本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
Amazon Config 托管规则的列表
Amazon Config目前支持以下托管规则。
为托管规则指定的默认值仅在使用Amazon控制台。没有为 API、CLI 或 SDK 提供默认值。
主题
- access-keys-rotated
- alb-http-drop-invalid-已启用头文件
- alb-http-to-https-重定向检查
- api-gw-cache-enabled并加密
- api-gw-endpoint-type-检查
- api-gw-execution-logging-已启用
- approved-amis-by-id
- approved-amis-by-tag
- autoscaling-group-elb-healthcheck-必需
- autoscaling-launch-config-public-ip-已禁用
- cloudtrail-s3-dataevents-enabled
- cloudtrail-security-trail-enabled
- cloudwatch-alarm-action-check
- cloudwatch-alarm-resource-check
- cloudwatch-alarm-settings-check
- cloud-trail-cloud-watch-启用日志
- cloudtrail-enabled
- cloud-trail-encryption-enabled
- cloud-trail-log-file-已启用验证
- cmk-backing-key-rotation-已启用
- codebuild-project-envvar-awscred-检查
- codebuild-project-source-repo-url-check
- cw-loggroup-retention-period-检查
- db-instance-backup-enabled
- desired-instance-tenancy
- desired-instance-type
- dms-replication-not-public
- dynamodb-autoscaling-enabled
- dynamodb-in-backup-plan
- dynamodb-pitr-enabled
- dynamodb-table-encrypted-kms
- dynamodb-throughput-limit-check
- ebs-in-backup-plan
- ebs-optimized-instance
- ebs-snapshot-public-restorable-检查
- ec2-ebs-encryption-by-default
- ec2-imdsv2-check
- ec2-instance-detailed-monitoring-enabled
- ec2-instance-managed-by-systems-Manager
- ec2-instance-multiple-eni-check
- ec2-instance-no-public-ip
- ec2-managedinstance-applications-blacklisted
- ec2-managedinstance-applications-required
- ec2-managedinstance-association-compliance-status-检查
- ec2-managedinstance-inventory-blacklisted
- ec2-managedinstance-patch-compliance-status-检查
- ec2-managedinstance-platform-check
- ec-security-group-attached-to-enid
- ec2-stopped-instance
- ec2-volume-inuse-check
- efs-encrypted-check
- efs-in-backup-plan
- eip-attached
- eks-endpoint-no-public-访问
- eks-secrets-encrypted
- elasticache-redis-cluster-automatic-备份检查
- elasticsearch-in-vpc-only
- elbv2-acm-certificate-required
- elb-cross-zone-load-已启用平衡
- elb-custom-security-policy-ssl-check
- elb-deletion-protection-enabled
- elb-logging-enabled
- elb-predefined-security-policy-ssl-check
- elb-tls-https-listeners-仅限
- emr-kerberos-enabled
- emr-master-no-public-ic
- encrypted-volumes
- fms-webacl-resource-policy-check
- fms-webacl-rulegroup-association-检查
- iam-customer-policy-blocked-kms-action
- iam-group-has-users-查看
- iam-inline-policy-blocked-kms-action
- iam-no-inline-policy-检查
- iam-password-policy
- iam-policy-blacklisted-check
- iam-policy-in-use
- iam-policy-no-statements-with-admin-access
- iam-role-managed-policy-检查
- iam-root-access-key-检查
- iam-user-group-membership-检查
- iam-user-mfa-enabled
- iam-user-no-policies-检查
- iam-user-unused-credentials-检查
- restricted-ssh
- ec2-instances-in-vpc
- internet-gateway-authorized-vpc-仅限
- kms-cmk-not-scheduled-用于删除
- mfa-enabled-for-iam-控制台访问权限
- multi-region-cloudtrail-enabled
- rds-enhanced-monitoring-enabled
- rds-instance-deletion-protection-已启用
- rds-instance-public-access-查看
- rds-in-backup-plan
- rds-multi-az-support
- rds-snapshots-public-prohibited
- rds-snapshot-encrypted
- rds-storage-encrypted
- redshift-cluster-configuration-check
- redshift-cluster-maintenancesettings-check
- redshift-cluster-public-access-检查
- redshift-require-tls-ssl
- required-tags
- restricted-common-ports
- S3-account-level-public-access-块
- S3-bucket-blacklisted-actions-prohibited
- S3-bucket-default-lock-enabled
- S3-bucket-logging-enabled
- S3-bucket-policy-grantee-check
- S3-bucket-policy-not-more-允许
- S3-bucket-public-read-prohibited
- S3-bucket-public-write-prohibited
- S3-bucket-replication-enabled
- S3-bucket-server-side-encryption-已启用
- S3-bucket-ssl-requests-only
- S3-bucket-versioning-enabled
- S3default-encryption-kms
- secretsmanager-rotation-enabled-check
- secretsmanager-scheduled-rotation-success-Check
- service-vpc-endpoint-enabled
- sns-encrypted-kms
- ssm-document-not-public
- vpc-default-security-group-已关闭
- vpc-flow-logs-enabled
- vpc-sg-open-only-to-authorized-ports