vpc-endpoint-enabled
Checks if each service specified in the parameter has an Amazon VPC endpoint. The rule is NON_COMPLIANT if Amazon VPC does not have a VPC endpoint created for each specified service. Optionally, you can specify certain VPCs for the rule to check.
Identifier: VPC_ENDPOINT_ENABLED
Resource Types: AWS::EC2::VPC
Trigger type: Periodic
Amazon Web Services Region: All supported Amazon regions except US ISO West, US ISO East, Asia Pacific (Osaka), Asia Pacific (Malaysia), US ISOB East, Israel (Tel Aviv), Canada West (Calgary) Region
Parameters:
- serviceNames
- Type: CSV
-
Comma-separated list of service names or endpoints. Example: "access-analyzer, appconfig, cloudtrail" or "com.amazonaws.region.access-analyzer". Use DescribeVpcEndpointServices for available names.
- vpcIds (Optional)
- Type: CSV
-
Comma-separated list of Amazon VPC IDs for VPC endpoints. If provided, the rule is NON_COMPLIANT if the services specified in the serviceName parameter do not have one of these VPC endpoints.
Amazon CloudFormation template
To create Amazon Config managed rules with Amazon CloudFormation templates, see Creating Amazon Config Managed Rules With Amazon CloudFormation Templates.