fms-shield-resource-policy-check
Checks if resources that AWS Shield Advanced can protect are protected by Shield Advanced. The rule is NON_COMPLIANT if a specified resource is not protected.
Identifier: FMS_SHIELD_RESOURCE_POLICY_CHECK
Resource Types: AWS::CloudFront::Distribution, AWS::ElasticLoadBalancingV2::LoadBalancer, AWS::WAFRegional::WebACL, AWS::EC2::EIP, AWS::ElasticLoadBalancing::LoadBalancer, AWS::ShieldRegional::Protection, AWS::Shield::Protection
Trigger type: Configuration changes
AWS Region: All supported AWS regions except China (Beijing), Asia Pacific (Thailand), Asia Pacific (Jakarta), Asia Pacific (Malaysia), Mexico (Central), Canada West (Calgary), China (Ningxia) Region
Parameters:
- webACLId
- Type: String
-
A unique identifier for a Web ACL.
- resourceTypes
- Type: String
-
The resource types you specify for the rule to check.
- resourceTags (Optional)
- Type: String
-
The resource tags you specify for the rule to check. For example, { "tagKey1" : ["tagValue1"], "tagKey2" : ["tagValue2", "tagValue3"] }.
- excludeResourceTags (Optional)
- Type: boolean
-
If true, the rule excludes the resources specified in resourceTags. If false, the rule includes all the resources specified in resourceTags.
- fmsManagedToken (Optional)
- Type: String
-
A token generated by AWS Firewall Manager when creating the rule in your account. AWS Config ignores this parameter when you create this rule.
- fmsRemediationEnabled (Optional)
- Type: boolean
-
If true, AWS Firewall Manager will update NON_COMPLIANT resources according to FMS policy. AWS Config ignores this parameter when you create this rule.
AWS CloudFormation template
To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.
