기계 번역으로 제공되는 번역입니다. 제공된 번역과 원본 영어의 내용이 상충하는 경우에는 영어 버전이 우선합니다.
Security Hub 제어 조사 결과에 필요한 AWS Config 리소스
일부 AWS Security Hub 제어는 AWS 리소스의 구성 변경을 감지하는 서비스 연결 AWS Config 규칙을 사용합니다. Security Hub가 정확한 제어 결과를 생성하려면 리소스 기록을 활성화 AWS Config 하고 켜야 합니다 AWS Config. Security Hub가 AWS Config 규칙을 사용하는 방법과 활성화 및 구성하는 방법에 대한 컨텍스트는 섹션을 AWS Config참조하세요Security Hub AWS Config 에 대해 활성화 및 구성.
정확한 제어 결과를 수신하려면 변경 트리거된 일정 유형을 사용하여 활성화된 제어에 대한 AWS Config 리소스 기록을 켜야 합니다. 주기적인 일정 유형을 사용하는 일부 제어에는 리소스 기록도 필요합니다.
이 페이지에는 각 Security Hub 제어에 필요한 리소스가 나열되어 있습니다.
Security Hub 제어는 관리형 AWS Config 규칙 또는 사용자 지정 Security Hub 규칙에 의존할 수 있습니다. Organizations에가 리소스를 기록할 수 있는 권한을 AWS Config 갖지 못하도록 하는 AWS Identity and Access Management (IAM) 정책 또는 정책이 관리되지 않는지 확인합니다. Security Hub 제어 검사는 리소스의 구성을 직접 평가하고 Organizations 정책을 고려하지 않습니다. AWS Config 녹음에 대한 자세한 내용은 AWS Config 개발자 안내서의 AWS Config 관리형 규칙 목록 - 고려 사항을 참조하세요.
참고
컨트롤을 사용할 수 없는 AWS 리전 에서는 해당 리소스를 사용할 수 없습니다 AWS Config. Security Hub 제어에 대한 리전별 제한 목록은 Security Hub 제어 기능에 대한 리전별 제한 섹션을 참조하세요.
모든 Security Hub 제어에 필요한 리소스
Security Hub가 AWS Config 규칙을 사용하는 활성화된 Security Hub 변경 트리거 제어에 대한 결과를 생성하려면 이러한 리소스를에 기록해야 합니다 AWS Config. 또한이 표는 특정 리소스를 평가하는 컨트롤을 나타냅니다. 단일 컨트롤은 둘 이상의 리소스를 평가할 수 있습니다.
| Service | 필수 리소스 | 관련 제어 |
|---|---|---|
| Amazon API Gateway | AWS::ApiGateway::Stage |
APIGateway.1 APIGateway.2 APIGateway.3 APIGateway.4 APIGateway.5 |
AWS::ApiGatewayV2::Stage |
APIGateway.1 APIGateway.9 |
|
| AWS AppConfig | AWS::AppConfig::Application
|
AppConfig.1 |
AWS::AppConfig::ConfigurationProfile
|
AppConfig.2 |
|
AWS::AppConfig::Environment
|
AppConfig.3 |
|
AWS::AppConfig::ExtensionAssociation
|
AppConfig.4 |
|
| Amazon AppFlow | AWS::AppFlow::Flow
|
AppFlow.1 |
| AWS App Runner | AWS::AppRunner::Service
|
AppRunner.1 |
AWS::AppRunner::VpcConnector
|
AppRunner.2 |
|
| AWS AppSync | AWS::AppSync::GraphQLApi
|
AppSync.2 AppSync.4 AppSync.5 |
AWS::AppSync::ApiCache
|
AppSync.1 AppSync.6 |
|
| AWS Backup (AWS Backup) | AWS::Backup::BackupPlan
|
Backup.5 |
AWS::Backup::BackupVault
|
Backup.3 |
|
AWS::Backup::RecoveryPoint
|
Backup.1 Backup.2 |
|
AWS::Backup::ReportPlan
|
Backup.4 |
|
| AWS Batch | AWS::Batch::ComputeEnvironment
|
Batch.3 |
AWS::Batch::JobQueue
|
배치.1 |
|
AWS::Batch::SchedulingPolicy
|
배치.2 |
|
| AWS Certificate Manager (ACM) | AWS::ACM::Certificate
|
ACM.1 ACM.2 ACM.3 |
| Amazon Athena | AWS::Athena::DataCatalog |
Athena.2 |
AWS::Athena::WorkGroup |
Athena.3 Athena.4 |
|
| AWS CloudFormation | AWS::CloudFormation::Stack |
CloudFormation.2 |
| Amazon CloudFront | AWS::CloudFront::Distribution
|
CloudFront.1 CloudFront.3 CloudFront.4 CloudFront.5 CloudFront.6 CloudFront.7 CloudFront.8 CloudFront.9 CloudFront.10 CloudFront.13 CloudFront.14 |
| AWS CloudTrail | AWS::CloudTrail::Trail
|
CloudTrail.9 |
| Amazon CloudWatch | AWS::CloudWatch::Alarm
|
CloudWatch.15 CloudWatch.17 |
| AWS CodeArtifact | AWS::CodeArtifact::Repository
|
CodeArtifact.1 |
| AWS CodeBuild | AWS::CodeBuild::Project
|
CodeBuild.1 CodeBuild.2 CodeBuild.3 CodeBuild.4 |
AWS::CodeBuild::ReportGroup
|
CodeBuild.7 |
|
| Amazon CodeGuru Profiler | AWS::CodeGuruProfiler::ProfilingGroup |
CodeGuruProfiler.1 |
| Amazon CodeGuru Reviewer | AWS::CodeGuruReviewer::RepositoryAssociation |
CodeGuruReviewer.1 |
| Amazon Cognito | AWS::Cognito::UserPool |
Cognito.1 |
| Amazon Cognito | AWS::Cognito::UserPool |
Cognito.1 |
| Amazon Connect | AWS::CustomerProfiles::ObjectType |
Connect.1 |
| AWS DataSync | AWS::DataSync::Task |
DataSync.1 |
| Amazon Detective | AWS::Detective::Graph |
Detective.1 |
| AWS Database Migration Service (AWS DMS) | AWS::DMS::Certificate |
DMS.2 |
AWS::DMS::Endpoint
|
|
|
AWS::DMS::EventSubscription
|
DMS.3 | |
AWS::DMS::ReplicationInstance
|
DMS.4 DMS.6 |
|
AWS::DMS::ReplicationSubnetGroup
|
DMS.5 | |
AWS::DMS::ReplicationTask |
DMS.7 DMS.8 |
|
| Amazon DynamoDB | AWS::DynamoDB::Table
|
DynamoDB.1 DynamoDB.2 DynamoDB.5 DynamoDB.6 |
| Amazon Elastic Compute Cloud(EC2) | AWS::EC2::ClientVpnEndpoint |
EC2.51 |
AWS::EC2::CustomerGateway |
EC2.36 | |
AWS::EC2::EIP |
EC2.12 EC2.37 |
|
AWS::EC2::FlowLog |
EC2.48 | |
AWS::EC2::Instance |
EC2.4 EC2.8 EC2.9 EC2.17 EC2.24 EC2.38 EMR.1 SSM.1 |
|
AWS::EC2::InternetGateway |
EC2.39 |
|
AWS::EC2::LaunchTemplate |
EC2.25 EC2.170 |
|
AWS::EC2::NatGateway |
EC2.40 |
|
AWS::EC2::NetworkAcl |
EC2.16 EC2.21 EC2.41 |
|
AWS::EC2::NetworkInterface |
EC2.22 EC2.35 |
|
AWS::EC2::RouteTable |
EC2.42 | |
AWS::EC2::SecurityGroup |
EC2.2 EC2.13 EC2.14 EC2.18 EC2.19 EC2.43 |
|
AWS::EC2::Subnet |
EC2.15 EC2.44 ElastiCache.7 |
|
AWS::EC2::TransitGateway |
EC2.23 EC2.52 |
|
AWS::EC2::TransitGatewayAttachment |
EC2.33 | |
AWS::EC2::TransitGatewayRouteTable |
EC2.34 | |
AWS::EC2::Volume |
EC2.3 EC2.45 |
|
AWS::EC2::VPC |
EC2.6 EC2.46 |
|
AWS::EC2::VPCBlockPublicAccessOptions |
EC2.172 |
|
AWS::EC2::VPCEndpointService |
EC2.47 | |
AWS::EC2::VPCPeeringConnection |
EC2.49 | |
AWS::EC2::VPNConnection |
EC2.20 EC2.171 |
|
AWS::EC2::VPNGateway |
EC2.50 | |
| Amazon EC2 Auto Scaling | AWS::AutoScaling::AutoScalingGroup |
AutoScaling.1 AutoScaling.2 AutoScaling.6 AutoScaling.9 AutoScaling.10 |
AWS::AutoScaling::LaunchConfiguration |
AutoScaling.3 Autoscaling.5 |
|
| Amazon EC2 Systems Manager(SSM) | AWS::SSM::AssociationCompliance |
SSM.3 |
AWS::SSM::ManagedInstanceInventory |
SSM.1 |
|
AWS::SSM::PatchCompliance |
SSM.2 |
|
| Amazon Elastic Container Registry (Amazon ECR) | AWS::ECR::PublicRepository |
ECR.4 |
AWS::ECR::Repository |
ECR.2 ECR.3 |
|
| Amazon Elastic Container Service(Amazon ECS) | AWS::ECS::Cluster |
ECS.12 ECS.14 |
AWS::ECS::Service |
ECS.2 ECS.10 ECS.13 |
|
AWS::ECS::TaskDefinition |
ECS.1 ECS.3 ECS.4 ECS.5 ECS.8 ECS.9 ECS.15 |
|
AWS::ECS::TaskSet |
ECS.16 |
|
| Amazon Elastic File System(Amazon EFS) | AWS::EFS::AccessPoint
|
EFS.3 EFS.4 EFS.5 |
AWS::EFS::FileSystem
|
EFS.7 EFS.8 |
|
| Amazon Elastic Kubernetes Service(Amazon EKS) | AWS::EKS::Cluster |
EKS.2 EKS.6 EKS.8 |
AWS::EKS::IdentityProviderConfig |
EKS.7 | |
| AWS Elastic Beanstalk | AWS::ElasticBeanstalk::Environment
|
ElasticBeanstalk.1 ElasticBeanstalk.2 ElasticBeanstalk.3 |
| Elastic Load Balancing | AWS::ElasticLoadBalancing::LoadBalancer |
ELB.2 ELB.3 ELB.5 ELB.7 ELB.8 ELB.9 ELB.10 ELB.14 |
AWS::ElasticLoadBalancingV2::LoadBalancer |
ELB.1 ELB.4 ELB.5 ELB.6 ELB.12 ELB.13 ELB.16 |
|
| ElasticSearch | AWS::Elasticsearch::Domain |
ES.3 ES.4 ES.5 ES.6 ES.7 ES.8 ES.9 |
| Amazon EMR | AWS::EMR::SecurityConfiguration |
EMR.3 EMR.4 |
| Amazon EventBridge | AWS::Events::EventBus |
EventBridge.2 EventBridge.3 |
AWS::Events::Endpoint |
EventBridge.4 |
|
| Amazon Fraud Detector | AWS::FraudDetector::EntityType |
FraudDetector.1 |
AWS::FraudDetector::Label |
FraudDetector.2 |
|
AWS::FraudDetector::Outcome |
FraudDetector.3 |
|
AWS::FraudDetector::Variable |
FraudDetector.4 |
|
| AWS Global Accelerator | AWS::GlobalAccelerator::Accelerator |
GlobalAccelerator.1 |
| AWS Glue | AWS::Glue::Job |
Glue.1 |
AWS::Glue::MLTransform |
Glue.3 |
|
| Amazon GuardDuty | AWS::GuardDuty::Detector |
GuardDuty.4 |
AWS::GuardDuty::Filter |
GuardDuty.2 |
|
AWS::GuardDuty::IPSet |
GuardDuty.3 |
|
| AWS Identity and Access Management (IAM) | AWS::IAM::Group |
IAM.27 KMS.2 |
AWS::IAM::Policy |
IAM.1 IAM.21 KMS.1 |
|
AWS::IAM::Role |
IAM.24 IAM.27 KMS.2 |
|
AWS::IAM::User |
IAM.2 IAM.3 IAM.5 IAM.8 IAM.19 IAM.22 IAM.25 IAM.27 KMS.2 |
|
| AWS Identity and Access Management Access Analyzer | AWS::AccessAnalyzer::Analyzer |
IAM.23 |
| Amazon Interactive Video Service(Amazon IVS) | AWS::IVS::PlaybackKeyPair |
IVS.1 |
AWS::IVS::RecordingConfiguration |
IVS.2 |
|
AWS::IVS::Channel |
IVS.3 |
|
| AWS IoT | AWS::IoT::Authorizer |
IoT.4 |
AWS::IoT::Dimension |
IoT.3 |
|
AWS::IoT::MitigationAction |
IoT.2 |
|
AWS::IoT::Policy |
IoT.6 |
|
AWS::IoT::RoleAlias |
IoT.5 |
|
AWS::IoT::SecurityProfile |
IoT.1 |
|
| AWS IoT 이벤트 | AWS::IoTEvents::AlarmModel |
IoTEvents.3 |
AWS::IoTEvents::DetectorModel |
IoTEvents.2 |
|
AWS::IoTEvents::Input |
IoTEvents.1 |
|
| AWS IoT 이벤트 | AWS::IoTEvents::AlarmModel |
IoTEvents.3 |
AWS::IoTEvents::DetectorModel |
IoTEvents.2 |
|
AWS::IoTEvents::Input |
IoTEvents.1 |
|
| AWS IoT SiteWise | AWS::IoTSiteWise::AssetModel |
IoTSiteWise.1 |
AWS::IoTSiteWise::Dashboard |
IoTSiteWise.2 |
|
AWS::IoTSiteWise::Gateway |
IoTSiteWise.3 |
|
AWS::IoTSiteWise::Portal |
IoTSiteWise.4 |
|
AWS::IoTSiteWise::Project |
IoTSiteWise.5 |
|
| AWS IoT TwinMaker | AWS::IoTTwinMaker::Entity |
IoTTwinMaker.4 |
AWS::IoTTwinMaker::Scene |
IoTTwinMaker.3 |
|
AWS::IoTTwinMaker::SyncJob |
IoTTwinMaker.1 |
|
AWS::IoTTwinMaker::Workspace |
IoTTwinMaker.2 |
|
| AWS IoT Wireless | AWS::IoTWireless::MulticastGroup |
IoTWireless.1 |
AWS::IoTWireless::ServiceProfile |
IoTWireless.2 |
|
AWS::IoTWireless::FuotaTask |
IoTWireless.3 |
|
| Amazon Keyspaces(Apache Cassandra용) | AWS::Cassandra::Keyspace |
키스페이스.1 |
| Amazon Kinesis | AWS::Kinesis::Stream |
Kinesis.1 Kinesis.2 Kinesis.3 |
| AWS Key Management Service (AWS KMS) | AWS::KMS::Alias |
S3.17 |
AWS::KMS::Key |
KMS.3 KMS.5 S3.17 |
|
| AWS Lambda | AWS::Lambda::Function |
Lambda.1 Lambda.2 Lambda.3 Lambda.5 Lambda.6 |
| Amazon MSK | AWS::MSK::Cluster |
MSK.1 MSK.2 |
AWS::KafkaConnect::Connector |
MSK.3 |
|
| Amazon MQ | AWS::AmazonMQ::Broker |
MQ.2 MQ.3 MQ.4 MQ.5 MQ.6 |
| AWS Network Firewall | AWS::NetworkFirewall::Firewall |
NetworkFirewall.1 NetworkFirewall.7 NetworkFirewall.9 |
AWS::NetworkFirewall::FirewallPolicy |
NetworkFirewall.3 NetworkFirewall.4 NetworkFirewall.5 NetworkFirewall.8 |
|
AWS::NetworkFirewall::RuleGroup |
NetworkFirewall.6 |
|
| Amazon OpenSearch Service | AWS::OpenSearch::Domain |
Opensearch.1 Opensearch.2 Opensearch.3 Opensearch.4 Opensearch.5 Opensearch.6 Opensearch.7 Opensearch.8 Opensearch.9 Opensearch.10 Opensearch.11 |
| AWS Private CA | AWS::ACMPCA::CertificateAuthority |
PCA.2 |
| Amazon Relational Database Service(Amazon RDS) | AWS::RDS::DBCluster |
DocumentDB.1 DocumentDB.2 DocumentDB.4 DocumentDB.5 Neptune.1 Neptune.2 Neptune.4 Neptune.5 Neptune.7 Neptune.8 Neptune.9 RDS.7 RDS.12 RDS.14 RDS.15 RDS.16 RDS.24 RDS.27 RDS.28 RDS.34 RDS.35 RDS.37 |
AWS::RDS::DBClusterSnapshot |
DocumentDB.3 Neptune.3 Neptune.6 RDS.1 RDS.4 RDS.29 |
|
AWS::RDS::DBInstance |
RDS.2 RDS.3 RDS.5 RDS.6 RDS.8 RDS.9 RDS.10 RDS.11 RDS.13 RDS.17 RDS.18 RDS.23 RDS.25 RDS.30 RDS.36 |
|
AWS::RDS::DBSecurityGroup |
RDS.31 |
|
AWS::RDS::DBSnapshot |
RDS.1 RDS.4 RDS.32 |
|
AWS::RDS::DBSubnetGroup |
RDS.33 |
|
AWS::RDS::EventSubscription |
RDS.19 RDS.20 RDS.21 RDS.22 |
|
| Amazon Redshift | AWS::Redshift::Cluster |
Redshift.1 Redshift.2 Redshift.3 Redshift.4 Redshift.6 Redshift.7 Redshift.8 Redshift.9 Redshift.10 Redshift.11 |
AWS::Redshift::ClusterParameterGroup |
Redshift.2 |
|
AWS::Redshift::ClusterSnapshot |
Redshift.13 |
|
AWS::Redshift::ClusterSubnetGroup |
Redshift.14 Redshift.16 |
|
AWS::Redshift::EventSubscription |
Redshift.12 |
|
| Amazon Route 53 | AWS::Route53::HostedZone |
Route53.2 |
AWS::Route53::HealthCheck |
Route53.1 |
|
| Amazon Simple Storage Service(S3) | AWS::S3::AccessPoint |
S3.19 |
AWS::S3::AccountPublicAccessBlock |
S3.2 S3.3 |
|
AWS::S3::Bucket |
S3.2 S3.3 S3.5 S3.6 S3.7 S3.8 S3.9 S3.10 S3.11 S3.12 S3.13 S3.14 S3.15 S3.17 S3.20 |
|
AWS::S3::MultiRegionAccessPoint |
S3.24 |
|
| Amazon SageMaker AI | AWS::SageMaker::NotebookInstance
|
SageMaker.2 SageMaker.3 |
AWS::SageMaker::Model
|
SageMaker.5 |
|
| AWS Secrets Manager | AWS::SecretsManager::Secret
|
SecretsManager.1 SecretsManager.2 SecretsManager.5 |
| AWS Service Catalog | AWS::ServiceCatalog::Portfolio
|
ServiceCatalog.1 |
| Amazon Simple Email Service(Amazon SES) | AWS::SES::ConfigurationSet
|
SES.2 |
AWS::SES::ContactList
|
SES.1 |
|
| Amazon Simple Notification Service(Amazon SNS) | AWS::SNS::Topic
|
SNS.1 SNS.3 SNS.4 |
| Amazon Simple Queue Service(Amazon SQS) | AWS::SQS::Queue
|
SQS.1 SQS.2 |
| AWS Step Functions | AWS::StepFunctions::StateMachine
|
StepFunctions.1 |
AWS::StepFunctions::Activity
|
StepFunctions.2 |
|
| AWS Transfer Family | AWS::Transfer::Workflow
|
Transfer.1 |
| AWS WAF | AWS::WAF::Rule |
WAF.6 |
AWS::WAF::RuleGroup |
WAF.7 |
|
AWS::WAF::WebACL |
WAF.1 WAF.8 |
|
AWS::WAFRegional::Rule |
WAF.2 |
|
AWS::WAFRegional::RuleGroup |
WAF.3 |
|
AWS::WAFRegional::WebACL |
WAF.4 |
|
AWS::WAFv2::RuleGroup |
WAF.12 |
|
AWS::WAFv2::WebACL |
WAF.10 WAF.11 |
|
| Amazon WorkSpaces | AWS::WorkSpaces::WorkSpace |
WorkSpaces.1 WorkSpaces.2 |
FSBP 표준에 필요한 리소스
Security Hub가 AWS Config 규칙을 사용하는 활성화된 AWS Foundational Security Best Practices v1.0.0(FSBP) 변경 트리거 제어에 대한 결과를 정확하게 보고하려면 이러한 리소스를에 기록해야 합니다 AWS Config. 이 표준에 대한 자세한 내용은 AWS 기본 보안 모범 사례 v1.0.0(FSBP) 표준 섹션을 참조하세요.
| Service | 필수 리소스 |
|---|---|
|
Amazon API Gateway |
|
|
AWS AppSync |
|
|
AWS Backup |
|
|
AWS Certificate Manager (ACM) |
|
|
AWS CloudFormation |
|
|
Amazon CloudFront |
|
|
AWS CodeBuild |
|
|
Amazon Cognito |
|
|
AWS DataSync |
|
|
AWS Database Migration Service (AWS DMS) |
|
|
Amazon DynamoDB |
|
| Amazon EC2 Systems Manager(SSM) |
|
|
Amazon Elastic Compute Cloud(EC2) |
|
|
Amazon EC2 Auto Scaling |
|
|
Amazon Elastic Container Registry(Amazon ECR) |
|
|
Amazon Elastic Container Service(Amazon ECS) |
|
|
Amazon Elastic File System(Amazon EFS) |
|
|
Amazon EKS |
|
|
ElasticBeanstalk |
|
|
Elastic Load Balancing |
|
|
ElasticSearch |
|
|
Amazon EMR |
|
|
AWS Glue |
|
|
AWS Identity and Access Management (IAM) |
|
|
Amazon Kinesis |
|
|
AWS Key Management Service (AWS KMS) |
|
|
AWS Lambda |
|
|
Amazon MSK |
|
|
AWS Network Firewall |
|
|
Amazon OpenSearch Service |
|
|
Amazon Relational Database Service(Amazon RDS) |
|
|
Amazon Redshift |
|
|
Amazon Route 53 |
|
|
Amazon Simple Storage Service(S3) |
|
|
Amazon SageMaker AI |
|
|
Amazon Simple Notification Service(Amazon SNS) |
|
|
Amazon Simple Queue Service(Amazon SQS) |
|
|
AWS Secrets Manager |
|
|
AWS Step Functions |
|
|
AWS WAF |
|
|
Amazon WorkSpaces |
|
CIS AWS Foundations 벤치마크에 필요한 리소스
인터넷 보안 센터(CIS) AWS 기반 벤치마크에 적용되는 활성화된 제어에 대한 보안 검사를 실행하기 위해 Security Hub는 Amazon Web Services 보안
이 표준에 대한 자세한 내용은 CIS AWS Foundations Benchmark 섹션을 참조하세요.
CIS v3.0.0에 필요한 리소스
Security Hub가 AWS Config 규칙을 사용하는 활성화된 CIS v3.0.0 변경 트리거된 제어에 대한 결과를 정확하게 보고하려면 이러한 리소스를에 기록해야 합니다 AWS Config.
| Service | 필수 리소스 |
|---|---|
|
Amazon Elastic Compute Cloud(Amazon EC2) |
|
|
AWS Identity and Access Management (IAM) |
|
|
Amazon Relational Database Service(Amazon RDS) |
|
|
Amazon Simple Storage Service(S3) |
|
CIS v1.4.0에 필요한 리소스
Security Hub가 AWS Config 규칙을 사용하는 활성화된 CIS v1.4.0 변경 트리거된 제어에 대한 결과를 정확하게 보고하려면 이러한 리소스를에 기록해야 합니다 AWS Config.
| Service | 필수 리소스 |
|---|---|
|
Amazon Elastic Compute Cloud(EC2) |
|
|
AWS Identity and Access Management (IAM) |
|
|
Amazon Relational Database Service(Amazon RDS) |
|
|
Amazon Simple Storage Service(S3) |
|
CIS v1.2.0에 필요한 리소스
Security Hub가 AWS Config 규칙을 사용하는 활성화된 CIS v1.2.0 변경 트리거된 제어에 대한 결과를 정확하게 보고하려면 이러한 리소스를에 기록해야 합니다 AWS Config.
| Service | 필수 리소스 |
|---|---|
|
Amazon Elastic Compute Cloud(EC2) |
|
|
AWS Identity and Access Management (IAM) |
|
NIST SP 800-53 개정 5에 필요한 리소스
Security Hub가 규칙을 사용하는 활성화된 NIST(National Institute of Standards and Technology) SP 800-53 Rev. 5 변경 트리거 제어에 대한 결과를 정확하게 보고 AWS Config 하려면 이러한 리소스를에 기록해야 합니다 AWS Config. 변경 트리거 스케줄 유형의 변경이 있는 제어의 리소스만 기록하면 됩니다. 이 표준에 대한 자세한 내용은 Security Hub의 NIST SP 800-53 개정 5 섹션을 참조하세요.
| Service | 필수 리소스 |
|---|---|
|
Amazon API Gateway |
|
|
AWS AppSync |
|
|
AWS Backup |
|
|
AWS Certificate Manager (ACM) |
|
|
AWS CloudFormation |
|
|
Amazon CloudFront |
|
|
Amazon CloudWatch |
|
|
AWS CodeBuild |
|
|
AWS Database Migration Service (AWS DMS) |
|
|
Amazon DynamoDB |
|
|
Amazon Elastic Compute Cloud(EC2) |
|
|
Amazon EC2 Auto Scaling |
|
|
Amazon Elastic Container Registry(Amazon ECR) |
|
|
Amazon Elastic Container Service(Amazon ECS) |
|
|
Amazon Elastic File System(Amazon EFS) |
|
|
Amazon EKS |
|
|
ElasticBeanstalk |
|
|
Elastic Load Balancing |
|
|
ElasticSearch |
|
|
Amazon EMR |
|
|
Amazon EventBridge |
|
|
AWS Identity and Access Management (IAM) |
|
|
AWS Key Management Service (AWS KMS) |
|
|
Amazon Kinesis |
|
|
AWS Lambda |
|
|
Amazon MSK |
|
|
Amazon MQ |
|
|
AWS Network Firewall |
|
|
Amazon OpenSearch Service |
|
|
Amazon Relational Database Service(Amazon RDS) |
|
|
Amazon Redshift |
|
|
Amazon Route 53 |
|
|
Amazon Simple Storage Service(S3) |
|
|
AWS Service Catalog |
|
|
Amazon Simple Notification Service(SNS) |
|
|
Amazon Simple Queue Service(Amazon SQS) |
|
| Amazon EC2 Systems Manager(SSM) |
|
|
Amazon SageMaker AI |
|
|
AWS Secrets Manager |
|
|
AWS WAF |
|
PCI DSS v3.2.1에 필요한 리소스
Security Hub가 AWS Config 규칙을 사용하는 활성화된 Payment Card Industry Data Security Standard(PCI DSS) 제어에 대한 결과를 정확하게 보고하려면 이러한 리소스를에 기록해야 합니다 AWS Config. 이 표준에 대한 자세한 내용은 Security Hub의 PCI DSS 섹션을 참조하세요.
| Service | 필수 리소스 |
|---|---|
|
AWS CodeBuild |
|
|
Amazon Elastic Compute Cloud(EC2) |
|
|
Amazon EC2 Auto Scaling |
|
|
AWS Identity and Access Management (IAM) |
|
|
AWS Lambda |
|
|
Amazon OpenSearch Service |
|
|
Amazon Relational Database Service(Amazon RDS) |
|
|
Amazon Redshift |
|
|
Amazon Simple Storage Service(S3) |
|
| Amazon EC2 Systems Manager(SSM) |
|
리소스 태깅 표준에 필요한 AWS 리소스
AWS 리소스 태깅 표준의 모든 제어는 변경이 트리거되고 AWS Config 규칙을 사용합니다. Security Hub가 이러한 제어에 대한 결과를 정확하게 보고하려면 다음 리소스를에 기록해야 합니다 AWS Config. 이 표준에 대한 자세한 내용은 AWS 리소스 태깅 표준 섹션을 참조하세요.
| Service | 필수 리소스 |
|---|---|
| AWS AppConfig |
|
| Amazon AppFlow |
|
| AWS App Runner |
|
| AWS AppSync |
|
| Amazon Athena |
|
| AWS Certificate Manager (ACM) |
|
| AWS Backup (AWS Backup) |
|
| AWS Batch |
|
| AWS CloudFormation |
|
| Amazon CloudFront |
|
| AWS CloudTrail |
|
| AWS CodeArtifact |
|
| Amazon CodeGuru |
|
| Amazon Connect |
|
| Amazon Detective |
|
| AWS Database Migration Service (AWS DMS) |
|
| Amazon DynamoDB |
|
| Amazon Elastic Compute Cloud(EC2) |
|
| Amazon EC2 Auto Scaling |
|
| Amazon Elastic Container Registry(Amazon ECR) |
|
| Amazon Elastic Container Service(Amazon ECS) |
|
| Amazon Elastic File System(Amazon EFS) |
|
| Amazon Elastic Kubernetes Service(Amazon EKS) |
|
| AWS Elastic Beanstalk (Elastic Beanstalk) |
|
| ElasticSearch |
|
| Amazon EventBridge |
|
| Amazon Fraud Detector |
|
| AWS Global Accelerator |
|
| AWS Glue |
|
| Amazon GuardDuty |
|
| AWS Identity and Access Management (IAM) |
|
| AWS Identity and Access Management Access Analyzer (IAM Access Analyzer) |
|
| AWS IoT |
|
| AWS IoT 이벤트 |
|
| AWS IoT SiteWise |
|
| AWS IoT TwinMaker |
|
| AWS IoT 무선 |
|
| Amazon Interactive Video Service(Amazon IVS) |
|
| Amazon Keyspaces(Apache Cassandra용) |
|
| Amazon Kinesis |
|
| AWS Lambda |
|
| Amazon MQ |
|
| AWS Network Firewall |
|
| Amazon OpenSearch Service |
|
| AWS Private Certificate Authority |
|
| Amazon Relational Database Service |
|
| Amazon Redshift |
|
| Amazon Route 53 |
|
| AWS Secrets Manager |
|
| Amazon Simple Email Service(Amazon SES) |
|
| Amazon Simple Notification Service(Amazon SNS) |
|
| Amazon Simple Queue Service(Amazon SQS) |
|
| AWS Step Functions |
|
| AWS Transfer Family |
|
서비스 관리형 표준에 필요한 리소스: AWS Control Tower
Security Hub가 AWS Config 규칙을 사용하는 활성화된 서비스 관리형 표준: AWS Control Tower 변경 트리거된 제어에 대한 결과를 정확하게 보고하려면 다음 리소스를에 기록해야 합니다 AWS Config. 이 표준에 대한 자세한 내용은 서비스 관리형 표준: AWS Control Tower 섹션을 참조하세요.
| Service | 필수 리소스 |
|---|---|
|
Amazon API Gateway |
|
|
AWS Certificate Manager (ACM) |
|
|
AWS CodeBuild |
|
|
Amazon DynamoDB |
|
|
Amazon Elastic Compute Cloud(EC2) |
|
|
Amazon EC2 Auto Scaling |
|
|
Amazon Elastic Container Registry(Amazon ECR) |
|
|
Amazon Elastic Container Service(Amazon ECS) |
|
|
Amazon Elastic File System(Amazon EFS) |
|
|
Amazon EKS |
|
|
ElasticBeanstalk |
|
|
Elastic Load Balancing |
|
|
ElasticSearch |
|
|
AWS Identity and Access Management (IAM) |
|
|
AWS Key Management Service (AWS KMS) |
|
|
Amazon Kinesis |
|
|
AWS Lambda |
|
|
AWS Network Firewall |
|
|
Amazon OpenSearch Service |
|
|
Amazon Relational Database Service(Amazon RDS) |
|
|
Amazon Redshift |
|
|
Amazon Simple Storage Service(S3) |
|
|
Amazon Simple Notification Service(SNS) |
|
|
Amazon Simple Queue Service(Amazon SQS) |
|
| Amazon EC2 Systems Manager(SSM) |
|
|
AWS Secrets Manager |
|
|
AWS WAF |
|
