本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。 # Amazon Config 托管规则列表 Amazon Config 目前支持以下托管规则。在使用这些规则之前,请参阅 [注意事项](evaluate-config.md#evaluate-config-considerations) **Topics** + [access-keys-rotated](access-keys-rotated.md) + [acm-certificate-expiration-check](acm-certificate-expiration-check.md) + [active-mq-supported-version](active-mq-supported-version.md) + [alb-desync-mode-check](alb-desync-mode-check.md) + [alb-http-drop-invalid-已启用标题](alb-http-drop-invalid-header-enabled.md) + [alb-http-to-https-重定向检查](alb-http-to-https-redirection-check.md) + [alb-waf-enabled](alb-waf-enabled.md) + [api-gwv2-access-logs-enabled](api-gwv2-access-logs-enabled.md) + [api-gwv2-authorization-type-configured](api-gwv2-authorization-type-configured.md) + [api-gw-associated-with-waf](api-gw-associated-with-waf.md) + [api-gw-cache-enabled并已加密](api-gw-cache-enabled-and-encrypted.md) + [api-gw-endpoint-type-检查](api-gw-endpoint-type-check.md) + [api-gw-execution-logging-已启用](api-gw-execution-logging-enabled.md) + [api-gw-ssl-enabled](api-gw-ssl-enabled.md) + [api-gw-xray-enabled](api-gw-xray-enabled.md) + [approved-amis-by-id](approved-amis-by-id.md) + [approved-amis-by-tag](approved-amis-by-tag.md) + [appsync-associated-with-waf](appsync-associated-with-waf.md) + [appsync-authorization-check](appsync-authorization-check.md) + [appsync-logging-enabled](appsync-logging-enabled.md) + [athena-workgroup-encrypted-at-休息](athena-workgroup-encrypted-at-rest.md) + [athena-workgroup-logging-enabled](athena-workgroup-logging-enabled.md) + [aurora-mysql-cluster-audit-记录](aurora-mysql-cluster-audit-logging.md) + [autoscaling-group-elb-healthcheck-必填项](autoscaling-group-elb-healthcheck-required.md) + [autoscaling-launchconfig-requires-imdsv2](autoscaling-launchconfig-requires-imdsv2.md) + [autoscaling-launch-config-hop-限制](autoscaling-launch-config-hop-limit.md) + [autoscaling-launch-config-public-ip 已禁用](autoscaling-launch-config-public-ip-disabled.md) + [autoscaling-launch-template](autoscaling-launch-template.md) + [autoscaling-multiple-az](autoscaling-multiple-az.md) + [autoscaling-multiple-instance-types](autoscaling-multiple-instance-types.md) + [beanstalk-enhanced-health-reporting-已启用](beanstalk-enhanced-health-reporting-enabled.md) + [clb-desync-mode-check](clb-desync-mode-check.md) + [clb-multiple-az](clb-multiple-az.md) + [cloudformation-stack-drift-detection-检查](cloudformation-stack-drift-detection-check.md) + [cloudformation-stack-notification-check](cloudformation-stack-notification-check.md) + [cloudformation-stack-service-role-检查](cloudformation-stack-service-role-check.md) + [cloudformation-termination-protection-check](cloudformation-termination-protection-check.md) + [cloudtrail-s3-bucket-access-logging](cloudtrail-s3-bucket-access-logging.md) + [cloudtrail-s3-bucket-public-access-prohibited](cloudtrail-s3-bucket-public-access-prohibited.md) + [cloudtrail-s3-dataevents-enabled](cloudtrail-s3-dataevents-enabled.md) + [cloudtrail-security-trail-enabled](cloudtrail-security-trail-enabled.md) + [cloudwatch-alarm-action-check](cloudwatch-alarm-action-check.md) + [cloudwatch-alarm-action-enabled-检查](cloudwatch-alarm-action-enabled-check.md) + [cloudwatch-alarm-resource-check](cloudwatch-alarm-resource-check.md) + [cloudwatch-alarm-settings-check](cloudwatch-alarm-settings-check.md) + [cloudwatch-log-group-encrypted](cloudwatch-log-group-encrypted.md) + [cloud-trail-cloud-watch-启用日志](cloud-trail-cloud-watch-logs-enabled.md) + [cloudtrail-enabled](cloudtrail-enabled.md) + [cloud-trail-encryption-enabled](cloud-trail-encryption-enabled.md) + [cloud-trail-log-file-已启用验证](cloud-trail-log-file-validation-enabled.md) + [cmk-backing-key-rotation-已启用](cmk-backing-key-rotation-enabled.md) + [codebuild-project-environment-privileged-检查](codebuild-project-environment-privileged-check.md) + [codebuild-project-envvar-awscred-检查](codebuild-project-envvar-awscred-check.md) + [codebuild-project-logging-enabled](codebuild-project-logging-enabled.md) + [codebuild-project-s3 个日志加密](codebuild-project-s3-logs-encrypted.md) + [codebuild-project-source-repo-url-check](codebuild-project-source-repo-url-check.md) + [codebuild-report-group-encrypted-在休息时](codebuild-report-group-encrypted-at-rest.md) + [custom-eventbus-policy-attached](custom-eventbus-policy-attached.md) + [cw-loggroup-retention-period-检查](cw-loggroup-retention-period-check.md) + [datasync-task-logging-enabled](datasync-task-logging-enabled.md) + [dax-encryption-enabled](dax-encryption-enabled.md) + [db-instance-backup-enabled](db-instance-backup-enabled.md) + [desired-instance-tenancy](desired-instance-tenancy.md) + [desired-instance-type](desired-instance-type.md) + [dms-auto-minor-version-升级检查](dms-auto-minor-version-upgrade-check.md) + [dms-endpoint-ssl-configured](dms-endpoint-ssl-configured.md) + [dms-replication-instance-multi-az 已启用](dms-replication-instance-multi-az-enabled.md) + [dms-replication-not-public](dms-replication-not-public.md) + [dms-replication-task-sourcedb-记录](dms-replication-task-sourcedb-logging.md) + [dms-replication-task-targetdb-记录](dms-replication-task-targetdb-logging.md) + [docdb-cluster-encrypted-in-交通](docdb-cluster-encrypted-in-transit.md) + [dynamodb-autoscaling-enabled](dynamodb-autoscaling-enabled.md) + [dynamodb-in-backup-plan](dynamodb-in-backup-plan.md) + [dynamodb-pitr-enabled](dynamodb-pitr-enabled.md) + [dynamodb-table-deletion-protection-已启用](dynamodb-table-deletion-protection-enabled.md) + [dynamodb-table-encrypted-kms](dynamodb-table-encrypted-kms.md) + [dynamodb-throughput-limit-check](dynamodb-throughput-limit-check.md) + [ebs-in-backup-plan](ebs-in-backup-plan.md) + [ebs-optimized-instance](ebs-optimized-instance.md) + [ebs-snapshot-block-public-访问](ebs-snapshot-block-public-access.md) + [ebs-snapshot-public-restorable-检查](ebs-snapshot-public-restorable-check.md) + [ec2-ebs-encryption-by-default](ec2-ebs-encryption-by-default.md) + [ec2-已enis-source-destination-check启用](ec2-enis-source-destination-check-enabled.md) + [ec2-imdsv2-check](ec2-imdsv2-check.md) + [ec2-instance-detailed-monitoring-enabled](ec2-instance-detailed-monitoring-enabled.md) + [ec2-instance-launched-with-allowed-ami](ec2-instance-launched-with-allowed-ami.md) + [ec2-管理instance-managed-by-systems器](ec2-instance-managed-by-systems-manager.md) + [ec2-instance-multiple-eni-check](ec2-instance-multiple-eni-check.md) + [ec2-instance-no-public-ip](ec2-instance-no-public-ip.md) + [ec2-instance-profile-attached](ec2-instance-profile-attached.md) + [ec2-已加launch-templates-ebs-volume密](ec2-launch-templates-ebs-volume-encrypted.md) + [ec launch-template-imdsv 2-2-check](ec2-launch-template-imdsv2-check.md) + [ec2-launch-template-public-ip-已禁用](ec2-launch-template-public-ip-disabled.md) + [ec2-managedinstance-applications-blacklisted](ec2-managedinstance-applications-blacklisted.md) + [ec2-managedinstance-applications-required](ec2-managedinstance-applications-required.md) + [ec2-managedinstance-association-compliance-status-check](ec2-managedinstance-association-compliance-status-check.md) + [ec2-managedinstance-inventory-blacklisted](ec2-managedinstance-inventory-blacklisted.md) + [ec2-managedinstance-patch-compliance-status-check](ec2-managedinstance-patch-compliance-status-check.md) + [ec2-managedinstance-platform-check](ec2-managedinstance-platform-check.md) + [ec2-security-group-attached-to-eni](ec2-security-group-attached-to-eni.md) + [ec2-spot-fleet-request-ct-encryption-at-rest](ec2-spot-fleet-request-ct-encryption-at-rest.md) + [ec2-stopped-instance](ec2-stopped-instance.md) + [ec2-volume-inuse-check](ec2-volume-inuse-check.md) + [ecr-private-lifecycle-policy-已配置](ecr-private-lifecycle-policy-configured.md) + [ecr-private-tag-immutability-已启用](ecr-private-tag-immutability-enabled.md) + [ecr-repository-cmk-encryption-已启用](ecr-repository-cmk-encryption-enabled.md) + [ecs-capacity-provider-termination-检查](ecs-capacity-provider-termination-check.md) + [ecs-containers-nonprivileged](ecs-containers-nonprivileged.md) + [ecs-containers-readonly-access](ecs-containers-readonly-access.md) + [ecs-container-insights-enabled](ecs-container-insights-enabled.md) + [ecs-fargate-latest-platform-版本](ecs-fargate-latest-platform-version.md) + [ecs-no-environment-secrets](ecs-no-environment-secrets.md) + [ecs-task-definition-efs-已启用加密](ecs-task-definition-efs-encryption-enabled.md) + [ecs-task-definition-linux-user-non-root](ecs-task-definition-linux-user-non-root.md) + [ecs-task-definition-log-配置](ecs-task-definition-log-configuration.md) + [ecs-task-definition-network-mode-not-host](ecs-task-definition-network-mode-not-host.md) + [ecs-task-definition-pid-模式检查](ecs-task-definition-pid-mode-check.md) + [ecs-task-definition-user-for-host-mode-check](ecs-task-definition-user-for-host-mode-check.md) + [ecs-task-definition-windows-user-non-admin](ecs-task-definition-windows-user-non-admin.md) + [efs-automatic-backups-enabled](efs-automatic-backups-enabled.md) + [efs-encrypted-check](efs-encrypted-check.md) + [efs-filesystem-ct-encrypted](efs-filesystem-ct-encrypted.md) + [efs-in-backup-plan](efs-in-backup-plan.md) + [eip-attached](eip-attached.md) + [eks-cluster-log-enabled](eks-cluster-log-enabled.md) + [eks-cluster-supported-version](eks-cluster-supported-version.md) + [eks-endpoint-no-public-访问](eks-endpoint-no-public-access.md) + [eks-secrets-encrypted](eks-secrets-encrypted.md) + [elasticache-auto-minor-version-升级检查](elasticache-auto-minor-version-upgrade-check.md) + [elasticache-redis-cluster-automatic-备份检查](elasticache-redis-cluster-automatic-backup-check.md) + [elasticache-repl-grp-auto-启用故障转移](elasticache-repl-grp-auto-failover-enabled.md) + [elasticache-repl-grp-encrypted-在休息时](elasticache-repl-grp-encrypted-at-rest.md) + [elasticache-repl-grp-encrypted在途中](elasticache-repl-grp-encrypted-in-transit.md) + [elasticache-repl-grp-redis-已启用 auth](elasticache-repl-grp-redis-auth-enabled.md) + [elasticache-subnet-group-check](elasticache-subnet-group-check.md) + [elasticsearch-encrypted-at-rest](elasticsearch-encrypted-at-rest.md) + [elasticsearch-in-vpc-only](elasticsearch-in-vpc-only.md) + [elasticsearch-logs-to-cloudwatch](elasticsearch-logs-to-cloudwatch.md) + [elasticsearch-node-to-node-加密检查](elasticsearch-node-to-node-encryption-check.md) + [elastic-beanstalk-managed-updates-已启用](elastic-beanstalk-managed-updates-enabled.md) + [elbv2-acm-certificate-required](elbv2-acm-certificate-required.md) + [elbv2-listener-encryption-in-transit](elbv2-listener-encryption-in-transit.md) + [elbv2-multiple-az](elbv2-multiple-az.md) + [elbv2--check predefined-security-policy-ssl](elbv2-predefined-security-policy-ssl-check.md) + [elb-acm-certificate-required](elb-acm-certificate-required.md) + [elb-cross-zone-load-启用平衡](elb-cross-zone-load-balancing-enabled.md) + [elb-custom-security-policy-ssl-check](elb-custom-security-policy-ssl-check.md) + [elb-deletion-protection-enabled](elb-deletion-protection-enabled.md) + [elb-logging-enabled](elb-logging-enabled.md) + [elb-predefined-security-policy-ssl 检查](elb-predefined-security-policy-ssl-check.md) + [elb-tls-https-listeners-只有](elb-tls-https-listeners-only.md) + [emr-kerberos-enabled](emr-kerberos-enabled.md) + [emr-master-no-public-ip](emr-master-no-public-ip.md) + [encrypted-volumes](encrypted-volumes.md) + [fms-webacl-resource-policy-检查](fms-webacl-resource-policy-check.md) + [fms-webacl-rulegroup-association-检查](fms-webacl-rulegroup-association-check.md) + [fsx-ontap-deployment-type-检查](fsx-ontap-deployment-type-check.md) + [fsx-openzfs-deployment-type-检查](fsx-openzfs-deployment-type-check.md) + [fsx-windows-deployment-type-检查](fsx-windows-deployment-type-check.md) + [glue-job-logging-enabled](glue-job-logging-enabled.md) + [glue-spark-job-supported-版本](glue-spark-job-supported-version.md) + [guardduty-enabled-centralized](guardduty-enabled-centralized.md) + [guardduty-non-archived-findings](guardduty-non-archived-findings.md) + [iam-customer-policy-blocked-kms 动作](iam-customer-policy-blocked-kms-actions.md) + [iam-group-has-users-检查](iam-group-has-users-check.md) + [iam-inline-policy-blocked-kms 动作](iam-inline-policy-blocked-kms-actions.md) + [iam-no-inline-policy-检查](iam-no-inline-policy-check.md) + [iam-password-policy](iam-password-policy.md) + [iam-policy-blacklisted-check](iam-policy-blacklisted-check.md) + [iam-policy-in-use](iam-policy-in-use.md) + [iam-policy-no-statements-with-admin-access](iam-policy-no-statements-with-admin-access.md) + [iam-policy-no-statements-with-full-access](iam-policy-no-statements-with-full-access.md) + [iam-role-managed-policy-检查](iam-role-managed-policy-check.md) + [iam-root-access-key-检查](iam-root-access-key-check.md) + [iam-user-group-membership-检查](iam-user-group-membership-check.md) + [iam-user-mfa-enabled](iam-user-mfa-enabled.md) + [iam-user-no-policies-检查](iam-user-no-policies-check.md) + [iam-user-unused-credentials-检查](iam-user-unused-credentials-check.md) + [restricted-ssh](restricted-ssh.md) + [ec2-instances-in-vpc](ec2-instances-in-vpc.md) + [internet-gateway-authorized-vpc-只有](internet-gateway-authorized-vpc-only.md) + [kinesis-stream-backup-retention-检查](kinesis-stream-backup-retention-check.md) + [kinesis-stream-encrypted](kinesis-stream-encrypted.md) + [kms-cmk-not-scheduled-用于删除](kms-cmk-not-scheduled-for-deletion.md) + [kms-key-policy-no-公共访问](kms-key-policy-no-public-access.md) + [mariadb-publish-logs-to-云监视日志](mariadb-publish-logs-to-cloudwatch-logs.md) + [mfa-enabled-for-iam-控制台访问权限](mfa-enabled-for-iam-console-access.md) + [mq-active-deployment-mode](mq-active-deployment-mode.md) + [mq-auto-minor-version-已启用升级](mq-auto-minor-version-upgrade-enabled.md) + [mq-rabbit-deployment-mode](mq-rabbit-deployment-mode.md) + [msk-cluster-public-access-已禁用](msk-cluster-public-access-disabled.md) + [msk-enhanced-monitoring-enabled](msk-enhanced-monitoring-enabled.md) + [msk-in-cluster-node-需要-tls](msk-in-cluster-node-require-tls.md) + [msk-unrestricted-access-check](msk-unrestricted-access-check.md) + [multi-region-cloudtrail-enabled](multi-region-cloudtrail-enabled.md) + [nacl-no-unrestricted-ssh-rdp](nacl-no-unrestricted-ssh-rdp.md) + [neptune-cluster-deletion-protection-已启用](neptune-cluster-deletion-protection-enabled.md) + [netfw-multi-az-enabled](netfw-multi-az-enabled.md) + [netfw-subnet-change-protection-已启用](netfw-subnet-change-protection-enabled.md) + [nlb-cross-zone-load-启用平衡](nlb-cross-zone-load-balancing-enabled.md) + [nlb-logging-enabled](nlb-logging-enabled.md) + [no-unrestricted-route-to-igw](no-unrestricted-route-to-igw.md) + [opensearch-update-check](opensearch-update-check.md) + [rabbit-mq-supported-version](rabbit-mq-supported-version.md) + [rds-automatic-minor-version-已启用升级](rds-automatic-minor-version-upgrade-enabled.md) + [rds-enhanced-monitoring-enabled](rds-enhanced-monitoring-enabled.md) + [rds-instance-deletion-protection-已启用](rds-instance-deletion-protection-enabled.md) + [rds-instance-iam-authentication-已启用](rds-instance-iam-authentication-enabled.md) + [rds-instance-public-access-检查](rds-instance-public-access-check.md) + [rds-instance-subnet-igw-检查](rds-instance-subnet-igw-check.md) + [rds-in-backup-plan](rds-in-backup-plan.md) + [rds-logging-enabled](rds-logging-enabled.md) + [rds-mariadb-instance-encrypted在途中](rds-mariadb-instance-encrypted-in-transit.md) + [rds-multi-az-support](rds-multi-az-support.md) + [rds-mysql-instance-encrypted在途中](rds-mysql-instance-encrypted-in-transit.md) + [rds-postgresql-logs-to-云观察](rds-postgresql-logs-to-cloudwatch.md) + [rds-postgres-instance-encrypted在途中](rds-postgres-instance-encrypted-in-transit.md) + [rds-proxy-tls-encryption](rds-proxy-tls-encryption.md) + [rds-snapshots-public-prohibited](rds-snapshots-public-prohibited.md) + [rds-snapshot-encrypted](rds-snapshot-encrypted.md) + [rds-sqlserver-encrypted-in-交通](rds-sqlserver-encrypted-in-transit.md) + [rds-sql-server-logs到云端观察](rds-sql-server-logs-to-cloudwatch.md) + [rds-storage-encrypted](rds-storage-encrypted.md) + [redshift-backup-enabled](redshift-backup-enabled.md) + [redshift-cluster-configuration-check](redshift-cluster-configuration-check.md) + [redshift-cluster-kms-enabled](redshift-cluster-kms-enabled.md) + [redshift-cluster-maintenancesettings-check](redshift-cluster-maintenancesettings-check.md) + [redshift-cluster-multi-az-已启用](redshift-cluster-multi-az-enabled.md) + [redshift-cluster-public-access-检查](redshift-cluster-public-access-check.md) + [redshift-cluster-subnet-group-多可用区](redshift-cluster-subnet-group-multi-az.md) + [redshift-default-admin-check](redshift-default-admin-check.md) + [redshift-default-db-name-检查](redshift-default-db-name-check.md) + [redshift-enhanced-vpc-routing-已启用](redshift-enhanced-vpc-routing-enabled.md) + [redshift-require-tls-ssl](redshift-require-tls-ssl.md) + [redshift-serverless-default-admin-检查](redshift-serverless-default-admin-check.md) + [redshift-serverless-default-db-姓名检查](redshift-serverless-default-db-name-check.md) + [redshift-serverless-namespace-cmk-加密](redshift-serverless-namespace-cmk-encryption.md) + [redshift-serverless-publish-logs到云端观察](redshift-serverless-publish-logs-to-cloudwatch.md) + [redshift-serverless-workgroup-encrypted在途中](redshift-serverless-workgroup-encrypted-in-transit.md) + [redshift-serverless-workgroup-no-公共访问](redshift-serverless-workgroup-no-public-access.md) + [redshift-serverless-workgroup-routes-在 vpc 内](redshift-serverless-workgroup-routes-within-vpc.md) + [required-tags](required-tags.md) + [restricted-common-ports](restricted-common-ports.md) + [仅限 s3 access-point-in-vpc-](s3-access-point-in-vpc-only.md) + [s3 access-point-public-access-方块](s3-access-point-public-access-blocks.md) + [s3-account-level-public-access-blocks](s3-account-level-public-access-blocks.md) + [s3--account-level-public-access 区块-周期性](s3-account-level-public-access-blocks-periodic.md) + [s3-bucket-acl-prohibited](s3-bucket-acl-prohibited.md) + [s3-bucket-blacklisted-actions-prohibited](s3-bucket-blacklisted-actions-prohibited.md) + [s3-已bucket-cross-region-replication启用](s3-bucket-cross-region-replication-enabled.md) + [s3-bucket-default-lock-enabled](s3-bucket-default-lock-enabled.md) + [s3-bucket-level-public-access-禁止使用](s3-bucket-level-public-access-prohibited.md) + [s3-bucket-logging-enabled](s3-bucket-logging-enabled.md) + [s3-bucket-mfa-delete-enabled](s3-bucket-mfa-delete-enabled.md) + [s3-bucket-policy-grantee-check](s3-bucket-policy-grantee-check.md) + [s3-bucket-policy-not-more-宽容](s3-bucket-policy-not-more-permissive.md) + [s3-bucket-public-read-prohibited](s3-bucket-public-read-prohibited.md) + [s3-bucket-public-write-prohibited](s3-bucket-public-write-prohibited.md) + [s3-bucket-replication-enabled](s3-bucket-replication-enabled.md) + [s3-已bucket-server-side-encryption启用](s3-bucket-server-side-encryption-enabled.md) + [s3-bucket-ssl-requests-only](s3-bucket-ssl-requests-only.md) + [s3-bucket-versioning-enabled](s3-bucket-versioning-enabled.md) + [s3-default-encryption-kms](s3-default-encryption-kms.md) + [s3-event-notifications-enabled](s3-event-notifications-enabled.md) + [s3-lifecycle-policy-check](s3-lifecycle-policy-check.md) + [s3-version-lifecycle-policy-check](s3-version-lifecycle-policy-check.md) + [sagemaker-endpoint-configuration-kms-密钥已配置](sagemaker-endpoint-configuration-kms-key-configured.md) + [sagemaker-notebook-instance-inside-vpc](sagemaker-notebook-instance-inside-vpc.md) + [sagemaker-notebook-instance-kms-密钥已配置](sagemaker-notebook-instance-kms-key-configured.md) + [sagemaker-notebook-instance-platform-版本](sagemaker-notebook-instance-platform-version.md) + [sagemaker-notebook-instance-root-访问检查](sagemaker-notebook-instance-root-access-check.md) + [sagemaker-notebook-no-direct-互联网接入](sagemaker-notebook-no-direct-internet-access.md) + [secretsmanager-rotation-enabled-check](secretsmanager-rotation-enabled-check.md) + [secretsmanager-scheduled-rotation-success-检查](secretsmanager-scheduled-rotation-success-check.md) + [secretsmanager-secret-periodic-rotation](secretsmanager-secret-periodic-rotation.md) + [secretsmanager-secret-unused](secretsmanager-secret-unused.md) + [secretsmanager-using-cmk](secretsmanager-using-cmk.md) + [securityhub-enabled](securityhub-enabled.md) + [security-account-information-provided](security-account-information-provided.md) + [service-vpc-endpoint-enabled](service-vpc-endpoint-enabled.md) + [sns-encrypted-kms](sns-encrypted-kms.md) + [sns-topic-message-delivery-启用通知](sns-topic-message-delivery-notification-enabled.md) + [sns-topic-no-public-访问](sns-topic-no-public-access.md) + [sqs-queue-dlq-check](sqs-queue-dlq-check.md) + [sqs-queue-no-public-访问](sqs-queue-no-public-access.md) + [sqs-queue-policy-full-访问检查](sqs-queue-policy-full-access-check.md) + [ssm-automation-block-public-共享](ssm-automation-block-public-sharing.md) + [ssm-automation-logging-enabled](ssm-automation-logging-enabled.md) + [ssm-document-not-public](ssm-document-not-public.md) + [step-functions-state-machine-启用日志功能](step-functions-state-machine-logging-enabled.md) + [subnet-auto-assign-public-ip 已禁用](subnet-auto-assign-public-ip-disabled.md) + [transfer-connector-logging-enabled](transfer-connector-logging-enabled.md) + [vpc-default-security-group-已关闭](vpc-default-security-group-closed.md) + [vpc-endpoint-enabled](vpc-endpoint-enabled.md) + [vpc-flow-logs-enabled](vpc-flow-logs-enabled.md) + [vpc-network-acl-unused-检查](vpc-network-acl-unused-check.md) + [vpc-sg-open-only-to-authorized-ports](vpc-sg-open-only-to-authorized-ports.md) + [wafv2-logging-enabled](wafv2-logging-enabled.md) + [wafv2-rulegroup-logging-enabled](wafv2-rulegroup-logging-enabled.md) + [wafv2-webacl-not-empty](wafv2-webacl-not-empty.md) + [waf-global-rulegroup-not-空](waf-global-rulegroup-not-empty.md) + [waf-global-rule-not-空](waf-global-rule-not-empty.md) + [waf-regional-rule-not-空](waf-regional-rule-not-empty.md) + [waf-regional-webacl-not-空](waf-regional-webacl-not-empty.md)