AWS 托管配置规则

计算

• approved-amis-by-id

• approved-amis-by-tag

• autoscaling-group-elb-healthcheck-required

• desired-instance-tenancy

• desired-instance-type

• ebs-optimized-instance

• ec2-instance-detailed-monitoring-enabled

• ec2-instances-in-vpc

• ec2-managedinstance-applications-blacklisted

• ec2-managedinstance-applications-required

• ec2-managedinstance-inventory-blacklisted

• ec2-managedinstance-platform-check

• ec2-volume-inuse-check

• eip-attached

• elb-custom-security-policy-ssl-check

• elb-predefined-security-policy-ssl-check

• restricted-common-ports

• restricted-ssh

Database

• db-instance-backup-enabled

• dynamodb-autoscaling-enabled

• dynamodb-throughput-limit-check

• rds-multi-az-support

• redshift-cluster-configuration-check

• redshift-cluster-maintenancesettings-check

管理工具

• cloudtrail-enabled

• cloudformation-stack-notification-check

• cloudwatch-alarm-action-check

• cloudwatch-alarm-resource-check

• cloudwatch-alarm-settings-check

• codebuild-project-envvar-awscred-check

• codebuild-project-source-repo-url-check

• required-tags

安全、身份和合规性

• fms-webacl-resource-policy-check

• fms-webacl-rulegroup-association-check

• iam-group-has-users-check

• iam-password-policy

• iam-user-group-membership-check

• iam-user-no-policies-check

• root-account-mfa-enabled

存储

• s3-bucket-logging-enabled

• s3-bucket-public-read-prohibited*

• s3-bucket-public-write-prohibited*

• s3-bucket-server-side-encryption-enabled*

• s3-bucket-ssl-requests-only*

• s3-bucket-versioning-enabled