Enforcing MFA can be done by creating an IAM policy that requires MFA and attaching it to the users or roles. Here’s an example of such a policy:
Example Policy JSON:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Action": "*",
"Resource": "*",
"Condition": {
"BoolIfExists": {
"aws:MultiFactorAuthPresent": "false"
}
}
}
]
}