NotTheDr01ds · December 28, 2019 05:06
diff --git a/cli_mfa.json b/cli_mfa.json
 {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "DenyAllWhenMFAIsNotPresent",
            "Effect": "Deny",
            "NotAction": [
                "iam:ListMFADevices",
                "sts:GetSessionToken"
            ],
            "Resource": "*",
            "Condition": {
                "BoolIfExists": {
                    "aws:MultiFactorAuthPresent": false
                }
            }
        },
        {
            "Sid": "DenyAllWhenMFAIsOlderThanFourHours",
            "Effect": "Deny",
            "NotAction": [
                "iam:ListMFADevices",
                "sts:GetSessionToken"
            ],
            "Resource": "*",
            "Condition": {
                "NumericGreaterThanIfExists": {
                    "aws:MultiFactorAuthAge": "14400"
                }
            }
        }
    ]
 }
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Sid": "DenyAllWhenMFAIsNotPresent",
	"Effect": "Deny",
	"NotAction": [
	"iam:ListMFADevices",
	"sts:GetSessionToken"
	],
	"Resource": "*",
	"Condition": {
	"BoolIfExists": {
	"aws:MultiFactorAuthPresent": false
	}
	}
	},
	{
	"Sid": "DenyAllWhenMFAIsOlderThanFourHours",
	"Effect": "Deny",
	"NotAction": [
	"iam:ListMFADevices",
	"sts:GetSessionToken"
	],
	"Resource": "*",
	"Condition": {
	"NumericGreaterThanIfExists": {
	"aws:MultiFactorAuthAge": "14400"
	}
	}
	}
	]
	}