fms-shield-resource-policy-check
Checks whether an Application Load Balancer, Amazon CloudFront distributions, Elastic Load Balancer or Elastic IP has AWS Shield protection. It also checks if they have web ACL associated for Application Load Balancer and Amazon CloudFront distributions.
Identifier: FMS_SHIELD_RESOURCE_POLICY_CHECK
Resource Types: AWS::CloudFront::Distribution, AWS::ElasticLoadBalancingV2::LoadBalancer, AWS::WAFRegional::WebACL, AWS::EC2::EIP, AWS::ElasticLoadBalancing::LoadBalancer, AWS::ShieldRegional::Protection, AWS::Shield::Protection
Trigger type: Configuration changes
AWS Region: All supported AWS regions except US ISO West (Northern California), China (Beijing), Asia Pacific (Jakarta), US ISO East, Asia Pacific (Malaysia), US ISOB East (Ohio), Canada West (Calgary), China (Ningxia) Region
Parameters:
- webACLId
- Type: String
-
The WebACLId of the web ACL.
- resourceTypes
- Type: String
-
The resource scope which this config rule will be applied to.
- resourceTags (Optional)
- Type: String
-
The resource tags that the rule should be associated with (for example, { "tagKey1" : ["tagValue1"], "tagKey2" : ["tagValue2", "tagValue3"] }).
- excludeResourceTags (Optional)
- Type: boolean
-
If true, exclude the resources that match the resourceTags. If false, include all the resources that match the resourceTags.
- fmsManagedToken (Optional)
- Type: String
-
A token generated by AWS Firewall Manager when creating the rule in your account. AWS Config ignores this parameter when you create this rule.
- fmsRemediationEnabled (Optional)
- Type: boolean
-
If true, AWS Firewall Manager will update NON_COMPLIANT resources according to FMS policy. AWS Config ignores this parameter when you create this rule.
AWS CloudFormation template
To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.
