本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
使用 Amazon Config 规则评估资源
使用 Amazon Config 评估您的 Amazon 资源的配置设置。您可以通过创建 Amazon Config 规则进行评估,这些规则代表您理想的配置设置。Amazon Config 提供可自定义的预定义规则(称作托管规则)来帮助您开始进行评估。在 Amazon Config 持续跟踪您的资源中出现的配置更改时,它会检查这些更改是否违反了规则中的任何条件。如果某个资源违反了规则,则 Amazon Config 会将该资源和规则标记为不合规。
例如,当创建 EC2 卷时,Amazon Config 可以按照需要卷加密的规则来评估该卷。如果卷没有加密,Amazon Config 会将卷和规则标记为不合规。Amazon Config 还可以在您的所有资源中检查有无账户范围内的要求。例如,Amazon Config 可以检查账户中的 EC2 卷数是否在所需总数内,或者账户是否使用 Amazon CloudTrail 进行日志记录。
服务相关规则是一种独特的托管规则,支持其他Amazon要创建的服务Amazon Config您账户中的规则。这些规则是预定义的,包括调用其他规则所需的所有权限Amazon代表您提供服务。这些规则类似于Amazon在你的服务中推荐Amazon账户用于合规验证。有关更多信息,请参阅 服务相关的Amazon ConfigRule。
Amazon Config 控制台将显示您的规则与资源的合规性状态。您可以查看您的 Amazon 资源在整体上对所需配置的符合情况,并了解哪些特定资源不合规。您也可以使用 Amazon CLI、Amazon Config API 和 Amazon 开发工具包来请求 Amazon Config 服务,以获取合规性信息。
通过使用 Amazon Config 评估您的资源配置,您可以评估资源配置对内部实践、行业指南和法规的遵循情况。
对于支持的地区Amazon Config规则,请参阅Amazon Config区域和终端节点在Amazon Web Services 一般参考.
您最多可以创建 400Amazon Config您账户中每个区域的规则。有关更多信息,请参阅 Amazon Config 限制。
您还可以创建自定义规则来评估 Amazon Config 未记录的其他资源。有关更多信息,请参阅 Amazon Config 自定义规则 和 评估其他资源类型。
主题
区域支持
目前Amazon Config以下区域支持规则:
区域名称 | 区域 | 端点 | 协议 |
---|---|---|---|
美国东部(俄亥俄州) | us-east-2 | config.us-east-2.amazonaws.com | HTTPS |
美国东部(弗吉尼亚州北部) | us-east-1 | config.us-east-1.amazonaws.com | HTTPS |
美国西部(北加利福尼亚) | us-west-1 | config.us-west-1.amazonaws.com | HTTPS |
美国西部(俄勒冈州) | us-west-2 | config.us-west-2.amazonaws.com | HTTPS |
非洲(开普敦) | af-south-1 | config.af-south-1.amazonaws.com | HTTPS |
亚太地区(香港) | ap-east-1 | config.ap-east-1.amazonaws.com | HTTPS |
亚太地区(雅加达) | ap-southeast-3 | config.ap-southeast-3.amazonaws.com | HTTPS |
亚太地区(孟买) | ap-south-1 | config.ap-south-1.amazonaws.com | HTTPS |
亚太地区(大阪) | ap-northeast-3 | config.ap-northeast-3.amazonaws.com | HTTPS |
亚太地区(首尔) | ap-northeast-2 | config.ap-northeast-2.amazonaws.com | HTTPS |
亚太地区(新加坡) | ap-southeast-1 | config.ap-southeast-1.amazonaws.com | HTTPS |
Asia Pacific (Sydney) | ap-southeast-2 | config.ap-southeast-2.amazonaws.com | HTTPS |
亚太地区(东京) | ap-northeast-1 | config.ap-northeast-1.amazonaws.com | HTTPS |
Canada (Central) | ca-central-1 | config.ca-central-1.amazonaws.com | HTTPS |
中国(北京) | cn-north-1 | config.cn-1.amazonaws.com | HTTPS |
中国(宁夏) | cn-northwest-1 | config.cn-north-1.amazonaws.com | HTTPS |
欧洲(斯德哥尔摩) | eu-north-1 | config.eu-north-1.amazonaws.com | HTTPS |
欧洲(法兰克福) | eu-central-1 | config.eu-central-1.amazonaws.com | HTTPS |
Europe (Ireland) | eu-west-1 | config.eu-west-1.amazonaws.com | HTTPS |
欧洲(伦敦) | eu-west-2 | config.eu-west-2.amazonaws.com | HTTPS |
欧洲(米兰) | eu-south-1 | config.eu-south-1.amazonaws.com | HTTPS |
欧洲(巴黎) | eu-west-3 | config.eu-west-3.amazonaws.com | HTTPS |
中东(巴林) | me-south-1 | config.me-south-1.amazonaws.com | HTTPS |
中东(阿联酋) | me-central-1 | config.me-central-1.amazonaws.com | HTTPS |
South America (São Paulo) | sa-east-1 | config.sa-east-1.amazonaws.com | HTTPS |
Amazon GovCloud (美国东部) | us-gov-east-1 | Configus-gov-east-1.amazonaws.com | HTTPS |
Amazon GovCloud (美国西部) | us-gov-west-1 | Configus-gov-west-1.amazonaws.com | HTTPS |
部署Amazon Config中跨成员账户的规则Amazon以下区域支持组织。
区域名称 | 区域 | 端点 | 协议 |
---|---|---|---|
美国东部(俄亥俄州) | us-east-2 | config.us-east-2.amazonaws.com | HTTPS |
美国东部(弗吉尼亚州北部) | us-east-1 | config.us-east-1.amazonaws.com | HTTPS |
美国西部(北加利福尼亚) | us-west-1 | config.us-west-1.amazonaws.com | HTTPS |
美国西部(俄勒冈州) | us-west-2 | config.us-west-2.amazonaws.com | HTTPS |
亚太地区(首尔) | ap-northeast-2 | config.ap-northeast-2.amazonaws.com | HTTPS |
亚太地区(新加坡) | ap-southeast-1 | config.ap-southeast-1.amazonaws.com | HTTPS |
Asia Pacific (Sydney) | ap-southeast-2 | config.ap-southeast-2.amazonaws.com | HTTPS |
亚太地区(东京) | ap-northeast-1 | config.ap-northeast-1.amazonaws.com | HTTPS |
Canada (Central) | ca-central-1 | config.ca-central-1.amazonaws.com | HTTPS |
欧洲(斯德哥尔摩) | eu-north-1 | config.eu-north-1.amazonaws.com | HTTPS |
欧洲(法兰克福) | eu-central-1 | config.eu-central-1.amazonaws.com | HTTPS |
Europe (Ireland) | eu-west-1 | config.eu-west-1.amazonaws.com | HTTPS |
欧洲(伦敦) | eu-west-2 | config.eu-west-2.amazonaws.com | HTTPS |
欧洲(巴黎) | eu-west-3 | config.eu-west-3.amazonaws.com | HTTPS |
中东(阿联酋) | me-central-1 | config.me-central-1.amazonaws.com | HTTPS |
South America (São Paulo) | sa-east-1 | config.sa-east-1.amazonaws.com | HTTPS |