Le traduzioni sono generate tramite traduzione automatica. In caso di conflitto tra il contenuto di una traduzione e la versione originale in Inglese, quest'ultima prevarrà.
AWS Config Risorse necessarie per i risultati del controllo del Security Hub
Alcuni AWS Security Hub controlli utilizzano AWS Config regole collegate ai servizi che rilevano le modifiche alla configurazione delle risorse. AWS Affinché Security Hub generi risultati di controllo accurati, è necessario abilitare AWS Config e attivare la registrazione delle risorse AWS Config. Per un contesto su come Security Hub utilizza AWS Config le regole e su come abilitarle e AWS Config configurarle, vedereAbilitazione e configurazione AWS Config per Security Hub.
Per ricevere risultati di controllo accurati, è necessario attivare la registrazione AWS Config delle risorse per i controlli abilitati con un tipo di pianificazione innescato dalla modifica. Alcuni controlli con un tipo di pianificazione periodica richiedono anche la registrazione delle risorse.
Questa pagina elenca le risorse richieste per ogni controllo del Security Hub.
I controlli di Security Hub possono basarsi su AWS Config regole gestite o regole Security Hub personalizzate. Assicurati che non esista alcuna policy AWS Identity and Access Management (IAM) o policy gestita in Organizations che AWS Config impedisca di avere l'autorizzazione a registrare le tue risorse. I controlli di controllo del Security Hub valutano direttamente la configurazione di una risorsa e non tengono conto delle politiche di Organizations. Per ulteriori informazioni sulla AWS Config registrazione, consulta Elenco delle regole AWS Config gestite: considerazioni nella Guida per gli AWS Config sviluppatori.
Nota
Regioni AWS Se un controllo non è disponibile, la risorsa corrispondente non è disponibile in AWS Config. Per un elenco dei limiti regionali sui controlli del Security Hub, vedereLimiti regionali sui controlli del Security Hub.
Risorse necessarie per tutti i controlli del Security Hub
Affinché Security Hub generi i risultati relativi ai controlli attivati da Security Hub abilitati alla modifica che utilizzano una AWS Config regola, è necessario registrare queste risorse in AWS Config. Questa tabella indica anche quali controlli valutano una particolare risorsa. Un singolo controllo può valutare più di una risorsa.
| Servizio | Risorsa richiesta | Controlli correlati |
|---|---|---|
| Amazon API Gateway | AWS::ApiGateway::Stage |
APIGateway1. APIGateway2. APIGateway3. APIGateway4. APIGateway5. |
AWS::ApiGatewayV2::Stage |
APIGateway1. APIGateway9. |
|
| AWS AppConfig | AWS::AppConfig::Application
|
AppConfig1. |
AWS::AppConfig::ConfigurationProfile
|
AppConfig2. |
|
AWS::AppConfig::Environment
|
AppConfig3. |
|
AWS::AppConfig::ExtensionAssociation
|
AppConfig4. |
|
| Amazon AppFlow | AWS::AppFlow::Flow
|
AppFlow1. |
| AWS App Runner | AWS::AppRunner::Service
|
AppRunner1. |
AWS::AppRunner::VpcConnector
|
AppRunner2. |
|
| AWS AppSync | AWS::AppSync::GraphQLApi
|
AppSync2. AppSync4. AppSync5. |
AWS::AppSync::ApiCache
|
AppSync1. AppSync6. |
|
| AWS Backup (AWS Backup) | AWS::Backup::BackupPlan
|
Backup.5 |
AWS::Backup::BackupVault
|
Backup.3 |
|
AWS::Backup::RecoveryPoint
|
Backup.1 Backup.2 |
|
AWS::Backup::ReportPlan
|
Backup.4 |
|
| AWS Batch | AWS::Batch::ComputeEnvironment
|
Lotto.3 |
AWS::Batch::JobQueue
|
Lotto.1 |
|
AWS::Batch::SchedulingPolicy
|
Lotto.2 |
|
| AWS Certificate Manager (ACM) | AWS::ACM::Certificate
|
ACM.1 ACM.2 ACM. 3 |
| Amazon Athena | AWS::Athena::DataCatalog |
Atena.2 |
AWS::Athena::WorkGroup |
Atena.3 Atena.4 |
|
| AWS CloudFormation | AWS::CloudFormation::Stack |
CloudFormation2. |
| Amazon CloudFront | AWS::CloudFront::Distribution
|
CloudFront1. CloudFront3. CloudFront4. CloudFront5. CloudFront6. CloudFront.7. CloudFront8. CloudFront9. CloudFront.10 CloudFront.13 CloudFront.14 |
| AWS CloudTrail | AWS::CloudTrail::Trail
|
CloudTrail9. |
| Amazon CloudWatch | AWS::CloudWatch::Alarm
|
CloudWatch.15 CloudWatch.17 |
| AWS CodeArtifact | AWS::CodeArtifact::Repository
|
CodeArtifact1. |
| AWS CodeBuild | AWS::CodeBuild::Project
|
CodeBuild1. CodeBuild2. CodeBuild3. CodeBuild4. |
AWS::CodeBuild::ReportGroup
|
CodeBuild7. |
|
| Amazon CodeGuru Profiler | AWS::CodeGuruProfiler::ProfilingGroup |
CodeGuruProfiler1. |
| CodeGuru Revisore Amazon | AWS::CodeGuruReviewer::RepositoryAssociation |
CodeGuruReviewer1. |
| Amazon Cognito | AWS::Cognito::UserPool |
Cognito.1 |
| Amazon Cognito | AWS::Cognito::UserPool |
Cognito.1 |
| Amazon Connect | AWS::CustomerProfiles::ObjectType |
Connessione.1 |
| AWS DataSync | AWS::DataSync::Task |
DataSync1. |
| Amazon Detective | AWS::Detective::Graph |
Detective. 1 |
| AWS Database Migration Service (AWS DMS) | AWS::DMS::Certificate |
DMS.2 |
AWS::DMS::Endpoint
|
|
|
AWS::DMS::EventSubscription
|
DMS.3 | |
AWS::DMS::ReplicationInstance
|
DMS.4 DMS.6 |
|
AWS::DMS::ReplicationSubnetGroup
|
DMS.5 | |
AWS::DMS::ReplicationTask |
DMS.7 DMS.8 |
|
| Amazon DynamoDB | AWS::DynamoDB::Table
|
DynamoDB.1 DynamoDB.2 Dynamo DB.5 Dynamo DB.6 |
| Amazon Elastic Compute Cloud () EC2 | AWS::EC2::ClientVpnEndpoint |
EC25.1 |
AWS::EC2::CustomerGateway |
EC2.36 | |
AWS::EC2::EIP |
EC2.12 EC2.37 |
|
AWS::EC2::FlowLog |
EC2.48 | |
AWS::EC2::Instance |
EC24. EC28. EC29. EC2.17 EC2.24 EC2.38 EMR.1 SSM.1 |
|
AWS::EC2::InternetGateway |
EC2.39 |
|
AWS::EC2::LaunchTemplate |
EC2.25 EC2.170 |
|
AWS::EC2::NatGateway |
EC2.40 |
|
AWS::EC2::NetworkAcl |
EC2.16 EC2.21 EC2.41 |
|
AWS::EC2::NetworkInterface |
EC2.22 EC2.35 |
|
AWS::EC2::RouteTable |
EC2.42 | |
AWS::EC2::SecurityGroup |
EC22. EC2.13 EC2.14 EC2.18 EC2.19 EC2.43 |
|
AWS::EC2::Subnet |
EC2.15 EC2.44 ElastiCache.7 |
|
AWS::EC2::TransitGateway |
EC2.23 EC2.52 |
|
AWS::EC2::TransitGatewayAttachment |
EC2.33 | |
AWS::EC2::TransitGatewayRouteTable |
EC2.34 | |
AWS::EC2::Volume |
EC23. EC2.45 |
|
AWS::EC2::VPC |
EC2.6. EC2.46 |
|
AWS::EC2::VPCBlockPublicAccessOptions |
EC2.172 |
|
AWS::EC2::VPCEndpointService |
EC2.47 | |
AWS::EC2::VPCPeeringConnection |
EC2.49 | |
AWS::EC2::VPNConnection |
EC2.20 EC2.171 |
|
AWS::EC2::VPNGateway |
EC2.50 | |
| Amazon EC2 Auto Scaling | AWS::AutoScaling::AutoScalingGroup |
AutoScaling1. AutoScaling2. AutoScaling6. AutoScaling9. AutoScaling.10 |
AWS::AutoScaling::LaunchConfiguration |
AutoScaling3. Autoscaling.5 |
|
| Amazon EC2 Systems Manager (SSM) | AWS::SSM::AssociationCompliance |
SSM.3 |
AWS::SSM::ManagedInstanceInventory |
SSM.1 |
|
AWS::SSM::PatchCompliance |
SSM.2 |
|
| Amazon Elastic Container Registry (Amazon ECR) | AWS::ECR::PublicRepository |
PAGINA 4 |
AWS::ECR::Repository |
ECR.2 ECR.3 |
|
| Amazon Elastic Container Service (Amazon ECS) | AWS::ECS::Cluster |
ECS.12 ECS.14 |
AWS::ECS::Service |
ECS.2 ECS.10 ECS.13 |
|
AWS::ECS::TaskDefinition |
ECS.1 ECS.3 ECS.4 ECS.5 ECS.8 ECS.9 ECS.15 |
|
AWS::ECS::TaskSet |
ECS.16 |
|
| Amazon Elastic File System (Amazon EFS) | AWS::EFS::AccessPoint
|
EFS.3 EFS.4 EFS.5 |
AWS::EFS::FileSystem
|
EFS.7 EFS.8 |
|
| Amazon Elastic Kubernetes Service (Amazon EKS) | AWS::EKS::Cluster |
EKS.2 EKS.6 EKS.8 |
AWS::EKS::IdentityProviderConfig |
EKS.7 | |
| AWS Elastic Beanstalk | AWS::ElasticBeanstalk::Environment
|
ElasticBeanstalk1. ElasticBeanstalk2. ElasticBeanstalk3. |
| Sistema di bilanciamento del carico elastico | AWS::ElasticLoadBalancing::LoadBalancer |
ELB.2 ELB.3 ELB.5 ELB.7 ELB.8 ELB.9 ELB.10 ELB.14 |
AWS::ElasticLoadBalancingV2::LoadBalancer |
ELB.1 ELB.4 ELB.5 ELB.6 ELB.12 ELB.13 LEB.16 |
|
| ElasticSearch | AWS::Elasticsearch::Domain |
ES.3 ES.4 ES.5 ES.6 ES.7 ES.8 ES.9 |
| Amazon EMR | AWS::EMR::SecurityConfiguration |
EMR.3 EMR.4 |
| Amazon EventBridge | AWS::Events::EventBus |
EventBridge2. EventBridge3. |
AWS::Events::Endpoint |
EventBridge4. |
|
| Amazon Fraud Detector | AWS::FraudDetector::EntityType |
FraudDetector1. |
AWS::FraudDetector::Label |
FraudDetector2. |
|
AWS::FraudDetector::Outcome |
FraudDetector3. |
|
AWS::FraudDetector::Variable |
FraudDetector4. |
|
| AWS Global Accelerator | AWS::GlobalAccelerator::Accelerator |
GlobalAccelerator1. |
| AWS Glue | AWS::Glue::Job |
Colla. 1 |
AWS::Glue::MLTransform |
Colla.3 |
|
| Amazon GuardDuty | AWS::GuardDuty::Detector |
GuardDuty4. |
AWS::GuardDuty::Filter |
GuardDuty2. |
|
AWS::GuardDuty::IPSet |
GuardDuty3. |
|
| AWS Identity and Access Management (IAM) | AWS::IAM::Group |
SONO 27 KMS.2 |
AWS::IAM::Policy |
IAM.1 IAM.21 KMS.1 |
|
AWS::IAM::Role |
SONO 24 SONO 27 KMS.2 |
|
AWS::IAM::User |
IAM.2 IAM.3 IAM.5 IAM.8 SONO 19 SONO 22 SONO 25 SONO 27 KMS.2 |
|
| AWS Identity and Access Management Access Analyzer | AWS::AccessAnalyzer::Analyzer |
IO SONO 23 |
| Amazon Interactive Video Service (Amazon IVS) | AWS::IVS::PlaybackKeyPair |
IV.1 |
AWS::IVS::RecordingConfiguration |
IV.2 |
|
AWS::IVS::Channel |
IV.3 |
|
| AWS IoT | AWS::IoT::Authorizer |
IoT 4 |
AWS::IoT::Dimension |
IoT.3 |
|
AWS::IoT::MitigationAction |
IoT.2 |
|
AWS::IoT::Policy |
IoT.6 |
|
AWS::IoT::RoleAlias |
IoT.5 |
|
AWS::IoT::SecurityProfile |
IoT.1 |
|
| AWS Eventi IoT | AWS::IoTEvents::AlarmModel |
iOS 3TEvents. |
AWS::IoTEvents::DetectorModel |
TEventsIos 2. |
|
AWS::IoTEvents::Input |
TEventsIos 1. |
|
| AWS Eventi IoT | AWS::IoTEvents::AlarmModel |
iOS 3TEvents. |
AWS::IoTEvents::DetectorModel |
TEventsIos 2. |
|
AWS::IoTEvents::Input |
TEventsIos 1. |
|
| AWS IoT SiteWise | AWS::IoTSiteWise::AssetModel |
Io TSite Wise.1 |
AWS::IoTSiteWise::Dashboard |
Io Saggio.2 TSite |
|
AWS::IoTSiteWise::Gateway |
Io Saggio.3 TSite |
|
AWS::IoTSiteWise::Portal |
Io Saggio.4 TSite |
|
AWS::IoTSiteWise::Project |
Io Saggio.5 TSite |
|
| AWS IoT TwinMaker | AWS::IoTTwinMaker::Entity |
TTwinIo-Maker 4 |
AWS::IoTTwinMaker::Scene |
Io TTwin Maker.3 |
|
AWS::IoTTwinMaker::SyncJob |
Io TTwin Maker.1 |
|
AWS::IoTTwinMaker::Workspace |
Io TTwin Maker.2 |
|
| AWS IoT Wireless | AWS::IoTWireless::MulticastGroup |
Ios 1TWireless. |
AWS::IoTWireless::ServiceProfile |
TWirelessIos 2. |
|
AWS::IoTWireless::FuotaTask |
TWirelessIos 3. |
|
| Amazon Keyspaces (per Apache Cassandra) | AWS::Cassandra::Keyspace |
Spazi chiavi.1 |
| Amazon Kinesis | AWS::Kinesis::Stream |
Kinesis.1 Cinesi.2 Cinesi.3 |
| AWS Key Management Service (AWS KMS) | AWS::KMS::Alias |
S3.17 |
AWS::KMS::Key |
KMS.3 5 KM S3.17 |
|
| AWS Lambda | AWS::Lambda::Function |
Lambda.1 Lambda.2 Lambda.3 Lambda.5 Lambda.6 |
| MSK Amazon | AWS::MSK::Cluster |
MSK.1 MSK.2 |
AWS::KafkaConnect::Connector |
MSK.3 |
|
| Amazon MQ | AWS::AmazonMQ::Broker |
MQ. 2 MQ. 3 MQ.4 MQ.5 MQ.6 |
| AWS Network Firewall | AWS::NetworkFirewall::Firewall |
NetworkFirewall1. NetworkFirewall7. NetworkFirewall9. |
AWS::NetworkFirewall::FirewallPolicy |
NetworkFirewall3. NetworkFirewall4. NetworkFirewall5. NetworkFirewall8. |
|
AWS::NetworkFirewall::RuleGroup |
NetworkFirewall6. |
|
| OpenSearch Servizio Amazon | AWS::OpenSearch::Domain |
Opensearch.1 Opensearch.2 Opensearch.3 Opensearch.4 Opensearch.5 Opensearch.6 Opensearch.7 Opensearch.8 Ricerca aperta. 9 Ricerca aperta.10 Ricerca aperta.11 |
| AWS Private CA | AWS::ACMPCA::CertificateAuthority |
PCA.2 |
| Amazon Relational Database Service (Amazon RDS) | AWS::RDS::DBCluster |
Documento DB.1 Documento DB.2 Documento DB.4 Documento DB.5 Nettuno.1 Nettuno.2 Nettuno.4 Nettuno.5 Nettuno.7 Nettuno.8 Nettuno.9 RDS.7 RDS.12 RDS.14 RDS.15 RDS.16 RDS.24 RIF. 27 RIF. 28 RIF. 34 RIF. 35 RIF. 37 |
AWS::RDS::DBClusterSnapshot |
Documento DB.3 Nettuno.3 Nettuno.6 RDS.1 RDS.4 RIF. 29 |
|
AWS::RDS::DBInstance |
RDS.2 RDS.3 RDS.5 RDS.6 RDS.8 RDS.9 RDS.10 RDS.11 RDS.13 RDS.17 RDS.18 RDS.23 RDS.25 RIF. 30 RIF. 36 |
|
AWS::RDS::DBSecurityGroup |
RIF. 31 |
|
AWS::RDS::DBSnapshot |
RDS.1 RDS.4 RIF. 32 |
|
AWS::RDS::DBSubnetGroup |
RIF. 33 |
|
AWS::RDS::EventSubscription |
RDS.19 RDS.20 RDS.21 RDS.22 |
|
| Amazon Redshift | AWS::Redshift::Cluster |
Redshift.1 Redshift.2 Redshift.3 Redshift.4 Redshift.6 Redshift.7 Redshift.8 Redshift.9 Redshift.10 Redshift.11 |
AWS::Redshift::ClusterParameterGroup |
Redshift.2 |
|
AWS::Redshift::ClusterSnapshot |
Redshift 13 |
|
AWS::Redshift::ClusterSubnetGroup |
Redshift 14 Redshift 16 |
|
AWS::Redshift::EventSubscription |
Redshift 12 |
|
| Amazon Route 53 | AWS::Route53::HostedZone |
Percorso 53.2 |
AWS::Route53::HealthCheck |
Percorso 53.1 |
|
| Amazon Simple Storage Service (Amazon S3) | AWS::S3::AccessPoint |
S3.19 |
AWS::S3::AccountPublicAccessBlock |
S3.2 S3.3 |
|
AWS::S3::Bucket |
S3.2 S3.3 S3.5 S3.6 S3.7 S3.8 S3.9 S3.10 S3.11 S3.12 S3.13 S3.14 S3.15 S3.17 S3.20 |
|
AWS::S3::MultiRegionAccessPoint |
S3.24 |
|
| Amazon SageMaker AI | AWS::SageMaker::NotebookInstance
|
SageMaker2. SageMaker3. |
AWS::SageMaker::Model
|
SageMaker5. |
|
| AWS Secrets Manager | AWS::SecretsManager::Secret
|
SecretsManager1. SecretsManager2. SecretsManager5. |
| AWS Service Catalog | AWS::ServiceCatalog::Portfolio
|
ServiceCatalog1. |
| Amazon Simple Email Service (Amazon SES) | AWS::SES::ConfigurationSet
|
VED.2 |
AWS::SES::ContactList
|
VED.1 |
|
| Servizio di notifica semplice Amazon (Amazon Simple Notification Service (Amazon SNS)) | AWS::SNS::Topic
|
SNS.1 SNS.3 SNS.4 |
| Amazon Simple Queue Service (Amazon SQS) | AWS::SQS::Queue
|
SQS.1 MQ. 2 |
| AWS Step Functions | AWS::StepFunctions::StateMachine
|
StepFunctions1. |
AWS::StepFunctions::Activity
|
StepFunctions2. |
|
| AWS Transfer Family | AWS::Transfer::Workflow
|
Trasferimento.1 |
| AWS WAF | AWS::WAF::Rule |
WAF.6 |
AWS::WAF::RuleGroup |
WAF.7 |
|
AWS::WAF::WebACL |
WAF.1 WAF.8 |
|
AWS::WAFRegional::Rule |
WAF.2 |
|
AWS::WAFRegional::RuleGroup |
WAF.3 |
|
AWS::WAFRegional::WebACL |
WAF.4 |
|
AWS::WAFv2::RuleGroup |
GUERRA 12 |
|
AWS::WAFv2::WebACL |
WAF.10 GUERRA 11 |
|
| Amazon WorkSpaces | AWS::WorkSpaces::WorkSpace |
WorkSpaces1. WorkSpaces2. |
Risorse necessarie per lo standard FSBP
Affinché Security Hub riporti in modo accurato i risultati relativi ai controlli attivati per la modifica dei controlli attivati da AWS Foundational Security Best Practices v1.0.0 (FSBP) abilitati che utilizzano una AWS Config regola, è necessario registrare queste risorse in. AWS Config Per ulteriori informazioni su questo standard, vedere. AWS Standard Foundational Security Best Practices v1.0.0 (FSBP)
| Servizio | Risorse obbligatorie |
|---|---|
|
Amazon API Gateway |
|
|
AWS AppSync |
|
|
AWS Backup |
|
|
AWS Certificate Manager (ACM) |
|
|
AWS CloudFormation |
|
|
Amazon CloudFront |
|
|
AWS CodeBuild |
|
|
Amazon Cognito |
|
|
AWS DataSync |
|
|
AWS Database Migration Service (AWS DMS) |
|
|
Amazon DynamoDB |
|
| Amazon EC2 Systems Manager (SSM) |
|
|
Amazon Elastic Compute Cloud () EC2 |
|
|
Amazon EC2 Auto Scaling |
|
|
Amazon Elastic Container Registry (Amazon ECR) |
|
|
Amazon Elastic Container Service (Amazon ECS) |
|
|
Amazon Elastic File System (Amazon EFS) |
|
|
Amazon EKS |
|
|
ElasticBeanstalk |
|
|
Sistema di bilanciamento del carico elastico |
|
|
ElasticSearch |
|
|
Amazon EMR |
|
|
AWS Glue |
|
|
AWS Identity and Access Management (IAM) |
|
|
Amazon Kinesis |
|
|
AWS Key Management Service (AWS KMS) |
|
|
AWS Lambda |
|
|
MSK Amazon |
|
|
AWS Network Firewall |
|
|
OpenSearch Servizio Amazon |
|
|
Amazon Relational Database Service (Amazon RDS) |
|
|
Amazon Redshift |
|
|
Amazon Route 53 |
|
|
Amazon Simple Storage Service (Amazon S3) |
|
|
Amazon SageMaker AI |
|
|
Servizio di notifica semplice Amazon (Amazon Simple Notification Service (Amazon SNS)) |
|
|
Amazon Simple Queue Service (Amazon SQS) |
|
|
AWS Secrets Manager |
|
|
AWS Step Functions |
|
|
AWS WAF |
|
|
Amazon WorkSpaces |
|
Risorse necessarie per CIS AWS Foundations Benchmark
Per eseguire controlli di sicurezza per i controlli abilitati che si applicano al benchmark Center for Internet Security (CIS) AWS Foundations, Security Hub esegue le esatte fasi di controllo prescritte per i controlli in Securing Amazon Web Services
Per ulteriori informazioni su questo standard, consulta. CIS AWS Foundations Benchmark
Risorse necessarie per CIS v3.0.0
Affinché Security Hub riporti in modo accurato i risultati dei controlli attivati da modifiche CIS v3.0.0 abilitati che utilizzano una AWS Config regola, è necessario registrare queste risorse in. AWS Config
| Servizio | Risorse obbligatorie |
|---|---|
|
Amazon Elastic Compute Cloud (Amazon EC2) |
|
|
AWS Identity and Access Management (IAM) |
|
|
Amazon Relational Database Service (Amazon RDS) |
|
|
Amazon Simple Storage Service (Amazon S3) |
|
Risorse necessarie per CIS v1.4.0
Affinché Security Hub riporti in modo accurato i risultati dei controlli attivati da modifiche CIS v1.4.0 abilitati che utilizzano una AWS Config regola, è necessario registrare queste risorse in. AWS Config
| Servizio | Risorse obbligatorie |
|---|---|
|
Amazon Elastic Compute Cloud () EC2 |
|
|
AWS Identity and Access Management (IAM) |
|
|
Amazon Relational Database Service (Amazon RDS) |
|
|
Amazon Simple Storage Service (Amazon S3) |
|
Risorse necessarie per CIS v1.2.0
Affinché Security Hub riporti in modo accurato i risultati dei controlli attivati da modifiche CIS v1.2.0 abilitati che utilizzano una AWS Config regola, è necessario registrare queste risorse in. AWS Config
| Servizio | Risorse obbligatorie |
|---|---|
|
Amazon Elastic Compute Cloud () EC2 |
|
|
AWS Identity and Access Management (IAM) |
|
Risorse necessarie per NIST SP 800-53 Rev. 5
Affinché Security Hub riporti in modo accurato i risultati per i controlli attivati dal National Institute of Standards and Technology (NIST) SP 800-53 Rev. 5 abilitati alla modifica che utilizzano una AWS Config regola, è necessario registrare queste risorse in. AWS ConfigÈ necessario registrare solo le risorse per i controlli che hanno attivato un tipo di modifica della pianificazione. Per ulteriori informazioni su questo standard, vedereNIST SP 800-53 Rev. 5 nel Security Hub.
| Servizio | Risorse obbligatorie |
|---|---|
|
Amazon API Gateway |
|
|
AWS AppSync |
|
|
AWS Backup |
|
|
AWS Certificate Manager (ACM) |
|
|
AWS CloudFormation |
|
|
Amazon CloudFront |
|
|
Amazon CloudWatch |
|
|
AWS CodeBuild |
|
|
AWS Database Migration Service (AWS DMS) |
|
|
Amazon DynamoDB |
|
|
Amazon Elastic Compute Cloud () EC2 |
|
|
Amazon EC2 Auto Scaling |
|
|
Amazon Elastic Container Registry (Amazon ECR) |
|
|
Amazon Elastic Container Service (Amazon ECS) |
|
|
Amazon Elastic File System (Amazon EFS) |
|
|
Amazon EKS |
|
|
ElasticBeanstalk |
|
|
Sistema di bilanciamento del carico elastico |
|
|
ElasticSearch |
|
|
Amazon EMR |
|
|
Amazon EventBridge |
|
|
AWS Identity and Access Management (IAM) |
|
|
AWS Key Management Service (AWS KMS) |
|
|
Amazon Kinesis |
|
|
AWS Lambda |
|
|
MSK Amazon |
|
|
Amazon MQ |
|
|
AWS Network Firewall |
|
|
OpenSearch Servizio Amazon |
|
|
Amazon Relational Database Service (Amazon RDS) |
|
|
Amazon Redshift |
|
|
Amazon Route 53 |
|
|
Amazon Simple Storage Service (Amazon S3) |
|
|
AWS Service Catalog |
|
|
Servizio di notifica semplice Amazon (Amazon Simple Notification Service (Amazon SNS)) |
|
|
Amazon Simple Queue Service (Amazon SQS) |
|
| Amazon EC2 Systems Manager (SSM) |
|
|
Amazon SageMaker AI |
|
|
AWS Secrets Manager |
|
|
AWS WAF |
|
Risorse richieste per PCI DSS v3.2.1
Affinché Security Hub riporti in modo accurato i risultati dei controlli PCI DSS (Payment Card Industry Data Security Standard) abilitati che utilizzano una AWS Config regola, è necessario registrare queste risorse in. AWS Config Per ulteriori informazioni su questo standard, vedere. PCI DSS nel Security Hub
| Servizio | Risorse obbligatorie |
|---|---|
|
AWS CodeBuild |
|
|
Amazon Elastic Compute Cloud () EC2 |
|
|
Amazon EC2 Auto Scaling |
|
|
AWS Identity and Access Management (IAM) |
|
|
AWS Lambda |
|
|
OpenSearch Servizio Amazon |
|
|
Amazon Relational Database Service (Amazon RDS) |
|
|
Amazon Redshift |
|
|
Amazon Simple Storage Service (Amazon S3) |
|
| Amazon EC2 Systems Manager (SSM) |
|
Risorse necessarie per AWS Resource Tagging Standard
Tutti i controlli del AWS Resource Tagging Standard attivano modifiche e utilizzano una regola. AWS Config Affinché Security Hub riporti in modo accurato i risultati di questi controlli, è necessario registrare le seguenti risorse in AWS Config. Per ulteriori informazioni su questo standard, vedereAWS Standard di etichettatura delle risorse.
| Servizio | Risorse obbligatorie |
|---|---|
| AWS AppConfig |
|
| Amazon AppFlow |
|
| AWS App Runner |
|
| AWS AppSync |
|
| Amazon Athena |
|
| AWS Certificate Manager (ACM) |
|
| AWS Backup (AWS Backup) |
|
| AWS Batch |
|
| AWS CloudFormation |
|
| Amazon CloudFront |
|
| AWS CloudTrail |
|
| AWS CodeArtifact |
|
| Amazon CodeGuru |
|
| Amazon Connect |
|
| Amazon Detective |
|
| AWS Database Migration Service (AWS DMS) |
|
| Amazon DynamoDB |
|
| Amazon Elastic Compute Cloud () EC2 |
|
| Amazon EC2 Auto Scaling |
|
| Amazon Elastic Container Registry (Amazon ECR) |
|
| Amazon Elastic Container Service (Amazon ECS) |
|
| Amazon Elastic File System (Amazon EFS) |
|
| Amazon Elastic Kubernetes Service (Amazon EKS) |
|
| AWS Elastic Beanstalk (Elastic Beanstalk) |
|
| ElasticSearch |
|
| Amazon EventBridge |
|
| Amazon Fraud Detector |
|
| AWS Global Accelerator |
|
| AWS Glue |
|
| Amazon GuardDuty |
|
| AWS Identity and Access Management (IAM) |
|
| AWS Identity and Access Management Access Analyzer (Analizzatore di accesso IAM) |
|
| AWS IoT |
|
| AWS IoT Eventi |
|
| AWS IoT SiteWise |
|
| AWS IoT TwinMaker |
|
| AWS IoT Wireless |
|
| Amazon Interactive Video Service (Amazon IVS) |
|
| Amazon Keyspaces (per Apache Cassandra) |
|
| Amazon Kinesis |
|
| AWS Lambda |
|
| Amazon MQ |
|
| AWS Network Firewall |
|
| OpenSearch Servizio Amazon |
|
| AWS Private Certificate Authority |
|
| Amazon Relational Database Service |
|
| Amazon Redshift |
|
| Amazon Route 53 |
|
| AWS Secrets Manager |
|
| Amazon Simple Email Service (Amazon SES) |
|
| Servizio di notifica semplice Amazon (Amazon Simple Notification Service (Amazon SNS)) |
|
| Amazon Simple Queue Service (Amazon SQS) |
|
| AWS Step Functions |
|
| AWS Transfer Family |
|
Risorse richieste per Service-Managed Standard: AWS Control Tower
Affinché Security Hub riporti in modo accurato i risultati per Service-Managed Standard abilitato: AWS Control Tower modifica i controlli attivati che utilizzano una AWS Config regola, è necessario registrare le seguenti risorse in. AWS Config Per ulteriori informazioni su questo standard, vedere. Standard di gestione dei servizi: AWS Control Tower
| Servizio | Risorse obbligatorie |
|---|---|
|
Amazon API Gateway |
|
|
AWS Certificate Manager (ACM) |
|
|
AWS CodeBuild |
|
|
Amazon DynamoDB |
|
|
Amazon Elastic Compute Cloud () EC2 |
|
|
Amazon EC2 Auto Scaling |
|
|
Amazon Elastic Container Registry (Amazon ECR) |
|
|
Amazon Elastic Container Service (Amazon ECS) |
|
|
Amazon Elastic File System (Amazon EFS) |
|
|
Amazon EKS |
|
|
ElasticBeanstalk |
|
|
Sistema di bilanciamento del carico elastico |
|
|
ElasticSearch |
|
|
AWS Identity and Access Management (IAM) |
|
|
AWS Key Management Service (AWS KMS) |
|
|
Amazon Kinesis |
|
|
AWS Lambda |
|
|
AWS Network Firewall |
|
|
OpenSearch Servizio Amazon |
|
|
Amazon Relational Database Service (Amazon RDS) |
|
|
Amazon Redshift |
|
|
Amazon Simple Storage Service (Amazon S3) |
|
|
Servizio di notifica semplice Amazon (Amazon Simple Notification Service (Amazon SNS)) |
|
|
Amazon Simple Queue Service (Amazon SQS) |
|
| Amazon EC2 Systems Manager (SSM) |
|
|
AWS Secrets Manager |
|
|
AWS WAF |
|
