View a markdown version of this page
本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
Amazon Config 目前支持以下托管规则。在使用这些规则之前,请参阅 注意事项
access-keys-rotated
acm-certificate-expiration-check
active-mq-supported-version
alb-desync-mode-check
alb-http-drop-invalid-已启用标题
alb-http-to-https-重定向检查
alb-waf-enabled
api-gwv2-access-logs-enabled
api-gwv2-authorization-type-configured
api-gw-associated-with-waf
api-gw-cache-enabled并已加密
api-gw-endpoint-type-检查
api-gw-execution-logging-enabled
api-gw-ssl-enabled
api-gw-xray-enabled
approved-amis-by-id
approved-amis-by-tag
appsync-associated-with-waf
appsync-authorization-check
appsync-logging-enabled
athena-workgroup-encrypted-at-休息
athena-workgroup-logging-enabled
aurora-mysql-cluster-audit-记录
autoscaling-group-elb-healthcheck-必填项
autoscaling-launchconfig-requires-imdsv2
autoscaling-launch-config-hop-限制
autoscaling-launch-config-public-ip 已禁用
autoscaling-launch-template
autoscaling-multiple-az
autoscaling-multiple-instance-types
beanstalk-enhanced-health-reporting-已启用
clb-desync-mode-check
clb-multiple-az
cloudformation-stack-drift-detection-check
cloudformation-stack-notification-check
cloudformation-stack 服务角色检查
cloudformation 终止保护检查
cloudtrail-s3-bucket-access-logging
cloudtrail-s3-bucket-public-access-prohibited
cloudtrail-s3-dataevents-enabled
cloudtrail-security-trail-enabled
cloudwatch-alarm-action-check
cloudwatch-alarm-action-enabled-check
cloudwatch-alarm-resource-check
cloudwatch-alarm-settings-check
cloudwatch-log-group-encrypted
cloud-trail-cloud-watch-logs-enabled
cloudtrail-enabled
cloud-trail-encryption-enabled
cloud-trail-log-file-validation-enabled
cmk-backing-key-rotation-enabled
codebuild-project-environment-privileged-check
codebuild-project-envvar-awscred-check
codebuild-project-logging-enabled
codebuild-project-s3-logs-encrypted
codebuild-project-source-repo-url-check
codebuild-report-group-encrypted-at-rest
custom-eventbus-policy-attached
cw-loggroup-retention-period-check
datasync-task-logging-enabled
dax-encryption-enabled
db-instance-backup-enabled
desired-instance-tenancy
desired-instance-type
dms-auto-minor-version-upgrade-check
dms-endpoint-ssl-configured
dms-replication-instance-multi-az-enabled
dms-replication-not-public
dms-replication-task-sourcedb-logging
dms-replication-task-targetdb-logging
docdb-cluster-encrypted-in-transit
dynamodb-autoscaling-enabled
dynamodb-in-backup-plan
dynamodb-pitr-enabled
dynamodb-table-deletion-protection-enabled
dynamodb-table-encrypted-kms
dynamodb-throughput-limit-check
ebs-in-backup-plan
ebs-optimized-instance
ebs快照封锁公共访问权限
ebs-snapshot-public-restorable-check
ec2-ebs-encryption-by-default
ec2-enis-source-destination-check-enabled
ec2-imdsv2-check
ec2-instance-detailed-monitoring-enabled
ec2-instance-launched-with-allowed-ami
ec2-instance-managed-by-systems-manager
ec2-instance-multiple-eni-check
ec2-instance-no-public-ip
ec2-instance-profile-attached
ec2-launch-templates-ebs-volume-encrypted
ec2-launch-template-imdsv2-check
ec2-launch-template-public-ip-disabled
ec2-managedinstance-applications-blacklisted
ec2-managedinstance-applications-required
ec2-managedinstance-association-compliance-status-check
ec2-managedinstance-inventory-blacklisted
ec2-managedinstance-patch-compliance-status-check
ec2-managedinstance-platform-check
ec2-security-group-attached-to-eni
ec2-spot-fleet-request-ct-encryption-at-rest
ec2-stopped-instance
ec2-volume-inuse-check
ecr-private-lifecycle-policy-configured
ecr-private-tag-immutability-enabled
ecr-repository-cmk-encryption-enabled
ecs 容量提供程序终止检查
ecs-containers-nonprivileged
ecs-containers-readonly-access
ecs-container-insights-enabled
ecs-fargate-latest-platform-version
ecs-no-environment-secrets
ecs 任务定义启用 efs 加密
ecs-task-definition-linux 用户非根用户
ecs-task-definition-log-configuration
ecs-task-definition-network-mode-not-host
ecs-task-definition-pid-mode-check
ecs-task-definition-user-for-host-mode-check
ecs-task-definition-windows-用户-非管理员
efs-automatic-backups-enabled
efs-encrypted-check
efs-filesystem-ct-encrypted
efs-in-backup-plan
eip-attached
eks-cluster-log-enabled
eks-cluster-supported-version
eks-endpoint-no-public-access
eks-nodegroup 支持的版本检查
eks-secrets-encrypted
elasticache-auto-minor-version-upgrade-check
elasticache-redis-cluster-automatic-backup-check
elasticache-repl-grp-auto-failover-enabled
elasticache-repl-grp-encrypted-at-rest
elasticache-repl-grp-encrypted-in-transit
elasticache-repl-grp-redis-auth-enabled
elasticache-subnet-group-check
elasticsearch-encrypted-at-rest
elasticsearch-in-vpc-only
elasticsearch-logs-to-cloudwatch
elasticsearch-node-to-node-encryption-check
elastic-beanstalk-managed-updates-enabled
elbv2-acm-certificate-required
elbv2-listener-encryption-in-transit
elbv2-multiple-az
elbv2-predefined-security-policy-ssl-check
elb-acm-certificate-required
elb-cross-zone-load-balancing-enabled
elb-custom-security-policy-ssl-check
elb-deletion-protection-enabled
elb-logging-enabled
elb-predefined-security-policy-ssl-check
elb-tls-https-listeners-only
emr-kerberos-enabled
emr-master-no-public-ip
encrypted-volumes
fms-webacl-resource-policy-check
fms-webacl-rulegroup-association-check
fsx-ontap-deployment-type-check
fsx-openzfs-deployment-type-check
fsx-windows-deployment-type-check
glue-job-logging-enabled
glue-spark-job-supported-version
guardduty-enabled-centralized
guardduty-non-archived-findings
iam-customer-policy-blocked-kms-actions
iam-group-has-users-check
iam-inline-policy-blocked-kms-actions
iam-no-inline-policy-check
iam-password-policy
iam-policy-blacklisted-check
iam-policy-in-use
iam-policy-no-statements-with-admin-access
iam-policy-no-statements-with-full-access
iam-role-managed-policy-check
iam-root-access-key-check
iam-user-group-membership-check
iam-user-mfa-enabled
iam-user-no-policies-check
iam-user-unused-credentials-check
restricted-ssh
ec2-instances-in-vpc
internet-gateway-authorized-vpc-only
kinesis-stream-backup-retention-check
kinesis-stream-encrypted
kms-cmk-not-scheduled-for-deletion
kms-key-policy-no-public-access
mariadb-publish-logs-to-cloudwatch-logs
mfa-enabled-for-iam-console-access
mq-active-deployment-mode
mq-auto-minor-version-upgrade-enabled
mq-rabbit-deployment-mode
msk-cluster-public-access-disabled
msk-enhanced-monitoring-enabled
msk-in-cluster-node-require-tls
msk-unrestricted-access-check
multi-region-cloudtrail-enabled
nacl-no-unrestricted-ssh-rdp
netfw-subnet-change-protection-enabled
nlb-logging-enabled
no-unrestricted-route-to-igw
opensearch-update-check
rabbit-mq-supported-version
rds-automatic-minor-version-upgrade-enabled
rds-enhanced-monitoring-enabled
rds-instance-deletion-protection-enabled
rds-instance-iam-authentication-enabled
rds-instance-public-access-check
rds-instance-subnet-igw-check
rds-in-backup-plan
rds-logging-enabled
rds-mariadb-instance-encrypted-in-transit
rds-multi-az-support
rds-mysql-instance-encrypted-in-transit
rds-postgresql-logs-to-cloudwatch
rds-postgres-instance-encrypted-in-transit
rds-proxy-tls-encryption
rds-snapshots-public-prohibited
rds-snapshot-encrypted
rds-sqlserver-encrypted-in-transit
rds-sql-server-logs-to-cloudwatch
rds-storage-encrypted
redshift-backup-enabled
redshift-cluster-configuration-check
redshift-cluster-kms-enabled
redshift-cluster-maintenancesettings-check
redshift-cluster-multi-az-enabled
redshift-cluster-public-access-check
redshift-cluster-subnet-group-multi-az
redshift-default-admin-check
redshift-default-db-name-check
redshift-enhanced-vpc-routing-enabled
redshift-require-tls-ssl
redshift-serverless-default-admin-check
redshift-serverless-default-db-name-check
redshift-serverless-namespace-cmk-encryption
redshift-serverless-publish-logs-to-cloudwatch
redshift-serverless-workgroup-encrypted-in-transit
redshift-serverless-workgroup-no-public-access
redshift-serverless-workgroup-routes-within-vpc
required-tags
restricted-common-ports
s3-access-point-in-vpc-only
s3-access-point-public-access-blocks
s3-account-level-public-access-blocks
s3-account-level-public-access-blocks-periodic
s3-bucket-acl-prohibited
s3-bucket-blacklisted-actions-prohibited
s3-bucket-cross-region-replication-enabled
s3-bucket-default-lock-enabled
s3-bucket-level-public-access-prohibited
s3-bucket-logging-enabled
s3-bucket-mfa-delete-enabled
s3-bucket-policy-grantee-check
s3-bucket-policy-not-more-permissive
s3-bucket-public-read-prohibited
s3-bucket-public-write-prohibited
s3-bucket-replication-enabled
s3-bucket-server-side-encryption-enabled
s3-bucket-ssl-requests-only
s3-bucket-versioning-enabled
s3-default-encryption-kms
s3-event-notifications-enabled
s3-lifecycle-policy-check
s3-version-lifecycle-policy-check
sagemaker-endpoint-configuration-kms-key-configured
sagemaker-featuregroup 静态加密
sagemaker-featuregroup 在线商店加密
sagemaker-notebook-instance-inside-vpc
sagemaker-notebook-instance-kms-key-configured
sagemaker-notebook-instance-platform-version
sagemaker-notebook-instance-root-access-check
sagemaker-notebook-no-direct-internet-access
secretsmanager-rotation-enabled-check
secretsmanager-scheduled-rotation-success-check
secretsmanager-secret-periodic-rotation
secretsmanager-secret-unused
secretsmanager-using-cmk
securityhub-enabled
security-account-information-provided
service-vpc-endpoint-enabled
sns-encrypted-kms
sns-topic-message-delivery-notification-enabled
sns-topic-no-public-access
sqs-queue-dlq-check
sqs-queue-no-public-access
sqs-queue-policy-full-access-check
ssm-automation-block-public-sharing
ssm-automation-logging-enabled
ssm-document-not-public
step-functions-state-machine-logging-enabled
subnet-auto-assign-public-ip-disabled
transfer-connector-logging-enabled
vpc-default-security-group-closed
vpc-endpoint-enabled
vpc-flow-logs-enabled
vpc-network-acl-unused-check
vpc-sg-open-only-to-authorized-ports
vpc-sg-port-restriction-check
wafv2-logging-enabled
wafv2-rulegroup-logging-enabled
wafv2-webacl-not-empty
waf-regional-rule-not-empty
waf-regional-webacl-not-empty
Javascript 在您的浏览器中被禁用或不可用。
要使用 Amazon Web Services 文档,必须启用 Javascript。请参阅浏览器的帮助页面以了解相关说明。