named 'MyDevice'.
aws iam create-virtual-mfa-device --virtual-mfa-device-name [1] --outfile MyDeviceQRCode.pngThe --virtual-mfa-device-name should be the name you want to assign. 'MyDevice' matches the instruction.
Fix the error in the command to deactivate the MFA device for user 'Eve'.
aws iam deactivate-mfa-device --user-name Eve --serial-number [1]The --serial-number must match the MFA device ARN for the user 'Eve'. Only option A matches the user.
Fill both blanks to attach an MFA policy to user 'Frank' and specify the policy ARN.
aws iam attach-user-policy --user-name [1] --policy-arn [2]
The user name is 'Frank' and the policy ARN for requiring MFA is 'IAMUserMFARequired'.
Fill all three blanks to create an IAM policy JSON that requires MFA for all actions except listing S3 buckets.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Action": [1],
"Resource": "*",
"Condition": {
"BoolIfExists": {
"aws:MultiFactorAuthPresent": [2]
}
}
},
{
"Effect": "Allow",
"Action": [3],
"Resource": "*"
}
]
}The Deny statement applies to all actions ("*") when MFA is not present ("false"). The Allow statement permits listing S3 buckets (["s3:ListAllMyBuckets"]).