Security Hub 제어 조사 결과에 필요한 AWS Config 리소스 - AWS Security Hub

기계 번역으로 제공되는 번역입니다. 제공된 번역과 원본 영어의 내용이 상충하는 경우에는 영어 버전이 우선합니다.

Security Hub 제어 조사 결과에 필요한 AWS Config 리소스

일부 AWS Security Hub 제어는 AWS 리소스의 구성 변경을 감지하는 서비스 연결 AWS Config 규칙을 사용합니다. Security Hub가 정확한 제어 결과를 생성하려면 리소스 기록을 활성화 AWS Config 하고 켜야 합니다 AWS Config. Security Hub가 AWS Config 규칙을 사용하는 방법과 활성화 및 구성하는 방법에 대한 컨텍스트는 섹션을 AWS Config참조하세요Security Hub AWS Config 에 대해 활성화 및 구성.

정확한 제어 결과를 수신하려면 변경 트리거된 일정 유형을 사용하여 활성화된 제어에 대한 AWS Config 리소스 기록을 켜야 합니다. 주기적인 일정 유형을 사용하는 일부 제어에는 리소스 기록도 필요합니다.

이 페이지에는 각 Security Hub 제어에 필요한 리소스가 나열되어 있습니다.

Security Hub 제어는 관리형 AWS Config 규칙 또는 사용자 지정 Security Hub 규칙에 의존할 수 있습니다. Organizations에가 리소스를 기록할 수 있는 권한을 AWS Config 갖지 못하도록 하는 AWS Identity and Access Management (IAM) 정책 또는 정책이 관리되지 않는지 확인합니다. Security Hub 제어 검사는 리소스의 구성을 직접 평가하고 Organizations 정책을 고려하지 않습니다. AWS Config 녹음에 대한 자세한 내용은 AWS Config 개발자 안내서의 AWS Config 관리형 규칙 목록 - 고려 사항을 참조하세요.

참고

컨트롤을 사용할 수 없는 AWS 리전 에서는 해당 리소스를 사용할 수 없습니다 AWS Config. Security Hub 제어에 대한 리전별 제한 목록은 Security Hub 제어 기능에 대한 리전별 제한 섹션을 참조하세요.

모든 Security Hub 제어에 필요한 리소스

Security Hub가 AWS Config 규칙을 사용하는 활성화된 Security Hub 변경 트리거 제어에 대한 결과를 생성하려면 이러한 리소스를에 기록해야 합니다 AWS Config. 또한이 표는 특정 리소스를 평가하는 컨트롤을 나타냅니다. 단일 컨트롤은 둘 이상의 리소스를 평가할 수 있습니다.

Service 필수 리소스 관련 제어
Amazon API Gateway AWS::ApiGateway::Stage

APIGateway.1

APIGateway.2

APIGateway.3

APIGateway.4

APIGateway.5

AWS::ApiGatewayV2::Stage

APIGateway.1

APIGateway.9

AWS AppConfig AWS::AppConfig::Application

AppConfig.1

AWS::AppConfig::ConfigurationProfile

AppConfig.2

AWS::AppConfig::Environment

AppConfig.3

AWS::AppConfig::ExtensionAssociation

AppConfig.4

Amazon AppFlow AWS::AppFlow::Flow

AppFlow.1

AWS App Runner AWS::AppRunner::Service

AppRunner.1

AWS::AppRunner::VpcConnector

AppRunner.2

AWS AppSync AWS::AppSync::GraphQLApi

AppSync.2

AppSync.4

AppSync.5

AWS::AppSync::ApiCache

AppSync.1

AppSync.6

AWS Backup (AWS Backup) AWS::Backup::BackupPlan

Backup.5

AWS::Backup::BackupVault

Backup.3

AWS::Backup::RecoveryPoint

Backup.1

Backup.2

AWS::Backup::ReportPlan

Backup.4

AWS Batch AWS::Batch::ComputeEnvironment

Batch.3

AWS::Batch::JobQueue

배치.1

AWS::Batch::SchedulingPolicy

배치.2

AWS Certificate Manager (ACM) AWS::ACM::Certificate

ACM.1

ACM.2

ACM.3

Amazon Athena AWS::Athena::DataCatalog Athena.2
AWS::Athena::WorkGroup

Athena.3

Athena.4

AWS CloudFormation AWS::CloudFormation::Stack

CloudFormation.2

Amazon CloudFront AWS::CloudFront::Distribution

CloudFront.1

CloudFront.3

CloudFront.4

CloudFront.5

CloudFront.6

CloudFront.7

CloudFront.8

CloudFront.9

CloudFront.10

CloudFront.13

CloudFront.14

AWS CloudTrail AWS::CloudTrail::Trail CloudTrail.9
Amazon CloudWatch AWS::CloudWatch::Alarm

CloudWatch.15

CloudWatch.17

AWS CodeArtifact AWS::CodeArtifact::Repository CodeArtifact.1
AWS CodeBuild AWS::CodeBuild::Project

CodeBuild.1

CodeBuild.2

CodeBuild.3

CodeBuild.4

AWS::CodeBuild::ReportGroup

CodeBuild.7

Amazon CodeGuru Profiler AWS::CodeGuruProfiler::ProfilingGroup CodeGuruProfiler.1
Amazon CodeGuru Reviewer AWS::CodeGuruReviewer::RepositoryAssociation CodeGuruReviewer.1
Amazon Cognito AWS::Cognito::UserPool Cognito.1
Amazon Cognito AWS::Cognito::UserPool Cognito.1
Amazon Connect AWS::CustomerProfiles::ObjectType Connect.1
AWS DataSync AWS::DataSync::Task DataSync.1
Amazon Detective AWS::Detective::Graph Detective.1
AWS Database Migration Service (AWS DMS) AWS::DMS::Certificate

DMS.2

AWS::DMS::Endpoint

DMS.9

DMS.10

DMS.11

DMS.12

AWS::DMS::EventSubscription DMS.3
AWS::DMS::ReplicationInstance

DMS.4

DMS.6

AWS::DMS::ReplicationSubnetGroup DMS.5
AWS::DMS::ReplicationTask

DMS.7

DMS.8

Amazon DynamoDB AWS::DynamoDB::Table

DynamoDB.1

DynamoDB.2

DynamoDB.5

DynamoDB.6

Amazon Elastic Compute Cloud(EC2) AWS::EC2::ClientVpnEndpoint

EC2.51

AWS::EC2::CustomerGateway EC2.36
AWS::EC2::EIP

EC2.12

EC2.37

AWS::EC2::FlowLog EC2.48
AWS::EC2::Instance

EC2.4

EC2.8

EC2.9

EC2.17

EC2.24

EC2.38

EMR.1

SSM.1

AWS::EC2::InternetGateway

EC2.39

AWS::EC2::LaunchTemplate

EC2.25

EC2.170

AWS::EC2::NatGateway

EC2.40

AWS::EC2::NetworkAcl

EC2.16

EC2.21

EC2.41

AWS::EC2::NetworkInterface

EC2.22

EC2.35

AWS::EC2::RouteTable EC2.42
AWS::EC2::SecurityGroup

EC2.2

EC2.13

EC2.14

EC2.18

EC2.19

EC2.43

AWS::EC2::Subnet

EC2.15

EC2.44

ElastiCache.7

AWS::EC2::TransitGateway

EC2.23

EC2.52

AWS::EC2::TransitGatewayAttachment EC2.33
AWS::EC2::TransitGatewayRouteTable EC2.34
AWS::EC2::Volume

EC2.3

EC2.45

AWS::EC2::VPC

EC2.6

EC2.46

AWS::EC2::VPCBlockPublicAccessOptions

EC2.172

AWS::EC2::VPCEndpointService EC2.47
AWS::EC2::VPCPeeringConnection EC2.49
AWS::EC2::VPNConnection EC2.20

EC2.171

AWS::EC2::VPNGateway EC2.50
Amazon EC2 Auto Scaling AWS::AutoScaling::AutoScalingGroup

AutoScaling.1

AutoScaling.2

AutoScaling.6

AutoScaling.9

AutoScaling.10

AWS::AutoScaling::LaunchConfiguration

AutoScaling.3

Autoscaling.5

Amazon EC2 Systems Manager(SSM) AWS::SSM::AssociationCompliance

SSM.3

AWS::SSM::ManagedInstanceInventory

SSM.1

AWS::SSM::PatchCompliance

SSM.2

Amazon Elastic Container Registry (Amazon ECR) AWS::ECR::PublicRepository ECR.4
AWS::ECR::Repository

ECR.2

ECR.3

Amazon Elastic Container Service(Amazon ECS) AWS::ECS::Cluster

ECS.12

ECS.14

AWS::ECS::Service

ECS.2

ECS.10

ECS.13

AWS::ECS::TaskDefinition

ECS.1

ECS.3

ECS.4

ECS.5

ECS.8

ECS.9

ECS.15

AWS::ECS::TaskSet

ECS.16

Amazon Elastic File System(Amazon EFS) AWS::EFS::AccessPoint

EFS.3

EFS.4

EFS.5

AWS::EFS::FileSystem

EFS.7

EFS.8

Amazon Elastic Kubernetes Service(Amazon EKS) AWS::EKS::Cluster

EKS.2

EKS.6

EKS.8

AWS::EKS::IdentityProviderConfig EKS.7
AWS Elastic Beanstalk AWS::ElasticBeanstalk::Environment

ElasticBeanstalk.1

ElasticBeanstalk.2

ElasticBeanstalk.3

Elastic Load Balancing AWS::ElasticLoadBalancing::LoadBalancer

ELB.2

ELB.3

ELB.5

ELB.7

ELB.8

ELB.9

ELB.10

ELB.14

AWS::ElasticLoadBalancingV2::LoadBalancer

ELB.1

ELB.4

ELB.5

ELB.6

ELB.12

ELB.13

ELB.16

ElasticSearch AWS::Elasticsearch::Domain

ES.3

ES.4

ES.5

ES.6

ES.7

ES.8

ES.9

Amazon EMR AWS::EMR::SecurityConfiguration

EMR.3

EMR.4

Amazon EventBridge AWS::Events::EventBus

EventBridge.2

EventBridge.3

AWS::Events::Endpoint

EventBridge.4

Amazon Fraud Detector AWS::FraudDetector::EntityType

FraudDetector.1

AWS::FraudDetector::Label

FraudDetector.2

AWS::FraudDetector::Outcome

FraudDetector.3

AWS::FraudDetector::Variable

FraudDetector.4

AWS Global Accelerator AWS::GlobalAccelerator::Accelerator

GlobalAccelerator.1

AWS Glue AWS::Glue::Job

Glue.1

AWS::Glue::MLTransform

Glue.3

Amazon GuardDuty AWS::GuardDuty::Detector

GuardDuty.4

AWS::GuardDuty::Filter

GuardDuty.2

AWS::GuardDuty::IPSet

GuardDuty.3

AWS Identity and Access Management (IAM) AWS::IAM::Group

IAM.27

KMS.2

AWS::IAM::Policy

IAM.1

IAM.21

KMS.1

AWS::IAM::Role

IAM.24

IAM.27

KMS.2

AWS::IAM::User

IAM.2

IAM.3

IAM.5

IAM.8

IAM.19

IAM.22

IAM.25

IAM.27

KMS.2

AWS Identity and Access Management Access Analyzer AWS::AccessAnalyzer::Analyzer

IAM.23

Amazon Interactive Video Service(Amazon IVS) AWS::IVS::PlaybackKeyPair

IVS.1

AWS::IVS::RecordingConfiguration

IVS.2

AWS::IVS::Channel

IVS.3

AWS IoT AWS::IoT::Authorizer

IoT.4

AWS::IoT::Dimension

IoT.3

AWS::IoT::MitigationAction

IoT.2

AWS::IoT::Policy

IoT.6

AWS::IoT::RoleAlias

IoT.5

AWS::IoT::SecurityProfile

IoT.1

AWS IoT 이벤트 AWS::IoTEvents::AlarmModel

IoTEvents.3

AWS::IoTEvents::DetectorModel

IoTEvents.2

AWS::IoTEvents::Input

IoTEvents.1

AWS IoT 이벤트 AWS::IoTEvents::AlarmModel

IoTEvents.3

AWS::IoTEvents::DetectorModel

IoTEvents.2

AWS::IoTEvents::Input

IoTEvents.1

AWS IoT SiteWise AWS::IoTSiteWise::AssetModel

IoTSiteWise.1

AWS::IoTSiteWise::Dashboard

IoTSiteWise.2

AWS::IoTSiteWise::Gateway

IoTSiteWise.3

AWS::IoTSiteWise::Portal

IoTSiteWise.4

AWS::IoTSiteWise::Project

IoTSiteWise.5

AWS IoT TwinMaker AWS::IoTTwinMaker::Entity

IoTTwinMaker.4

AWS::IoTTwinMaker::Scene

IoTTwinMaker.3

AWS::IoTTwinMaker::SyncJob

IoTTwinMaker.1

AWS::IoTTwinMaker::Workspace

IoTTwinMaker.2

AWS IoT Wireless AWS::IoTWireless::MulticastGroup

IoTWireless.1

AWS::IoTWireless::ServiceProfile

IoTWireless.2

AWS::IoTWireless::FuotaTask

IoTWireless.3

Amazon Keyspaces(Apache Cassandra용) AWS::Cassandra::Keyspace

키스페이스.1

Amazon Kinesis AWS::Kinesis::Stream

Kinesis.1

Kinesis.2

Kinesis.3

AWS Key Management Service (AWS KMS) AWS::KMS::Alias

S3.17

AWS::KMS::Key

KMS.3

KMS.5

S3.17

AWS Lambda AWS::Lambda::Function

Lambda.1

Lambda.2

Lambda.3

Lambda.5

Lambda.6

Amazon MSK AWS::MSK::Cluster

MSK.1

MSK.2

AWS::KafkaConnect::Connector

MSK.3

Amazon MQ AWS::AmazonMQ::Broker

MQ.2

MQ.3

MQ.4

MQ.5

MQ.6

AWS Network Firewall AWS::NetworkFirewall::Firewall

NetworkFirewall.1

NetworkFirewall.7

NetworkFirewall.9

AWS::NetworkFirewall::FirewallPolicy

NetworkFirewall.3

NetworkFirewall.4

NetworkFirewall.5

NetworkFirewall.8

AWS::NetworkFirewall::RuleGroup

NetworkFirewall.6

Amazon OpenSearch Service AWS::OpenSearch::Domain

Opensearch.1

Opensearch.2

Opensearch.3

Opensearch.4

Opensearch.5

Opensearch.6

Opensearch.7

Opensearch.8

Opensearch.9

Opensearch.10

Opensearch.11

AWS Private CA AWS::ACMPCA::CertificateAuthority

PCA.2

Amazon Relational Database Service(Amazon RDS) AWS::RDS::DBCluster

DocumentDB.1

DocumentDB.2

DocumentDB.4

DocumentDB.5

Neptune.1

Neptune.2

Neptune.4

Neptune.5

Neptune.7

Neptune.8

Neptune.9

RDS.7

RDS.12

RDS.14

RDS.15

RDS.16

RDS.24

RDS.27

RDS.28

RDS.34

RDS.35

RDS.37

AWS::RDS::DBClusterSnapshot

DocumentDB.3

Neptune.3

Neptune.6

RDS.1

RDS.4

RDS.29

AWS::RDS::DBInstance

RDS.2

RDS.3

RDS.5

RDS.6

RDS.8

RDS.9

RDS.10

RDS.11

RDS.13

RDS.17

RDS.18

RDS.23

RDS.25

RDS.30

RDS.36

AWS::RDS::DBSecurityGroup

RDS.31

AWS::RDS::DBSnapshot

RDS.1

RDS.4

RDS.32

AWS::RDS::DBSubnetGroup

RDS.33

AWS::RDS::EventSubscription

RDS.19

RDS.20

RDS.21

RDS.22

Amazon Redshift AWS::Redshift::Cluster

Redshift.1

Redshift.2

Redshift.3

Redshift.4

Redshift.6

Redshift.7

Redshift.8

Redshift.9

Redshift.10

Redshift.11

AWS::Redshift::ClusterParameterGroup

Redshift.2

AWS::Redshift::ClusterSnapshot

Redshift.13

AWS::Redshift::ClusterSubnetGroup

Redshift.14

Redshift.16

AWS::Redshift::EventSubscription

Redshift.12

Amazon Route 53 AWS::Route53::HostedZone

Route53.2

AWS::Route53::HealthCheck

Route53.1

Amazon Simple Storage Service(S3) AWS::S3::AccessPoint

S3.19

AWS::S3::AccountPublicAccessBlock

S3.2

S3.3

AWS::S3::Bucket

S3.2

S3.3

S3.5

S3.6

S3.7

S3.8

S3.9

S3.10

S3.11

S3.12

S3.13

S3.14

S3.15

S3.17

S3.20

AWS::S3::MultiRegionAccessPoint

S3.24

Amazon SageMaker AI AWS::SageMaker::NotebookInstance

SageMaker.2

SageMaker.3

AWS::SageMaker::Model

SageMaker.5

AWS Secrets Manager AWS::SecretsManager::Secret

SecretsManager.1

SecretsManager.2

SecretsManager.5

AWS Service Catalog AWS::ServiceCatalog::Portfolio

ServiceCatalog.1

Amazon Simple Email Service(Amazon SES) AWS::SES::ConfigurationSet

SES.2

AWS::SES::ContactList

SES.1

Amazon Simple Notification Service(Amazon SNS) AWS::SNS::Topic

SNS.1

SNS.3

SNS.4

Amazon Simple Queue Service(Amazon SQS) AWS::SQS::Queue

SQS.1

SQS.2

AWS Step Functions AWS::StepFunctions::StateMachine

StepFunctions.1

AWS::StepFunctions::Activity

StepFunctions.2

AWS Transfer Family AWS::Transfer::Workflow

Transfer.1

AWS WAF AWS::WAF::Rule

WAF.6

AWS::WAF::RuleGroup

WAF.7

AWS::WAF::WebACL

WAF.1

WAF.8

AWS::WAFRegional::Rule

WAF.2

AWS::WAFRegional::RuleGroup

WAF.3

AWS::WAFRegional::WebACL

WAF.4

AWS::WAFv2::RuleGroup

WAF.12

AWS::WAFv2::WebACL

WAF.10

WAF.11

Amazon WorkSpaces AWS::WorkSpaces::WorkSpace

WorkSpaces.1

WorkSpaces.2

FSBP 표준에 필요한 리소스

Security Hub가 AWS Config 규칙을 사용하는 활성화된 AWS Foundational Security Best Practices v1.0.0(FSBP) 변경 트리거 제어에 대한 결과를 정확하게 보고하려면 이러한 리소스를에 기록해야 합니다 AWS Config. 이 표준에 대한 자세한 내용은 AWS 기본 보안 모범 사례 v1.0.0(FSBP) 표준 섹션을 참조하세요.

Service 필수 리소스

Amazon API Gateway

AWS::ApiGateway::Stage

AWS::ApiGatewayV2::Stage

AWS AppSync

AWS::AppSync::ApiCache

AWS::AppSync::GraphQLApi

AWS Backup

AWS::Backup::RecoveryPoint

AWS Certificate Manager (ACM)

AWS::ACM::Certificate

AWS CloudFormation

AWS::CloudFormation::Stack

Amazon CloudFront

AWS::CloudFront::Distribution

AWS CodeBuild

AWS::CodeBuild::Project

AWS::CodeBuild::ReportGroup

Amazon Cognito

AWS::Cognito::UserPool

AWS DataSync

AWS::DataSync::Task

AWS Database Migration Service (AWS DMS)

AWS::DMS::Endpoint

AWS::DMS::ReplicationInstance

AWS::DMS::ReplicationTask

Amazon DynamoDB

AWS::DynamoDB::Table

Amazon EC2 Systems Manager(SSM)

AWS::SSM::AssociationCompliance

AWS::SSM::ManagedInstanceInventory

AWS::SSM::PatchCompliance

Amazon Elastic Compute Cloud(EC2)

AWS::EC2::ClientVpnEndpoint

AWS::EC2::Instance

AWS::EC2::LaunchTemplate

AWS::EC2::NetworkAcl

AWS::EC2::NetworkInterface

AWS::EC2::SecurityGroup

AWS::EC2::Subnet

AWS::EC2::TransitGateway

AWS::EC2::VPCBlockPublicAccessOptions

AWS::EC2::VPNConnection

AWS::EC2::Volume

Amazon EC2 Auto Scaling

AWS::AutoScaling::AutoScalingGroup

AWS::AutoScaling::LaunchConfiguration

Amazon Elastic Container Registry(Amazon ECR)

AWS::ECR::Repository

Amazon Elastic Container Service(Amazon ECS)

AWS::ECS::Cluster

AWS::ECS::Service

AWS::ECS::TaskDefinition

AWS::ECS::TaskSet

Amazon Elastic File System(Amazon EFS)

AWS::EFS::AccessPoint

AWS::EFS::FileSystem

Amazon EKS

AWS::EKS::Cluster

ElasticBeanstalk

AWS::ElasticBeanstalk::Environment

Elastic Load Balancing

AWS::ElasticLoadBalancing::LoadBalancer

AWS::ElasticLoadBalancingV2::LoadBalancer

ElasticSearch

AWS::Elasticsearch::Domain

Amazon EMR

AWS::EMR::SecurityConfiguration

AWS Glue

AWS::Glue::Job

AWS::Glue::MLTransform

AWS Identity and Access Management (IAM)

AWS::IAM::Group

AWS::IAM::Policy

AWS::IAM::Role

AWS::IAM::User

Amazon Kinesis

AWS::Kinesis::Stream

AWS Key Management Service (AWS KMS)

AWS::KMS::Key

AWS Lambda

AWS::Lambda::Function

Amazon MSK

AWS::MSK::Cluster

AWS::KafkaConnect::Connector

AWS Network Firewall

AWS::NetworkFirewall::Firewall

AWS::NetworkFirewall::FirewallPolicy

AWS::NetworkFirewall::RuleGroup

Amazon OpenSearch Service

AWS::OpenSearch::Domain

Amazon Relational Database Service(Amazon RDS)

AWS::RDS::DBCluster

AWS::RDS::DBClusterSnapshot

AWS::RDS::DBInstance

AWS::RDS::DBSnapshot

AWS::RDS::EventSubscription

Amazon Redshift

AWS::Redshift::Cluster

AWS::Redshift::ClusterSubnetGroup

Amazon Route 53

AWS::Route53::HostedZone

Amazon Simple Storage Service(S3)

AWS::S3::AccessPoint

AWS::S3::AccountPublicAccessBlock

AWS::S3::Bucket

AWS::S3::MultiRegionAccessPoint

Amazon SageMaker AI

AWS::SageMaker::Model

AWS::SageMaker::NotebookInstance

Amazon Simple Notification Service(Amazon SNS)

AWS::SNS::Topic

Amazon Simple Queue Service(Amazon SQS)

AWS::SQS::Queue

AWS Secrets Manager

AWS::SecretsManager::Secret

AWS Step Functions

AWS::StepFunctions::StateMachine

AWS WAF

AWS::WAF::Rule

AWS::WAF::RuleGroup

AWS::WAF::WebACL

AWS::WAFRegional::Rule

AWS::WAFRegional::RuleGroup

AWS::WAFRegional::WebACL

AWS::WAFv2::RuleGroup

AWS::WAFv2::WebACL

Amazon WorkSpaces

AWS::WorkSpaces::WorkSpace

CIS AWS Foundations 벤치마크에 필요한 리소스

인터넷 보안 센터(CIS) AWS 기반 벤치마크에 적용되는 활성화된 제어에 대한 보안 검사를 실행하기 위해 Security Hub는 Amazon Web Services 보안의 검사에 대해 규정된 정확한 감사 단계를 실행하거나 특정 AWS Config 관리형 규칙을 사용합니다.

이 표준에 대한 자세한 내용은 CIS AWS Foundations Benchmark 섹션을 참조하세요.

CIS v3.0.0에 필요한 리소스

Security Hub가 AWS Config 규칙을 사용하는 활성화된 CIS v3.0.0 변경 트리거된 제어에 대한 결과를 정확하게 보고하려면 이러한 리소스를에 기록해야 합니다 AWS Config.

Service 필수 리소스

Amazon Elastic Compute Cloud(Amazon EC2)

AWS::EC2::Instance

AWS::EC2::NetworkAcl

AWS::EC2::SecurityGroup

AWS Identity and Access Management (IAM)

AWS::IAM::Group

AWS::IAM::User

AWS::IAM::Role

Amazon Relational Database Service(Amazon RDS)

AWS::RDS::DBInstance

Amazon Simple Storage Service(S3)

AWS::S3::Bucket

CIS v1.4.0에 필요한 리소스

Security Hub가 AWS Config 규칙을 사용하는 활성화된 CIS v1.4.0 변경 트리거된 제어에 대한 결과를 정확하게 보고하려면 이러한 리소스를에 기록해야 합니다 AWS Config.

Service 필수 리소스

Amazon Elastic Compute Cloud(EC2)

AWS::EC2::NetworkAcl

AWS::EC2::SecurityGroup

AWS Identity and Access Management (IAM)

AWS::IAM::Policy

AWS::IAM::User

Amazon Relational Database Service(Amazon RDS)

AWS::RDS::DBInstance

Amazon Simple Storage Service(S3)

AWS::S3::Bucket

CIS v1.2.0에 필요한 리소스

Security Hub가 AWS Config 규칙을 사용하는 활성화된 CIS v1.2.0 변경 트리거된 제어에 대한 결과를 정확하게 보고하려면 이러한 리소스를에 기록해야 합니다 AWS Config.

Service 필수 리소스

Amazon Elastic Compute Cloud(EC2)

AWS::EC2::SecurityGroup

AWS Identity and Access Management (IAM)

AWS::IAM::Policy

AWS::IAM::User

NIST SP 800-53 개정 5에 필요한 리소스

Security Hub가 규칙을 사용하는 활성화된 NIST(National Institute of Standards and Technology) SP 800-53 Rev. 5 변경 트리거 제어에 대한 결과를 정확하게 보고 AWS Config 하려면 이러한 리소스를에 기록해야 합니다 AWS Config. 변경 트리거 스케줄 유형의 변경이 있는 제어의 리소스만 기록하면 됩니다. 이 표준에 대한 자세한 내용은 Security Hub의 NIST SP 800-53 개정 5 섹션을 참조하세요.

Service 필수 리소스

Amazon API Gateway

AWS::ApiGateway::Stage

AWS::ApiGatewayV2::Stage

AWS AppSync

AWS::AppSync::GraphQLApi

AWS Backup

AWS::Backup::RecoveryPoint

AWS Certificate Manager (ACM)

AWS::ACM::Certificate

AWS CloudFormation

AWS::CloudFormation::Stack

Amazon CloudFront

AWS::CloudFront::Distribution

Amazon CloudWatch

AWS::CloudWatch::Alarm

AWS CodeBuild

AWS::CodeBuild::Project

AWS Database Migration Service (AWS DMS)

AWS::DMS::Endpoint

AWS::DMS::ReplicationInstance

AWS::DMS::ReplicationTask

Amazon DynamoDB

AWS::DynamoDB::Table

Amazon Elastic Compute Cloud(EC2)

AWS::EC2::ClientVpnEndpoint

AWS::EC2::EIP

AWS::EC2::Instance

AWS::EC2::LaunchTemplate

AWS::EC2::NetworkAcl

AWS::EC2::NetworkInterface

AWS::EC2::SecurityGroup

AWS::EC2::Subnet

AWS::EC2::TransitGateway

AWS::EC2::VPNConnection

AWS::EC2::Volume

Amazon EC2 Auto Scaling

AWS::AutoScaling::AutoScalingGroup

AWS::AutoScaling::LaunchConfiguration

Amazon Elastic Container Registry(Amazon ECR)

AWS::ECR::Repository

Amazon Elastic Container Service(Amazon ECS)

AWS::ECS::Cluster

AWS::ECS::Service

AWS::ECS::TaskDefinition

Amazon Elastic File System(Amazon EFS)

AWS::EFS::AccessPoint

Amazon EKS

AWS::EKS::Cluster

ElasticBeanstalk

AWS::ElasticBeanstalk::Environment

Elastic Load Balancing

AWS::ElasticLoadBalancing::LoadBalancer

AWS::ElasticLoadBalancingV2::LoadBalancer

ElasticSearch

AWS::Elasticsearch::Domain

Amazon EMR

AWS::EMR::SecurityConfiguration

Amazon EventBridge

AWS::Events::Endpoint

AWS::Events::EventBus

AWS Identity and Access Management (IAM)

AWS::IAM::Group

AWS::IAM::Policy

AWS::IAM::Role

AWS::IAM::User

AWS Key Management Service (AWS KMS)

AWS::KMS::Alias

AWS::KMS::Key

Amazon Kinesis

AWS::Kinesis::Stream

AWS Lambda

AWS::Lambda::Function

Amazon MSK

AWS::MSK::Cluster

Amazon MQ

AWS::AmazonMQ::Broker

AWS Network Firewall

AWS::NetworkFirewall::Firewall

AWS::NetworkFirewall::FirewallPolicy

AWS::NetworkFirewall::RuleGroup

Amazon OpenSearch Service

AWS::OpenSearch::Domain

Amazon Relational Database Service(Amazon RDS)

AWS::RDS::DBCluster

AWS::RDS::DBClusterSnapshot

AWS::RDS::DBInstance

AWS::RDS::DBSnapshot

AWS::RDS::EventSubscription

Amazon Redshift

AWS::Redshift::Cluster

AWS::Redshift::ClusterSubnetGroup

Amazon Route 53

AWS::Route53::HostedZone

Amazon Simple Storage Service(S3)

AWS::S3::AccountPublicAccessBlock

AWS::S3::AccessPoint

AWS::S3::Bucket

AWS Service Catalog

AWS::ServiceCatalog::Portfolio

Amazon Simple Notification Service(SNS)

AWS::SNS::Topic

Amazon Simple Queue Service(Amazon SQS)

AWS::SQS::Queue

Amazon EC2 Systems Manager(SSM)

AWS::SSM::AssociationCompliance

AWS::SSM::ManagedInstanceInventory

AWS::SSM::PatchCompliance

Amazon SageMaker AI

AWS::SageMaker::NotebookInstance

AWS Secrets Manager

AWS::SecretsManager::Secret

AWS WAF

AWS::WAF::Rule

AWS::WAF::RuleGroup

AWS::WAF::WebACL

AWS::WAFRegional::Rule

AWS::WAFRegional::RuleGroup

AWS::WAFRegional::WebACL

AWS::WAFv2::RuleGroup

AWS::WAFv2::WebACL

PCI DSS v3.2.1에 필요한 리소스

Security Hub가 AWS Config 규칙을 사용하는 활성화된 Payment Card Industry Data Security Standard(PCI DSS) 제어에 대한 결과를 정확하게 보고하려면 이러한 리소스를에 기록해야 합니다 AWS Config. 이 표준에 대한 자세한 내용은 Security Hub의 PCI DSS 섹션을 참조하세요.

Service 필수 리소스

AWS CodeBuild

AWS::CodeBuild::Project

Amazon Elastic Compute Cloud(EC2)

AWS::EC2::EIP

AWS::EC2::Instance

AWS::EC2::SecurityGroup

Amazon EC2 Auto Scaling

AWS::AutoScaling::AutoScalingGroup

AWS Identity and Access Management (IAM)

AWS::IAM::Policy

AWS::IAM::User

AWS Lambda

AWS::Lambda::Function

Amazon OpenSearch Service

AWS::OpenSearch::Domain

Amazon Relational Database Service(Amazon RDS)

AWS::RDS::DBClusterSnapshot

AWS::RDS::DBInstance

AWS::RDS::DBSnapshot

Amazon Redshift

AWS::Redshift::Cluster

Amazon Simple Storage Service(S3)

AWS::S3::AccountPublicAccessBlock

AWS::S3::Bucket

Amazon EC2 Systems Manager(SSM)

AWS::SSM::AssociationCompliance

AWS::SSM::ManagedInstanceInventory

AWS::SSM::PatchCompliance

리소스 태깅 표준에 필요한 AWS 리소스

AWS 리소스 태깅 표준의 모든 제어는 변경이 트리거되고 AWS Config 규칙을 사용합니다. Security Hub가 이러한 제어에 대한 결과를 정확하게 보고하려면 다음 리소스를에 기록해야 합니다 AWS Config. 이 표준에 대한 자세한 내용은 AWS 리소스 태깅 표준 섹션을 참조하세요.

Service 필수 리소스
AWS AppConfig

AWS::AppConfig::Application

AWS::AppConfig::ConfigurationProfile

AWS::AppConfig::Environment

AWS::AppConfig::ExtensionAssociation

Amazon AppFlow

AWS::AppFlow::Flow

AWS App Runner

AWS::AppRunner::Service

AWS::AppRunner::VpcConnector

AWS AppSync

AWS::AppSync::GraphQLApi

Amazon Athena

AWS::Athena::DataCatalog

AWS::Athena::WorkGroup

AWS Certificate Manager (ACM)

AWS::ACM::Certificate

AWS Backup (AWS Backup)

AWS::Backup::BackupPlan

AWS::Backup::BackupVault

AWS::Backup::RecoveryPlan

AWS::Backup::ReportPlan

AWS Batch

AWS::Batch::ComputeEnvironment

AWS::Batch::JobQueue

AWS::Batch::SchedulingPolicy

AWS CloudFormation

AWS::CloudFormation::Stack

Amazon CloudFront

AWS::CloudFront::Distribution

AWS CloudTrail

AWS::CloudTrail::Trail

AWS CodeArtifact

AWS::CodeArtifact::Repository

Amazon CodeGuru

AWS::CodeGuruProfiler::ProfilingGroup

AWS::CodeGuruReviewer::RepositoryAssociation

Amazon Connect

AWS::CustomerProfiles::ObjectType

Amazon Detective

AWS::Detective::Graph

AWS Database Migration Service (AWS DMS)

AWS::DMS::Certificate

AWS::DMS::EventSubscription

AWS::DMS::ReplicationInstance

AWS::DMS::ReplicationSubnetGroup

Amazon DynamoDB

AWS::DynamoDB::Trail

Amazon Elastic Compute Cloud(EC2)

AWS::EC2::CustomerGateway

AWS::EC2::EIP

AWS::EC2::FlowLog

AWS::EC2::Instance

AWS::EC2::InternetGateway

AWS::EC2::NatGateway

AWS::EC2::NetworkAcl

AWS::EC2::NetworkInterface

AWS::EC2::RouteTable

AWS::EC2::SecurityGroup

AWS::EC2::Subnet

AWS::EC2::TransitGateway

AWS::EC2::TransitGatewayAttachment

AWS::EC2::TransitGatewayRouteTable

AWS::EC2::Volume

AWS::EC2::VPC

AWS::EC2::VPCEndpointService

AWS::EC2::VPCPeeringConnection

AWS::EC2::VPNGateway

Amazon EC2 Auto Scaling

AWS::AutoScaling::AutoScalingGroup

Amazon Elastic Container Registry(Amazon ECR)

AWS::ECR::PublicRepository

Amazon Elastic Container Service(Amazon ECS)

AWS::ECS::Cluster

AWS::ECS::Service

AWS::ECS::TaskDefinition

Amazon Elastic File System(Amazon EFS)

AWS::EFS::AccessPoint

Amazon Elastic Kubernetes Service(Amazon EKS)

AWS::EKS::Cluster

AWS::EKS::IdentityProviderConfig

AWS Elastic Beanstalk (Elastic Beanstalk)

AWS::ElasticBeanstalk::Environment

ElasticSearch

AWS::Elasticsearch::Domain

Amazon EventBridge

AWS::Events::EventBus

Amazon Fraud Detector

AWS::FraudDetector::EntityType

AWS::FraudDetector::Label

AWS::FraudDetector::Outcome

AWS::FraudDetector::Variable

AWS Global Accelerator

AWS::GlobalAccelerator::Accelerator

AWS Glue

AWS::Glue::Job

Amazon GuardDuty

AWS::GuardDuty::Detector

AWS::GuardDuty::Filter

AWS::GuardDuty::IPSet

AWS Identity and Access Management (IAM)

AWS::IAM::Role

AWS::IAM::User

AWS Identity and Access Management Access Analyzer (IAM Access Analyzer)

AWS::AccessAnalyzer::Analyzer

AWS IoT

AWS::IoT::Authorizer

AWS::IoT::Dimension

AWS::IoT::MitigationAction

AWS::IoT::Policy

AWS::IoT::RoleAlias

AWS::IoT::SecurityProfile

AWS IoT 이벤트

AWS::IoTEvents::AlarmModel

AWS::IoTEvents::DetectorModel

AWS::IoTEvents::Input

AWS IoT SiteWise

AWS::IoTSiteWise::Dashboard

AWS::IoTSiteWise::Gateway

AWS::IoTSiteWise::Portal

AWS::IoTSiteWise::Project

AWS IoT TwinMaker

AWS::IoTTwinMaker::Entity

AWS::IoTTwinMaker::Scene

AWS::IoTTwinMaker::SyncJob

AWS::IoTTwinMaker::Workspace

AWS IoT 무선

AWS::IoTWireless::FuotaTask

AWS::IoTWireless::MulticastGroup

AWS::IoTWireless::ServiceProfile

Amazon Interactive Video Service(Amazon IVS)

AWS::IVS::Channel

AWS::IVS::PlaybackKeyPair

AWS::IVS::RecordingConfiguration

Amazon Keyspaces(Apache Cassandra용)

AWS::Cassandra::Keyspace

Amazon Kinesis

AWS::Kinesis::Stream

AWS Lambda

AWS::Lambda::Function

Amazon MQ

AWS::AmazonMQ::Broker

AWS Network Firewall

AWS::NetworkFirewall::Firewall

AWS::NetworkFirewall::FirewallPolicy

Amazon OpenSearch Service

AWS::OpenSearch::Domain

AWS Private Certificate Authority

AWS::ACMPCA::CertificateAuthority

Amazon Relational Database Service

AWS::RDS::DBCluster

AWS::RDS::DBClusterSnapshot

AWS::RDS::DBInstance

AWS::RDS::DBSecurityGroup

AWS::RDS::DBSnapshot

AWS::RDS::DBSubnetGroup

Amazon Redshift

AWS::Redshift::Cluster

AWS::Redshift::ClusterSnapshot

AWS::Redshift::ClusterSubnetGroup

AWS::Redshift::EventSubscription

Amazon Route 53

AWS::Route53::HealthCheck

AWS Secrets Manager

AWS::SecretsManager::Secret

Amazon Simple Email Service(Amazon SES)

AWS::SES::ConfigurationSet

AWS::SES::ContactList

Amazon Simple Notification Service(Amazon SNS)

AWS::SNS::Topic

Amazon Simple Queue Service(Amazon SQS)

AWS::SQS::Queue

AWS Step Functions

AWS::StepFunctions::Activity

AWS Transfer Family

AWS::Transfer::Workflow

서비스 관리형 표준에 필요한 리소스: AWS Control Tower

Security Hub가 AWS Config 규칙을 사용하는 활성화된 서비스 관리형 표준: AWS Control Tower 변경 트리거된 제어에 대한 결과를 정확하게 보고하려면 다음 리소스를에 기록해야 합니다 AWS Config. 이 표준에 대한 자세한 내용은 서비스 관리형 표준: AWS Control Tower 섹션을 참조하세요.

Service 필수 리소스

Amazon API Gateway

AWS::ApiGateway::Stage

AWS::ApiGatewayV2::Stage

AWS Certificate Manager (ACM)

AWS::ACM::Certificate

AWS CodeBuild

AWS::CodeBuild::Project

Amazon DynamoDB

AWS::DynamoDB::Table

Amazon Elastic Compute Cloud(EC2)

AWS::EC2::Instance

AWS::EC2::NetworkAcl

AWS::EC2::NetworkInterface

AWS::EC2::SecurityGroup

AWS::EC2::Subnet

AWS::EC2::VPNConnection

AWS::EC2::Volume

Amazon EC2 Auto Scaling

AWS::AutoScaling::AutoScalingGroup

AWS::AutoScaling::LaunchConfiguration

Amazon Elastic Container Registry(Amazon ECR)

AWS::ECR::Repository

Amazon Elastic Container Service(Amazon ECS)

AWS::ECS::Cluster

AWS::ECS::Service

AWS::ECS::TaskDefinition

Amazon Elastic File System(Amazon EFS)

AWS::EFS::AccessPoint

Amazon EKS

AWS::EKS::Cluster

ElasticBeanstalk

AWS::ElasticBeanstalk::Environment

Elastic Load Balancing

AWS::ElasticLoadBalancing::LoadBalancer

AWS::ElasticLoadBalancingV2::LoadBalancer

ElasticSearch

AWS::Elasticsearch::Domain

AWS Identity and Access Management (IAM)

AWS::IAM::Group

AWS::IAM::Policy

AWS::IAM::Role

AWS::IAM::User

AWS Key Management Service (AWS KMS)

AWS::KMS::Alias

AWS::KMS::Key

Amazon Kinesis

AWS::Kinesis::Stream

AWS Lambda

AWS::Lambda::Function

AWS Network Firewall

AWS::NetworkFirewall::FirewallPolicy

AWS::NetworkFirewall::RuleGroup

Amazon OpenSearch Service

AWS::OpenSearch::Domain

Amazon Relational Database Service(Amazon RDS)

AWS::RDS::DBCluster

AWS::RDS::DBClusterSnapshot

AWS::RDS::DBInstance

AWS::RDS::DBSnapshot

AWS::RDS::EventSubscription

Amazon Redshift

AWS::Redshift::Cluster

Amazon Simple Storage Service(S3)

AWS::S3::AccountPublicAccessBlock

AWS::S3::Bucket

Amazon Simple Notification Service(SNS)

AWS::SNS::Topic

Amazon Simple Queue Service(Amazon SQS)

AWS::SQS::Queue

Amazon EC2 Systems Manager(SSM)

AWS::SSM::AssociationCompliance

AWS::SSM::ManagedInstanceInventory

AWS::SSM::PatchCompliance

AWS Secrets Manager

AWS::SecretsManager::Secret

AWS WAF

AWS::WAFRegional::Rule

AWS::WAFRegional::RuleGroup

AWS::WAFRegional::WebACL

AWS::WAFv2::WebACL