本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
AWS Config 目前支持以下托管规则。在使用这些规则之前,请参阅注意事项。
access-keys-rotated
account-part-of-organizations
acmpca-certificate-authority-tagged
acm-certificate-expiration-check
acm-certificate-rsa-check
acm-pca-root-ca-已禁用
active-mq-supported-version
alb-desync-mode-check
alb-http-drop-invalid-已启用标题
alb-http-to-https-重定向检查
alb-internal-scheme-check
alb-waf-enabled
amplify-app-branch-auto-已启用删除
amplify-app-description
amplify-app-tagged
amplify-branch-performance-mode-已启用
amplify-branch-tagged
api-gwv2-access-logs-enabled
api-gwv2-authorization-type-configured
api-gw-associated-with-waf
api-gw-cache-enabled并已加密
api-gw-endpoint-type-检查
api-gw-execution-logging-已启用
api-gw-ssl-enabled
api-gw-xray-enabled
appconfig-application-description
appconfig-application-tagged
appconfig-configuration-profile-tagged
appconfig-configuration-profile-validators-不为空
appconfig-deployment-strategy-description
appconfig-deployment-strategy-replicateto-ssm
appconfig-environment-description
appconfig-environment-tagged
appconfig-extension-association-tagged
appconfig-freeform-profile-config-存储
appconfig-hosted-configuration-version-描述
appflow-flow-tagged
appintegrations-event-integration-description
appintegrations-event-integration-tagged
appmesh-gateway-route-tagged
appmesh-mesh-deny-tcp-转发
appmesh-mesh-tagged
appmesh-route-tagged
appmesh-virtual-gateway-backend-默认值-tls
appmesh-virtual-gateway-logging-file-path-exists
appmesh-virtual-gateway-tagged
appmesh-virtual-node-backend-defaults-tls-on
appmesh-virtual-node-logging-file-path-exists
appmesh-virtual-node-tagged
appmesh-virtual-router-tagged
appmesh-virtual-service-tagged
approved-amis-by-id
approved-amis-by-tag
apprunner-service-in-vpc
apprunner-service-no-public-访问
apprunner-service-observability-enabled
apprunner-service-tagged
apprunner-vpc-connector-tagged
appstream-fleet-in-vpc
appsync-associated-with-waf
appsync-authorization-check
appsync-cache-ct-encryption-在休息时
appsync-cache-ct-encryption在途中
appsync-cache-encryption-at-休息
appsync-logging-enabled
athena-data-catalog-description
athena-prepared-statement-description
athena-workgroup-description
athena-workgroup-encrypted-at-休息
athena-workgroup-enforce-workgroup-配置
athena-workgroup-engine-version-自动升级
athena-workgroup-logging-enabled
aurora-last-backup-recovery-已创建积分
aurora-meets-restore-time-目标
aurora-mysql-backtracking-enabled
aurora-resources-in-logically-air-gapped-vault
aurora-resources-protected-by-备份计划
autoscaling-capacity-rebalancing
autoscaling-group-elb-healthcheck-必填项
autoscaling-launchconfig-requires-imdsv2
autoscaling-launch-config-hop-限制
autoscaling-launch-config-public-ip 已禁用
autoscaling-launch-template
autoscaling-multiple-az
autoscaling-multiple-instance-types
aws-config-process-check
backup-plan-min-frequency-and-min-retention-check
backup-recovery-point-encrypted
backup-recovery-point-manual-删除-禁用
backup-recovery-point-minimum-保留检查
batch-compute-environment-enabled
batch-compute-environment-managed
batch-compute-environment-tagged
batch-job-queue-enabled
batch-job-queue-tagged
batch-managed-compute-environment-using-launch-template
batch-managed-compute-env-compute-resources-tagged
batch-scheduling-policy-tagged
beanstalk-enhanced-health-reporting-已启用
beanstalk-logs-to-cloudwatch
cassandra-keyspace-tagged
clb-desync-mode-check
clb-multiple-az
cloudformation-stack-drift-detection-检查
cloudformation-stack-notification-check
cloudfront-accesslogs-enabled
cloudfront-associated-with-waf
cloudfront-custom-ssl-certificate
cloudfront-default-root-object-已配置
cloudfront-no-deprecated-ssl-协议
cloudfront-origin-access-identity-已启用
cloudfront-origin-failover-enabled
云前线-3-origin-access-control-enabled
云前线-3-origin-non-existent-bucket
cloudfront-security-policy-check
cloudfront-sni-enabled
cloudfront-traffic-to-origin-已加密
cloudfront-viewer-policy-https
cloudtrail-all-read-s3-data-event-check
cloudtrail-all-write-s3-data-event-check
cloudtrail-s3-bucket-access-logging
cloudtrail-s3-bucket-public-access-prohibited
cloudtrail-s3-dataevents-enabled
cloudtrail-security-trail-enabled
cloudwatch-alarm-action-check
cloudwatch-alarm-action-enabled-检查
cloudwatch-alarm-resource-check
cloudwatch-alarm-settings-check
cloudwatch-log-group-encrypted
cloud-trail-cloud-watch-启用日志
cloudtrail-enabled
cloud-trail-encryption-enabled
cloud-trail-log-file-已启用验证
cmk-backing-key-rotation-已启用
codebuild-project-artifact-encryption
codebuild-project-environment-privileged-检查
codebuild-project-envvar-awscred-检查
codebuild-project-logging-enabled
codebuild-project-s3 个日志加密
codebuild-project-source-repo-url-check
codebuild-report-group-encrypted-在休息时
codedeploy-auto-rollback-monitor-已启用
codedeploy-deployment-group-auto-启用回滚
codedeploy-deployment-group-outdated-实例更新
codeploy-ec2-minimum-healthy-hosts-configured
codedeploy-lambda-allatonce-traffic-shift-禁用
codeguruprofiler-profiling-group-tagged
codegurureviewer-repository-association-tagged
codepipeline-deployment-count-check
codepipeline-region-fanout-check
cognito-user-pool-advanced-已启用安全性
customerprofiles-object-type-allow-创建个人资料
customerprofiles-object-type-tagged
custom-eventbus-policy-attached
custom-schema-registry-policy-已附上
cw-loggroup-retention-period-检查
datasync-task-data-verification-已启用
datasync-task-logging-enabled
datasync-task-tagged
dax-encryption-enabled
dax-tls-endpoint-encryption
db-instance-backup-enabled
desired-instance-tenancy
desired-instance-type
dms-auto-minor-version-升级检查
dms-endpoint-ssl-configured
dms-mongo-db-authentication-已启用
dms-neptune-iam-authorization-已启用
dms-redis-tls-enabled
dms-replication-not-public
dms-replication-task-sourcedb-日志
dms-replication-task-targetdb-日志
docdb-cluster-audit-logging-已启用
docdb-cluster-backup-retention-检查
docdb-cluster-deletion-protection-已启用
docdb-cluster-encrypted
docdb-cluster-snapshot-public-禁止
dynamodb-autoscaling-enabled
dynamodb-in-backup-plan
dynamodb-last-backup-recovery-已创建积分
dynamodb-meets-restore-time-目标
dynamodb-pitr-enabled
dynamodb-resources-protected-by-备份计划
dynamodb-table-deletion-protection-已启用
dynamodb-table-encrypted-kms
dynamodb-table-encryption-enabled
dynamodb-throughput-limit-check
ebs-in-backup-plan
ebs-last-backup-recovery-已创建积分
ebs-meets-restore-time-目标
ebs-optimized-instance
ebs-resources-in-logically-air-gapped-vault
ebs-resources-protected-by-备份计划
ebs-snapshot-public-restorable-检查
ec2-已client-vpn-connection-log启用
ec2-client-vpn-not-authorize-全部
ec2-ebs-encryption-by-default
ec2-imdsv2-check
ec2-instance-detailed-monitoring-enabled
ec2-管理instance-managed-by-systems器
ec2-instance-multiple-eni-check
ec2-instance-no-public-ip
ec2-instance-profile-attached
ec2-已last-backup-recovery-point创建
ec launch-template-imdsv 2-2-check
ec2-launch-template-public-ip-已禁用
ec2-launch-template-tagged
ec2-managedinstance-applications-blacklisted
ec2-managedinstance-applications-required
ec2-managedinstance-association-compliance-status-check
ec2-managedinstance-inventory-blacklisted
ec2-managedinstance-patch-compliance-status-check
ec2-managedinstance-platform-check
ec2-meets-restore-time-target
ec2-no-amazon-key-pair
ec2-paravirtual-instance-check
ec2-prefix-list-tagged
ec2-resources-in-logically-air-gapped-vault
ec2 resources-protected-by-backup-计划
ec2-security-group-attached-to-eni
ec2-security-group-attached-to-eni-peric
ec2-stopped-instance
ec2-token-hop-limit-check
ec2-traffic-mirror-filter-description
ec2-traffic-mirror-filter-tagged
ec2-traffic-mirror-session-description
ec2-traffic-mirror-session-tagged
ec2-traffic-mirror-target-description
ec2-traffic-mirror-target-tagged
ec2-transit-gateway-auto-vpc-已禁用附件
ec2-volume-inuse-check
ec2-vpn-connection-logging-enabled
ecr-private-image-scanning-已启用
ecr-private-lifecycle-policy-已配置
ecr-private-tag-immutability-已启用
ecr-repository-lifecycle-policy-已配置
ecs-awsvpc-networking-enabled
ecs-containers-nonprivileged
ecs-containers-readonly-access
ecs-container-insights-enabled
ecs-fargate-latest-platform-版本
ecs-no-environment-secrets
ecs-task-definition-log-配置
ecs-task-definition-memory-硬限制
ecs-task-definition-nonroot-用户
ecs-task-definition-pid-模式检查
ecs-task-definition-user-for-host-mode-check
efs-access-point-enforce-根目录
efs-access-point-enforce-用户身份
efs-automatic-backups-enabled
efs-encrypted-check
efs-filesystem-ct-encrypted
efs-in-backup-plan
efs-last-backup-recovery-已创建积分
efs-meets-restore-time-目标
efs-mount-target-public-可访问
efs-resources-in-logically-air-gapped-vault
efs-resources-protected-by-备份计划
eip-attached
eks-cluster-logging-enabled
eks-cluster-log-enabled
eks-cluster-oldest-supported-版本
eks-cluster-secrets-encrypted
eks-cluster-supported-version
eks-endpoint-no-public-访问
eks-secrets-encrypted
elasticache-auto-minor-version-升级检查
elasticache-rbac-auth-enabled
elasticache-redis-cluster-automatic-备份检查
elasticache-repl-grp-auto-启用故障转移
elasticache-repl-grp-encrypted-在休息时
elasticache-repl-grp-encrypted在途中
elasticache-repl-grp-redis-已启用 auth
elasticache-subnet-group-check
elasticache-supported-engine-version
elasticbeanstalk-application-description
elasticbeanstalk-application-version-description
elasticbeanstalk-environment-description
elasticsearch-encrypted-at-rest
elasticsearch-in-vpc-only
elasticsearch-logs-to-cloudwatch
elasticsearch-node-to-node-加密检查
elasticsearch-update-check
elastic-beanstalk-logs-to-云观察
elastic-beanstalk-managed-updates-已启用
elbv2-acm-certificate-required
elbv2-multiple-az
elb-acm-certificate-required
elb-cross-zone-load-启用平衡
elb-custom-security-policy-ssl 检查
elb-deletion-protection-enabled
elb-logging-enabled
elb-predefined-security-policy-ssl-check
elb-tls-https-listeners-只有
emr-block-public-access
emr-kerberos-enabled
emr-master-no-public-ip
emr-security-configuration-encryption-休息
emr-security-configuration-encryption-交通
encrypted-volumes
evidently-launch-description
evidently-launch-tagged
evidently-project-description
evidently-project-tagged
evidently-segment-description
evidently-segment-tagged
fis-experiment-template-log-配置-存在
fis-experiment-template-tagged
fms-network-firewall-resource-检查
fms-security-groups-audit-政策检查
fms-shield-resource-policy-检查
fms-webacl-resource-policy-检查
fms-webacl-rulegroup-association-检查
frauddetector-entity-type-tagged
frauddetector-label-tagged
frauddetector-outcome-tagged
frauddetector-variable-tagged
fsx-last-backup-recovery-已创建积分
fsx-lustre-copy-tags到备份
fsx-meets-restore-time-目标
fsx-openzfs-copy-tags-已启用
fsx-resources-protected-by-备份计划
fsx-windows-audit-log-已配置
global-endpoint-event-replication-已启用
glue-job-logging-enabled
glue-ml-transform-encrypted-在休息时
guardduty-eks-protection-audit-已启用
guardduty-eks-protection-runtime-已启用
guardduty-enabled-centralized
guardduty-lambda-protection-enabled
guardduty-malware-protection-enabled
guardduty-non-archived-findings
guardduty-rds-protection-enabled
guardduty-s3-protection-enabled
iam-customer-policy-blocked-kms 动作
iam-external-access-analyzer-已启用
iam-group-has-users-检查
iam-inline-policy-blocked-kms 动作
iam-no-inline-policy-检查
iam-password-policy
iam-policy-blacklisted-check
iam-policy-in-use
iam-policy-no-statements-with-admin-access
iam-policy-no-statements-with-full-access
iam-role-managed-policy-检查
iam-root-access-key-检查
iam-server-certificate-expiration-检查
iam-user-group-membership-检查
iam-user-mfa-enabled
iam-user-no-policies-检查
iam-user-unused-credentials-检查
restricted-ssh
inspector-ec2-scan-enabled
inspector-ecr-scan-enabled
inspector-lambda-code-scan-已启用
inspector-lambda-standard-scan-已启用
ec2-instances-in-vpc
internet-gateway-authorized-vpc-只有
iotevents-alarm-model-tagged
iotevents-detector-model-tagged
iotevents-input-tagged
iotsitewise-asset-model-tagged
iotsitewise-dashboard-tagged
iotsitewise-gateway-tagged
iotsitewise-portal-tagged
iotsitewise-project-tagged
iottwinmaker-entity-tagged
iottwinmaker-scene-tagged
iottwinmaker-sync-job-tagged
iottwinmaker-workspace-tagged
iotwireless-fuota-task-tagged
iotwireless-multicast-group-tagged
iotwireless-service-profile-tagged
iot-authorizer-token-signing-已启用
ivs-channel-playback-authorization-已启用
ivs-channel-tagged
ivs-playback-key-pair-已标记
ivs-recording-configuration-tagged
kinesis-firehose-delivery-stream-已加密
kinesis-stream-backup-retention-检查
kinesis-stream-encrypted
kms-cmk-not-scheduled-用于删除
kms-key-policy-no-公共访问
lambda-concurrency-check
lambda-dlq-check
lambda-function-public-access-禁止
lambda-function-settings-check
lambda-inside-vpc
lambda-vpc-multi-az-检查
lightsail-disk-tagged
macie-auto-sensitive-data-发现-检查
macie-status-check
mfa-enabled-for-iam-控制台访问权限
mq-active-deployment-mode
mq-automatic-minor-version-已启用升级
mq-auto-minor-version-已启用升级
mq-cloudwatch-audit-logging-已启用
mq-cloudwatch-audit-log-已启用
mq-no-public-access
mq-rabbit-deployment-mode
msk-enhanced-monitoring-enabled
msk-in-cluster-node-需要-tls
multi-region-cloudtrail-enabled
nacl-no-unrestricted-ssh-rdp
neptune-cluster-backup-retention-检查
neptune-cluster-cloudwatch-log-启用导出
neptune-cluster-copy-tags-to-snapshot-enabled
neptune-cluster-deletion-protection-已启用
neptune-cluster-encrypted
neptune-cluster-iam-database-认证
neptune-cluster-multi-az-已启用
neptune-cluster-snapshot-encrypted
neptune-cluster-snapshot-public-禁止
netfw-deletion-protection-enabled
netfw-logging-enabled
netfw-multi-az-enabled
netfw-policy-default-action-碎片数据包
netfw-policy-default-action-满包
netfw-policy-rule-group-关联
netfw-stateless-rule-group-不为空
nlb-internal-scheme-check
no-unrestricted-route-to-igw
opensearch-access-control-enabled
opensearch-audit-logging-enabled
opensearch-data-node-fault-容忍
opensearch-encrypted-at-rest
opensearch-https-required
opensearch-in-vpc-only
opensearch-logs-to-cloudwatch
opensearch-node-to-node-加密检查
opensearch-primary-node-fault-容忍
opensearch-update-check
rabbit-mq-supported-version
rds-aurora-mysql-audit-启用日志功能
rds-aurora-postgresql-logs到云端观察
rds-automatic-minor-version-已启用升级
rds-cluster-auto-minor-version-upgrade-enable
rds-cluster-default-admin-检查
rds-cluster-deletion-protection-已启用
rds-cluster-encrypted-at-休息
rds-cluster-iam-authentication-已启用
rds-cluster-multi-az-已启用
rds-db-security-group-不允许
rds-enhanced-monitoring-enabled
rds-instance-default-admin-检查
rds-instance-deletion-protection-已启用
rds-instance-iam-authentication-已启用
rds-instance-public-access-检查
rds-in-backup-plan
rds-last-backup-recovery-已创建积分
rds-logging-enabled
rds-meets-restore-time-目标
rds-multi-az-support
rds-mysql-instance-encrypted在途中
rds-postgresql-logs-to-云观察
rds-postgres-instance-encrypted在途中
rds-resources-protected-by-备份计划
rds-snapshots-public-prohibited
rds-snapshot-encrypted
rds-sql-server-logs到云端观察
rds-storage-encrypted
redshift-backup-enabled
redshift-cluster-configuration-check
redshift-cluster-kms-enabled
redshift-cluster-maintenancesettings-check
redshift-cluster-parameter-group-已标记
redshift-cluster-public-access-检查
redshift-cluster-subnet-group-多可用区
redshift-default-admin-check
redshift-default-db-name-检查
redshift-enhanced-vpc-routing-已启用
redshift-require-tls-ssl
redshift-unrestricted-port-access
required-tags
restricted-common-ports
root-account-hardware-mfa-已启用
root-account-mfa-enabled
53 号公路-query-logging-enabled
仅限 s3 access-point-in-vpc-
s3 access-point-public-access-方块
s3-account-level-public-access-blocks
s3--account-level-public-access 区块-周期性
s3-bucket-acl-prohibited
s3-bucket-blacklisted-actions-prohibited
s3-已bucket-cross-region-replication启用
s3-bucket-default-lock-enabled
s3-bucket-level-public-access-禁止使用
s3-bucket-logging-enabled
s3-bucket-mfa-delete-enabled
s3-bucket-policy-grantee-check
s3-bucket-policy-not-more-宽容
s3-bucket-public-read-prohibited
s3-bucket-public-write-prohibited
s3-bucket-replication-enabled
s3-已bucket-server-side-encryption启用
s3-bucket-ssl-requests-only
s3-bucket-versioning-enabled
s3-default-encryption-kms
s3-event-notifications-enabled
s3-已last-backup-recovery-point创建
s3-meets-restore-time-target
s3-resources-in-logically-air-gapped-vault
s3 resources-protected-by-backup-计划
s3-version-lifecycle-policy-check
sagemaker-app-image-config-已标记
sagemaker-domain-in-vpc
sagemaker-endpoint-configuration-kms-密钥已配置
sagemaker-endpoint-config-prod-实例计数
sagemaker-image-description
sagemaker-image-tagged
sagemaker-model-in-vpc
sagemaker-model-isolation-enabled
sagemaker-notebook-instance-inside-vpc
sagemaker-notebook-instance-kms-密钥已配置
sagemaker-notebook-instance-root-访问检查
sagemaker-notebook-no-direct-互联网接入
secretsmanager-rotation-enabled-check
secretsmanager-scheduled-rotation-success-检查
secretsmanager-secret-periodic-rotation
secretsmanager-secret-unused
secretsmanager-using-cmk
securityhub-enabled
security-account-information-provided
service-catalog-shared-within-组织
service-vpc-endpoint-enabled
ses-malware-scanning-enabled
shield-advanced-enabled-autorenew
shield-drt-access
sns-encrypted-kms
sns-topic-message-delivery-启用通知
sns-topic-no-public-访问
ssm-document-not-public
ssm-document-tagged
step-functions-state-machine-启用日志功能
storagegateway-last-backup-recovery-已创建积分
storagegateway-resources-in-logically-air-gapped-vault
storagegateway-resources-protected-by-备份计划
subnet-auto-assign-public-ip 已禁用
transfer-agreement-description
transfer-agreement-tagged
transfer-certificate-description
transfer-certificate-tagged
transfer-connector-tagged
transfer-family-server-no-ftp
transfer-profile-tagged
transfer-workflow-description
transfer-workflow-tagged
virtualmachine-last-backup-recovery-已创建积分
virtualmachine-resources-in-logically-air-gapped-vault
virtualmachine-resources-protected-by-备份计划
vpc-default-security-group-已关闭
vpc-endpoint-enabled
vpc-flow-logs-enabled
vpc-network-acl-unused-检查
vpc-peering-dns-resolution-检查
vpc-sg-open-only-to-authorized-ports
vpc-sg-port-restriction-检查
vpc-vpn-2-tunnels-up
wafv2-logging-enabled
wafv2-rulegroup-logging-enabled
wafv2-rulegroup-not-empty
wafv2-webacl-not-empty
waf-classic-logging-enabled
waf-global-rulegroup-not-空
waf-global-rule-not-空
waf-global-webacl-not-空
waf-regional-rulegroup-not-空
waf-regional-rule-not-空
waf-regional-webacl-not-空
workspaces-root-volume-encryption-已启用
workspaces-user-volume-encryption-已启用
Javascript 在您的浏览器中被禁用或不可用。
要使用 Amazon Web Services 文档,必须启用 Javascript。请参阅浏览器的帮助页面以了解相关说明。
感谢您对我们工作的肯定!
如果不耽误您的时间,请告诉我们做得好的地方,让我们做得更好。
感谢您告诉我们本页内容还需要完善。很抱歉让您失望了。
如果不耽误您的时间,请告诉我们如何改进文档。
