@Generated(value="jsii-pacmak/1.30.0 (build adae23f)", date="2021-06-30T10:01:06.346Z") @Stability(value=Experimental) public class ManagedRuleIdentifiers extends software.amazon.jsii.JsiiObject
https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html| Modifier and Type | Field and Description |
|---|---|
static String |
ACCESS_KEYS_ROTATED
(experimental) Checks whether the active access keys are rotated within the number of days specified in maxAccessKeyAge.
|
static String |
ACCOUNT_PART_OF_ORGANIZATIONS
(experimental) Checks whether AWS account is part of AWS Organizations.
|
static String |
ACM_CERTIFICATE_EXPIRATION_CHECK
(experimental) Checks whether ACM Certificates in your account are marked for expiration within the specified number of days.
|
static String |
ALB_HTTP_DROP_INVALID_HEADER_ENABLED
(experimental) Checks if rule evaluates Application Load Balancers (ALBs) to ensure they are configured to drop http headers.
|
static String |
ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK
(experimental) Checks whether HTTP to HTTPS redirection is configured on all HTTP listeners of Application Load Balancer.
|
static String |
ALB_WAF_ENABLED
(experimental) Checks if Web Application Firewall (WAF) is enabled on Application Load Balancers (ALBs).
|
static String |
API_GW_CACHE_ENABLED_AND_ENCRYPTED
(experimental) Checks that all methods in Amazon API Gateway stages have caching enabled and encrypted.
|
static String |
API_GW_ENDPOINT_TYPE_CHECK
(experimental) Checks that Amazon API Gateway APIs are of the type specified in the rule parameter endpointConfigurationType.
|
static String |
API_GW_EXECUTION_LOGGING_ENABLED
(experimental) Checks that all methods in Amazon API Gateway stage has logging enabled.
|
static String |
APPROVED_AMIS_BY_ID
(experimental) Checks whether running instances are using specified AMIs.
|
static String |
APPROVED_AMIS_BY_TAG
(experimental) Checks whether running instances are using specified AMIs.
|
static String |
AUTOSCALING_GROUP_ELB_HEALTHCHECK_REQUIRED
(experimental) Checks whether your Auto Scaling groups that are associated with a load balancer are using Elastic Load Balancing health checks.
|
static String |
CLOUD_TRAIL_CLOUD_WATCH_LOGS_ENABLED
(experimental) Checks whether AWS CloudTrail trails are configured to send logs to Amazon CloudWatch Logs.
|
static String |
CLOUD_TRAIL_ENABLED
(experimental) Checks whether AWS CloudTrail is enabled in your AWS account.
|
static String |
CLOUD_TRAIL_ENCRYPTION_ENABLED
(experimental) Checks whether AWS CloudTrail is configured to use the server side encryption (SSE) AWS Key Management Service (AWS KMS) customer master key (CMK) encryption.
|
static String |
CLOUD_TRAIL_LOG_FILE_VALIDATION_ENABLED
(experimental) Checks whether AWS CloudTrail creates a signed digest file with logs.
|
static String |
CLOUDFORMATION_STACK_DRIFT_DETECTION_CHECK
(experimental) Checks whether an AWS CloudFormation stack's actual configuration differs, or has drifted, from it's expected configuration.
|
static String |
CLOUDFORMATION_STACK_NOTIFICATION_CHECK
(experimental) Checks whether your CloudFormation stacks are sending event notifications to an SNS topic.
|
static String |
CLOUDFRONT_DEFAULT_ROOT_OBJECT_CONFIGURED
(experimental) Checks if an Amazon CloudFront distribution is configured to return a specific object that is the default root object.
|
static String |
CLOUDFRONT_ORIGIN_ACCESS_IDENTITY_ENABLED
(experimental) Checks that Amazon CloudFront distribution with Amazon S3 Origin type has Origin Access Identity (OAI) configured.
|
static String |
CLOUDFRONT_ORIGIN_FAILOVER_ENABLED
(experimental) Checks whether an origin group is configured for the distribution of at least 2 origins in the origin group for Amazon CloudFront.
|
static String |
CLOUDFRONT_SNI_ENABLED
(experimental) Checks if Amazon CloudFront distributions are using a custom SSL certificate and are configured to use SNI to serve HTTPS requests.
|
static String |
CLOUDFRONT_VIEWER_POLICY_HTTPS
(experimental) Checks whether your Amazon CloudFront distributions use HTTPS (directly or via a redirection).
|
static String |
CLOUDTRAIL_MULTI_REGION_ENABLED
(experimental) Checks that there is at least one multi-region AWS CloudTrail.
|
static String |
CLOUDTRAIL_S3_DATAEVENTS_ENABLED
(experimental) Checks whether at least one AWS CloudTrail trail is logging Amazon S3 data events for all S3 buckets.
|
static String |
CLOUDTRAIL_SECURITY_TRAIL_ENABLED
(experimental) Checks that there is at least one AWS CloudTrail trail defined with security best practices.
|
static String |
CLOUDWATCH_ALARM_ACTION_CHECK
(experimental) Checks whether CloudWatch alarms have at least one alarm action, one INSUFFICIENT_DATA action, or one OK action enabled.
|
static String |
CLOUDWATCH_ALARM_RESOURCE_CHECK
(experimental) Checks whether the specified resource type has a CloudWatch alarm for the specified metric.
|
static String |
CLOUDWATCH_ALARM_SETTINGS_CHECK
(experimental) Checks whether CloudWatch alarms with the given metric name have the specified settings.
|
static String |
CLOUDWATCH_LOG_GROUP_ENCRYPTED
(experimental) Checks whether a log group in Amazon CloudWatch Logs is encrypted with a AWS Key Management Service (KMS) managed Customer Master Keys (CMK).
|
static String |
CMK_BACKING_KEY_ROTATION_ENABLED
(experimental) Checks that key rotation is enabled for each key and matches to the key ID of the customer created customer master key (CMK).
|
static String |
CODEBUILD_PROJECT_ENVVAR_AWSCRED_CHECK
(experimental) Checks whether the project contains environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY.
|
static String |
CODEBUILD_PROJECT_SOURCE_REPO_URL_CHECK
(experimental) Checks whether the GitHub or Bitbucket source repository URL contains either personal access tokens or user name and password.
|
static String |
CODEPIPELINE_DEPLOYMENT_COUNT_CHECK
(experimental) Checks whether the first deployment stage of the AWS CodePipeline performs more than one deployment.
|
static String |
CODEPIPELINE_REGION_FANOUT_CHECK
(experimental) Checks whether each stage in the AWS CodePipeline deploys to more than N times the number of the regions the AWS CodePipeline has deployed in all the previous combined stages, where N is the region fanout number.
|
static String |
CW_LOGGROUP_RETENTION_PERIOD_CHECK
(experimental) Checks whether Amazon CloudWatch LogGroup retention period is set to specific number of days.
|
static String |
DAX_ENCRYPTION_ENABLED
(experimental) Checks that DynamoDB Accelerator (DAX) clusters are encrypted.
|
static String |
DMS_REPLICATION_NOT_PUBLIC
(experimental) Checks whether AWS Database Migration Service replication instances are public.
|
static String |
DYNAMODB_AUTOSCALING_ENABLED
(experimental) Checks whether Auto Scaling or On-Demand is enabled on your DynamoDB tables and/or global secondary indexes.
|
static String |
DYNAMODB_IN_BACKUP_PLAN
(experimental) Checks whether Amazon DynamoDB table is present in AWS Backup plans.
|
static String |
DYNAMODB_PITR_ENABLED
(experimental) Checks that point in time recovery (PITR) is enabled for Amazon DynamoDB tables.
|
static String |
DYNAMODB_TABLE_ENCRYPTED_KMS
(experimental) Checks whether Amazon DynamoDB table is encrypted with AWS Key Management Service (KMS).
|
static String |
DYNAMODB_TABLE_ENCRYPTION_ENABLED
(experimental) Checks whether the Amazon DynamoDB tables are encrypted and checks their status.
|
static String |
DYNAMODB_THROUGHPUT_LIMIT_CHECK
(experimental) Checks whether provisioned DynamoDB throughput is approaching the maximum limit for your account.
|
static String |
EBS_ENCRYPTED_VOLUMES
(experimental) Checks whether the EBS volumes that are in an attached state are encrypted.
|
static String |
EBS_IN_BACKUP_PLAN
(experimental) Checks if Amazon Elastic Block Store (Amazon EBS) volumes are added in backup plans of AWS Backup.
|
static String |
EBS_OPTIMIZED_INSTANCE
(experimental) Checks whether EBS optimization is enabled for your EC2 instances that can be EBS-optimized.
|
static String |
EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK
(experimental) Checks whether Amazon Elastic Block Store snapshots are not publicly restorable.
|
static String |
EC2_DESIRED_INSTANCE_TENANCY
(experimental) Checks instances for specified tenancy.
|
static String |
EC2_DESIRED_INSTANCE_TYPE
(experimental) Checks whether your EC2 instances are of the specified instance types.
|
static String |
EC2_EBS_ENCRYPTION_BY_DEFAULT
(experimental) Check that Amazon Elastic Block Store (EBS) encryption is enabled by default.
|
static String |
EC2_IMDSV2_CHECK
(experimental) Checks whether your Amazon Elastic Compute Cloud (Amazon EC2) instance metadata version is configured with Instance Metadata Service Version 2 (IMDSv2).
|
static String |
EC2_INSTANCE_DETAILED_MONITORING_ENABLED
(experimental) Checks whether detailed monitoring is enabled for EC2 instances.
|
static String |
EC2_INSTANCE_MANAGED_BY_SSM
(experimental) Checks whether the Amazon EC2 instances in your account are managed by AWS Systems Manager.
|
static String |
EC2_INSTANCE_NO_PUBLIC_IP
(experimental) Checks whether Amazon Elastic Compute Cloud (Amazon EC2) instances have a public IP association.
|
static String |
EC2_INSTANCES_IN_VPC
(experimental) Checks whether your EC2 instances belong to a virtual private cloud (VPC).
|
static String |
EC2_MANAGED_INSTANCE_APPLICATIONS_BLOCKED
(experimental) Checks that none of the specified applications are installed on the instance.
|
static String |
EC2_MANAGED_INSTANCE_APPLICATIONS_REQUIRED
(experimental) Checks whether all of the specified applications are installed on the instance.
|
static String |
EC2_MANAGED_INSTANCE_ASSOCIATION_COMPLIANCE_STATUS_CHECK
(experimental) Checks whether the compliance status of AWS Systems Manager association compliance is COMPLIANT or NON_COMPLIANT after the association execution on the instance.
|
static String |
EC2_MANAGED_INSTANCE_INVENTORY_BLOCKED
(experimental) Checks whether instances managed by AWS Systems Manager are configured to collect blocked inventory types.
|
static String |
EC2_MANAGED_INSTANCE_PATCH_COMPLIANCE_STATUS_CHECK
(experimental) Checks whether the compliance status of the Amazon EC2 Systems Manager patch compliance is COMPLIANT or NON_COMPLIANT after the patch installation on the instance.
|
static String |
EC2_MANAGED_INSTANCE_PLATFORM_CHECK
(experimental) Checks whether EC2 managed instances have the desired configurations.
|
static String |
EC2_SECURITY_GROUP_ATTACHED_TO_ENI
(experimental) Checks that security groups are attached to Amazon Elastic Compute Cloud (Amazon EC2) instances or to an elastic network interface.
|
static String |
EC2_SECURITY_GROUPS_INCOMING_SSH_DISABLED
(experimental) Checks whether the incoming SSH traffic for the security groups is accessible.
|
static String |
EC2_SECURITY_GROUPS_RESTRICTED_INCOMING_TRAFFIC
(experimental) Checks whether the security groups in use do not allow unrestricted incoming TCP traffic to the specified ports.
|
static String |
EC2_STOPPED_INSTANCE
(experimental) Checks whether there are instances stopped for more than the allowed number of days.
|
static String |
EC2_VOLUME_INUSE_CHECK
(experimental) Checks whether EBS volumes are attached to EC2 instances.
|
static String |
EFS_ENCRYPTED_CHECK
(experimental) hecks whether Amazon Elastic File System (Amazon EFS) is configured to encrypt the file data using AWS Key Management Service (AWS KMS).
|
static String |
EFS_IN_BACKUP_PLAN
(experimental) Checks whether Amazon Elastic File System (Amazon EFS) file systems are added in the backup plans of AWS Backup.
|
static String |
EIP_ATTACHED
(experimental) Checks whether all Elastic IP addresses that are allocated to a VPC are attached to EC2 instances or in-use elastic network interfaces (ENIs).
|
static String |
EKS_ENDPOINT_NO_PUBLIC_ACCESS
(experimental) Checks whether Amazon Elastic Kubernetes Service (Amazon EKS) endpoint is not publicly accessible.
|
static String |
EKS_SECRETS_ENCRYPTED
(experimental) Checks whether Amazon Elastic Kubernetes Service clusters are configured to have Kubernetes secrets encrypted using AWS Key Management Service (KMS) keys.
|
static String |
ELASTICACHE_REDIS_CLUSTER_AUTOMATIC_BACKUP_CHECK
(experimental) Check if the Amazon ElastiCache Redis clusters have automatic backup turned on.
|
static String |
ELASTICSEARCH_ENCRYPTED_AT_REST
(experimental) Checks whether Amazon Elasticsearch Service (Amazon ES) domains have encryption at rest configuration enabled.
|
static String |
ELASTICSEARCH_IN_VPC_ONLY
(experimental) Checks whether Amazon Elasticsearch Service (Amazon ES) domains are in Amazon Virtual Private Cloud (Amazon VPC).
|
static String |
ELASTICSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK
(experimental) Check that Amazon ElasticSearch Service nodes are encrypted end to end.
|
static String |
ELB_ACM_CERTIFICATE_REQUIRED
(experimental) Checks whether the Classic Load Balancers use SSL certificates provided by AWS Certificate Manager.
|
static String |
ELB_CROSS_ZONE_LOAD_BALANCING_ENABLED
(experimental) Checks if cross-zone load balancing is enabled for the Classic Load Balancers (CLBs).
|
static String |
ELB_CUSTOM_SECURITY_POLICY_SSL_CHECK
(experimental) Checks whether your Classic Load Balancer SSL listeners are using a custom policy.
|
static String |
ELB_DELETION_PROTECTION_ENABLED
(experimental) Checks whether Elastic Load Balancing has deletion protection enabled.
|
static String |
ELB_LOGGING_ENABLED
(experimental) Checks whether the Application Load Balancer and the Classic Load Balancer have logging enabled.
|
static String |
ELB_PREDEFINED_SECURITY_POLICY_SSL_CHECK
(experimental) Checks whether your Classic Load Balancer SSL listeners are using a predefined policy.
|
static String |
ELB_TLS_HTTPS_LISTENERS_ONLY
(experimental) Checks whether your Classic Load Balancer is configured with SSL or HTTPS listeners.
|
static String |
EMR_KERBEROS_ENABLED
(experimental) Checks that Amazon EMR clusters have Kerberos enabled.
|
static String |
EMR_MASTER_NO_PUBLIC_IP
(experimental) Checks whether Amazon Elastic MapReduce (EMR) clusters' master nodes have public IPs.
|
static String |
FMS_SECURITY_GROUP_AUDIT_POLICY_CHECK
(experimental) Checks whether the security groups associated inScope resources are compliant with the master security groups at each rule level based on allowSecurityGroup and denySecurityGroup flag.
|
static String |
FMS_SECURITY_GROUP_CONTENT_CHECK
(experimental) Checks whether AWS Firewall Manager created security groups content is the same as the master security groups.
|
static String |
FMS_SECURITY_GROUP_RESOURCE_ASSOCIATION_CHECK
(experimental) Checks whether Amazon EC2 or an elastic network interface is associated with AWS Firewall Manager security groups.
|
static String |
FMS_SHIELD_RESOURCE_POLICY_CHECK
(experimental) Checks whether an Application Load Balancer, Amazon CloudFront distributions, Elastic Load Balancer or Elastic IP has AWS Shield protection.
|
static String |
FMS_WEBACL_RESOURCE_POLICY_CHECK
(experimental) Checks whether the web ACL is associated with an Application Load Balancer, API Gateway stage, or Amazon CloudFront distributions.
|
static String |
FMS_WEBACL_RULEGROUP_ASSOCIATION_CHECK
(experimental) Checks that the rule groups associate with the web ACL at the correct priority.
|
static String |
GUARDDUTY_ENABLED_CENTRALIZED
(experimental) Checks whether Amazon GuardDuty is enabled in your AWS account and region.
|
static String |
GUARDDUTY_NON_ARCHIVED_FINDINGS
(experimental) Checks whether the Amazon GuardDuty has findings that are non archived.
|
static String |
IAM_CUSTOMER_POLICY_BLOCKED_KMS_ACTIONS
(experimental) Checks that the managed AWS Identity and Access Management policies that you create do not allow blocked actions on all AWS AWS KMS keys.
|
static String |
IAM_GROUP_HAS_USERS_CHECK
(experimental) Checks whether IAM groups have at least one IAM user.
|
static String |
IAM_INLINE_POLICY_BLOCKED_KMS_ACTIONS
(experimental) Checks that the inline policies attached to your AWS Identity and Access Management users, roles, and groups do not allow blocked actions on all AWS Key Management Service keys.
|
static String |
IAM_NO_INLINE_POLICY_CHECK
(experimental) Checks that inline policy feature is not in use.
|
static String |
IAM_PASSWORD_POLICY
(experimental) Checks whether the account password policy for IAM users meets the specified requirements indicated in the parameters.
|
static String |
IAM_POLICY_BLOCKED_CHECK
(experimental) Checks whether for each IAM resource, a policy ARN in the input parameter is attached to the IAM resource.
|
static String |
IAM_POLICY_IN_USE
(experimental) Checks whether the IAM policy ARN is attached to an IAM user, or an IAM group with one or more IAM users, or an IAM role with one or more trusted entity.
|
static String |
IAM_POLICY_NO_STATEMENTS_WITH_ADMIN_ACCESS
(experimental) Checks the IAM policies that you create for Allow statements that grant permissions to all actions on all resources.
|
static String |
IAM_ROLE_MANAGED_POLICY_CHECK
(experimental) Checks that AWS Identity and Access Management (IAM) policies in a list of policies are attached to all AWS roles.
|
static String |
IAM_ROOT_ACCESS_KEY_CHECK
(experimental) Checks whether the root user access key is available.
|
static String |
IAM_USER_GROUP_MEMBERSHIP_CHECK
(experimental) Checks whether IAM users are members of at least one IAM group.
|
static String |
IAM_USER_MFA_ENABLED
(experimental) Checks whether the AWS Identity and Access Management users have multi-factor authentication (MFA) enabled.
|
static String |
IAM_USER_NO_POLICIES_CHECK
(experimental) Checks that none of your IAM users have policies attached.
|
static String |
IAM_USER_UNUSED_CREDENTIALS_CHECK
(experimental) Checks whether your AWS Identity and Access Management (IAM) users have passwords or active access keys that have not been used within the specified number of days you provided.
|
static String |
INTERNET_GATEWAY_AUTHORIZED_VPC_ONLY
(experimental) Checks that Internet gateways (IGWs) are only attached to an authorized Amazon Virtual Private Cloud (VPCs).
|
static String |
KMS_CMK_NOT_SCHEDULED_FOR_DELETION
(experimental) Checks whether customer master keys (CMKs) are not scheduled for deletion in AWS Key Management Service (KMS).
|
static String |
LAMBDA_CONCURRENCY_CHECK
(experimental) Checks whether the AWS Lambda function is configured with function-level concurrent execution limit.
|
static String |
LAMBDA_DLQ_CHECK
(experimental) Checks whether an AWS Lambda function is configured with a dead-letter queue.
|
static String |
LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED
(experimental) Checks whether the AWS Lambda function policy attached to the Lambda resource prohibits public access.
|
static String |
LAMBDA_FUNCTION_SETTINGS_CHECK
(experimental) Checks that the lambda function settings for runtime, role, timeout, and memory size match the expected values.
|
static String |
LAMBDA_INSIDE_VPC
(experimental) Checks whether an AWS Lambda function is in an Amazon Virtual Private Cloud.
|
static String |
MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS
(experimental) Checks whether AWS Multi-Factor Authentication (MFA) is enabled for all IAM users that use a console password.
|
static String |
RDS_CLUSTER_DELETION_PROTECTION_ENABLED
(experimental) Checks if an Amazon Relational Database Service (Amazon RDS) cluster has deletion protection enabled.
|
static String |
RDS_DB_INSTANCE_BACKUP_ENABLED
(experimental) Checks whether RDS DB instances have backups enabled.
|
static String |
RDS_ENHANCED_MONITORING_ENABLED
(experimental) Checks whether enhanced monitoring is enabled for Amazon Relational Database Service (Amazon RDS) instances.
|
static String |
RDS_IN_BACKUP_PLAN
(experimental) Checks whether Amazon RDS database is present in back plans of AWS Backup.
|
static String |
RDS_INSTANCE_DELETION_PROTECTION_ENABLED
(experimental) Checks if an Amazon Relational Database Service (Amazon RDS) instance has deletion protection enabled.
|
static String |
RDS_INSTANCE_IAM_AUTHENTICATION_ENABLED
(experimental) Checks if an Amazon RDS instance has AWS Identity and Access Management (IAM) authentication enabled.
|
static String |
RDS_INSTANCE_PUBLIC_ACCESS_CHECK
(experimental) Check whether the Amazon Relational Database Service instances are not publicly accessible.
|
static String |
RDS_LOGGING_ENABLED
(experimental) Checks that respective logs of Amazon Relational Database Service (Amazon RDS) are enabled.
|
static String |
RDS_MULTI_AZ_SUPPORT
(experimental) Checks whether high availability is enabled for your RDS DB instances.
|
static String |
RDS_SNAPSHOT_ENCRYPTED
(experimental) Checks whether Amazon Relational Database Service (Amazon RDS) DB snapshots are encrypted.
|
static String |
RDS_SNAPSHOTS_PUBLIC_PROHIBITED
(experimental) Checks if Amazon Relational Database Service (Amazon RDS) snapshots are public.
|
static String |
RDS_STORAGE_ENCRYPTED
(experimental) Checks whether storage encryption is enabled for your RDS DB instances.
|
static String |
REDSHIFT_BACKUP_ENABLED
(experimental) Checks that Amazon Redshift automated snapshots are enabled for clusters.
|
static String |
REDSHIFT_CLUSTER_CONFIGURATION_CHECK
(experimental) Checks whether Amazon Redshift clusters have the specified settings.
|
static String |
REDSHIFT_CLUSTER_MAINTENANCE_SETTINGS_CHECK
(experimental) Checks whether Amazon Redshift clusters have the specified maintenance settings.
|
static String |
REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK
(experimental) Checks whether Amazon Redshift clusters are not publicly accessible.
|
static String |
REDSHIFT_REQUIRE_TLS_SSL
(experimental) Checks whether Amazon Redshift clusters require TLS/SSL encryption to connect to SQL clients.
|
static String |
REQUIRED_TAGS
(experimental) Checks whether your resources have the tags that you specify.
|
static String |
ROOT_ACCOUNT_HARDWARE_MFA_ENABLED
(experimental) Checks whether your AWS account is enabled to use multi-factor authentication (MFA) hardware device to sign in with root credentials.
|
static String |
ROOT_ACCOUNT_MFA_ENABLED
(experimental) Checks whether users of your AWS account require a multi-factor authentication (MFA) device to sign in with root credentials.
|
static String |
S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS
(experimental) Checks whether the required public access block settings are configured from account level.
|
static String |
S3_BUCKET_BLOCKED_ACTIONS_PROHIBITED
(experimental) Checks that the Amazon Simple Storage Service bucket policy does not allow blocked bucket-level and object-level actions on resources in the bucket for principals from other AWS accounts.
|
static String |
S3_BUCKET_DEFAULT_LOCK_ENABLED
(experimental) Checks whether Amazon Simple Storage Service (Amazon S3) bucket has lock enabled, by default.
|
static String |
S3_BUCKET_LOGGING_ENABLED
(experimental) Checks whether logging is enabled for your S3 buckets.
|
static String |
S3_BUCKET_POLICY_GRANTEE_CHECK
(experimental) Checks that the access granted by the Amazon S3 bucket is restricted by any of the AWS principals, federated users, service principals, IP addresses, or VPCs that you provide.
|
static String |
S3_BUCKET_POLICY_NOT_MORE_PERMISSIVE
(experimental) Verifies that your Amazon Simple Storage Service bucket policies do not allow other inter-account permissions than the control Amazon S3 bucket policy provided.
|
static String |
S3_BUCKET_PUBLIC_READ_PROHIBITED
(experimental) Checks that your Amazon S3 buckets do not allow public read access.
|
static String |
S3_BUCKET_PUBLIC_WRITE_PROHIBITED
(experimental) Checks that your Amazon S3 buckets do not allow public write access.
|
static String |
S3_BUCKET_REPLICATION_ENABLED
(experimental) Checks whether S3 buckets have cross-region replication enabled.
|
static String |
S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED
(experimental) Checks that your Amazon S3 bucket either has Amazon S3 default encryption enabled or that the S3 bucket policy explicitly denies put-object requests without server side encryption that uses AES-256 or AWS Key Management Service.
|
static String |
S3_BUCKET_SSL_REQUESTS_ONLY
(experimental) Checks whether S3 buckets have policies that require requests to use Secure Socket Layer (SSL).
|
static String |
S3_BUCKET_VERSIONING_ENABLED
(experimental) Checks whether versioning is enabled for your S3 buckets.
|
static String |
S3_DEFAULT_ENCRYPTION_KMS
(experimental) Checks whether the Amazon Simple Storage Service (Amazon S3) buckets are encrypted with AWS Key Management Service (AWS KMS).
|
static String |
SAGEMAKER_ENDPOINT_CONFIGURATION_KMS_KEY_CONFIGURED
(experimental) Checks whether AWS Key Management Service (KMS) key is configured for an Amazon SageMaker endpoint configuration.
|
static String |
SAGEMAKER_NOTEBOOK_INSTANCE_KMS_KEY_CONFIGURED
(experimental) Check whether an AWS Key Management Service (KMS) key is configured for SageMaker notebook instance.
|
static String |
SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS
(experimental) Checks whether direct internet access is disabled for an Amazon SageMaker notebook instance.
|
static String |
SECRETSMANAGER_ROTATION_ENABLED_CHECK
(experimental) Checks whether AWS Secrets Manager secret has rotation enabled.
|
static String |
SECRETSMANAGER_SCHEDULED_ROTATION_SUCCESS_CHECK
(experimental) Checks whether AWS Secrets Manager secret rotation has rotated successfully as per the rotation schedule.
|
static String |
SECURITYHUB_ENABLED
(experimental) Checks that AWS Security Hub is enabled for an AWS account.
|
static String |
SERVICE_VPC_ENDPOINT_ENABLED
(experimental) Checks whether Service Endpoint for the service provided in rule parameter is created for each Amazon VPC.
|
static String |
SHIELD_ADVANCED_ENABLED_AUTO_RENEW
(experimental) Checks whether EBS volumes are attached to EC2 instances.
|
static String |
SHIELD_DRT_ACCESS
(experimental) Verify that DDoS response team (DRT) can access AWS account.
|
static String |
SNS_ENCRYPTED_KMS
(experimental) Checks whether Amazon SNS topic is encrypted with AWS Key Management Service (AWS KMS).
|
static String |
VPC_DEFAULT_SECURITY_GROUP_CLOSED
(experimental) Checks that the default security group of any Amazon Virtual Private Cloud (VPC) does not allow inbound or outbound traffic.
|
static String |
VPC_FLOW_LOGS_ENABLED
(experimental) Checks whether Amazon Virtual Private Cloud flow logs are found and enabled for Amazon VPC.
|
static String |
VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS
(experimental) Checks whether the security group with 0.0.0.0/0 of any Amazon Virtual Private Cloud (Amazon VPC) allows only specific inbound TCP or UDP traffic.
|
static String |
VPC_VPN_2_TUNNELS_UP
(experimental) Checks that both AWS Virtual Private Network tunnels provided by AWS Site-to-Site VPN are in UP status.
|
static String |
WAF_CLASSIC_LOGGING_ENABLED
(experimental) Checks if logging is enabled on AWS Web Application Firewall (WAF) classic global web ACLs.
|
static String |
WAFV2_LOGGING_ENABLED
(experimental) Checks whether logging is enabled on AWS Web Application Firewall (WAFV2) regional and global web access control list (ACLs).
|
| Modifier | Constructor and Description |
|---|---|
protected |
ManagedRuleIdentifiers(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) |
protected |
ManagedRuleIdentifiers(software.amazon.jsii.JsiiObjectRef objRef) |
jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet@Stability(value=Experimental) public static final String ACCESS_KEYS_ROTATED
https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html@Stability(value=Experimental) public static final String ACCOUNT_PART_OF_ORGANIZATIONS
https://docs.aws.amazon.com/config/latest/developerguide/account-part-of-organizations.html@Stability(value=Experimental) public static final String ACM_CERTIFICATE_EXPIRATION_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/acm-certificate-expiration-check.html@Stability(value=Experimental) public static final String ALB_HTTP_DROP_INVALID_HEADER_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/alb-http-drop-invalid-header-enabled.html@Stability(value=Experimental) public static final String ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/alb-http-to-https-redirection-check.html@Stability(value=Experimental) public static final String ALB_WAF_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/alb-waf-enabled.html@Stability(value=Experimental) public static final String API_GW_CACHE_ENABLED_AND_ENCRYPTED
https://docs.aws.amazon.com/config/latest/developerguide/api-gw-cache-enabled-and-encrypted.html@Stability(value=Experimental) public static final String API_GW_ENDPOINT_TYPE_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/api-gw-endpoint-type-check.html@Stability(value=Experimental) public static final String API_GW_EXECUTION_LOGGING_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/api-gw-execution-logging-enabled.html@Stability(value=Experimental) public static final String APPROVED_AMIS_BY_ID
https://docs.aws.amazon.com/config/latest/developerguide/approved-amis-by-id.html@Stability(value=Experimental) public static final String APPROVED_AMIS_BY_TAG
https://docs.aws.amazon.com/config/latest/developerguide/approved-amis-by-tag.html@Stability(value=Experimental) public static final String AUTOSCALING_GROUP_ELB_HEALTHCHECK_REQUIRED
https://docs.aws.amazon.com/config/latest/developerguide/autoscaling-group-elb-healthcheck-required.html@Stability(value=Experimental) public static final String CLOUD_TRAIL_CLOUD_WATCH_LOGS_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/cloud-trail-cloud-watch-logs-enabled.html@Stability(value=Experimental) public static final String CLOUD_TRAIL_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/cloudtrail-enabled.html@Stability(value=Experimental) public static final String CLOUD_TRAIL_ENCRYPTION_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/cloud-trail-encryption-enabled.html@Stability(value=Experimental) public static final String CLOUD_TRAIL_LOG_FILE_VALIDATION_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/cloud-trail-log-file-validation-enabled.html@Stability(value=Experimental) public static final String CLOUDFORMATION_STACK_DRIFT_DETECTION_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/cloudformation-stack-drift-detection-check.html@Stability(value=Experimental) public static final String CLOUDFORMATION_STACK_NOTIFICATION_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/cloudformation-stack-notification-check.html@Stability(value=Experimental) public static final String CLOUDFRONT_DEFAULT_ROOT_OBJECT_CONFIGURED
https://docs.aws.amazon.com/config/latest/developerguide/cloudfront-default-root-object-configured.html@Stability(value=Experimental) public static final String CLOUDFRONT_ORIGIN_ACCESS_IDENTITY_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/cloudfront-origin-access-identity-enabled.html@Stability(value=Experimental) public static final String CLOUDFRONT_ORIGIN_FAILOVER_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/cloudfront-origin-failover-enabled.html@Stability(value=Experimental) public static final String CLOUDFRONT_SNI_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/cloudfront-sni-enabled.html@Stability(value=Experimental) public static final String CLOUDFRONT_VIEWER_POLICY_HTTPS
https://docs.aws.amazon.com/config/latest/developerguide/cloudfront-viewer-policy-https.html@Stability(value=Experimental) public static final String CLOUDTRAIL_MULTI_REGION_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/multi-region-cloudtrail-enabled.html@Stability(value=Experimental) public static final String CLOUDTRAIL_S3_DATAEVENTS_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/cloudtrail-s3-dataevents-enabled.html@Stability(value=Experimental) public static final String CLOUDTRAIL_SECURITY_TRAIL_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/cloudtrail-security-trail-enabled.html@Stability(value=Experimental) public static final String CLOUDWATCH_ALARM_ACTION_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/cloudwatch-alarm-action-check.html@Stability(value=Experimental) public static final String CLOUDWATCH_ALARM_RESOURCE_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/cloudwatch-alarm-resource-check.html@Stability(value=Experimental) public static final String CLOUDWATCH_ALARM_SETTINGS_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/cloudwatch-alarm-settings-check.html@Stability(value=Experimental) public static final String CLOUDWATCH_LOG_GROUP_ENCRYPTED
https://docs.aws.amazon.com/config/latest/developerguide/cloudwatch-log-group-encrypted.html@Stability(value=Experimental) public static final String CMK_BACKING_KEY_ROTATION_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/cmk-backing-key-rotation-enabled.html@Stability(value=Experimental) public static final String CODEBUILD_PROJECT_ENVVAR_AWSCRED_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/codebuild-project-envvar-awscred-check.html@Stability(value=Experimental) public static final String CODEBUILD_PROJECT_SOURCE_REPO_URL_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/codebuild-project-source-repo-url-check.html@Stability(value=Experimental) public static final String CODEPIPELINE_DEPLOYMENT_COUNT_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/codepipeline-deployment-count-check.html@Stability(value=Experimental) public static final String CODEPIPELINE_REGION_FANOUT_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/codepipeline-region-fanout-check.html@Stability(value=Experimental) public static final String CW_LOGGROUP_RETENTION_PERIOD_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/cw-loggroup-retention-period-check.html@Stability(value=Experimental) public static final String DAX_ENCRYPTION_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/dax-encryption-enabled.html@Stability(value=Experimental) public static final String DMS_REPLICATION_NOT_PUBLIC
https://docs.aws.amazon.com/config/latest/developerguide/dms-replication-not-public.html@Stability(value=Experimental) public static final String DYNAMODB_AUTOSCALING_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/dynamodb-autoscaling-enabled.html@Stability(value=Experimental) public static final String DYNAMODB_IN_BACKUP_PLAN
https://docs.aws.amazon.com/config/latest/developerguide/dynamodb-in-backup-plan.html@Stability(value=Experimental) public static final String DYNAMODB_PITR_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/dynamodb-pitr-enabled.html@Stability(value=Experimental) public static final String DYNAMODB_TABLE_ENCRYPTED_KMS
https://docs.aws.amazon.com/config/latest/developerguide/dynamodb-table-encrypted-kms.html@Stability(value=Experimental) public static final String DYNAMODB_TABLE_ENCRYPTION_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/dynamodb-table-encryption-enabled.html@Stability(value=Experimental) public static final String DYNAMODB_THROUGHPUT_LIMIT_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/dynamodb-throughput-limit-check.html@Stability(value=Experimental) public static final String EBS_ENCRYPTED_VOLUMES
https://docs.aws.amazon.com/config/latest/developerguide/encrypted-volumes.html@Stability(value=Experimental) public static final String EBS_IN_BACKUP_PLAN
https://docs.aws.amazon.com/config/latest/developerguide/ebs-in-backup-plan.html@Stability(value=Experimental) public static final String EBS_OPTIMIZED_INSTANCE
https://docs.aws.amazon.com/config/latest/developerguide/ebs-optimized-instance.html@Stability(value=Experimental) public static final String EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/ebs-snapshot-public-restorable-check.html@Stability(value=Experimental) public static final String EC2_DESIRED_INSTANCE_TENANCY
https://docs.aws.amazon.com/config/latest/developerguide/desired-instance-tenancy.html@Stability(value=Experimental) public static final String EC2_DESIRED_INSTANCE_TYPE
https://docs.aws.amazon.com/config/latest/developerguide/desired-instance-type.html@Stability(value=Experimental) public static final String EC2_EBS_ENCRYPTION_BY_DEFAULT
https://docs.aws.amazon.com/config/latest/developerguide/ec2-ebs-encryption-by-default.html@Stability(value=Experimental) public static final String EC2_IMDSV2_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/ec2-imdsv2-check.html@Stability(value=Experimental) public static final String EC2_INSTANCE_DETAILED_MONITORING_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/ec2-instance-detailed-monitoring-enabled.html@Stability(value=Experimental) public static final String EC2_INSTANCE_MANAGED_BY_SSM
https://docs.aws.amazon.com/config/latest/developerguide/ec2-instance-managed-by-systems-manager.html@Stability(value=Experimental) public static final String EC2_INSTANCE_NO_PUBLIC_IP
https://docs.aws.amazon.com/config/latest/developerguide/ec2-instance-no-public-ip.html@Stability(value=Experimental) public static final String EC2_INSTANCES_IN_VPC
https://docs.aws.amazon.com/config/latest/developerguide/ec2-instances-in-vpc.html@Stability(value=Experimental) public static final String EC2_MANAGED_INSTANCE_APPLICATIONS_BLOCKED
https://docs.aws.amazon.com/config/latest/developerguide/ec2-managedinstance-applications-blacklisted.html@Stability(value=Experimental) public static final String EC2_MANAGED_INSTANCE_APPLICATIONS_REQUIRED
https://docs.aws.amazon.com/config/latest/developerguide/ec2-managedinstance-applications-required.html@Stability(value=Experimental) public static final String EC2_MANAGED_INSTANCE_ASSOCIATION_COMPLIANCE_STATUS_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/ec2-managedinstance-association-compliance-status-check.html@Stability(value=Experimental) public static final String EC2_MANAGED_INSTANCE_INVENTORY_BLOCKED
https://docs.aws.amazon.com/config/latest/developerguide/ec2-managedinstance-inventory-blacklisted.html@Stability(value=Experimental) public static final String EC2_MANAGED_INSTANCE_PATCH_COMPLIANCE_STATUS_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/ec2-managedinstance-patch-compliance-status-check.html@Stability(value=Experimental) public static final String EC2_MANAGED_INSTANCE_PLATFORM_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/ec2-managedinstance-platform-check.html@Stability(value=Experimental) public static final String EC2_SECURITY_GROUP_ATTACHED_TO_ENI
https://docs.aws.amazon.com/config/latest/developerguide/ec2-security-group-attached-to-eni.html@Stability(value=Experimental) public static final String EC2_SECURITY_GROUPS_INCOMING_SSH_DISABLED
https://docs.aws.amazon.com/config/latest/developerguide/restricted-ssh.html@Stability(value=Experimental) public static final String EC2_SECURITY_GROUPS_RESTRICTED_INCOMING_TRAFFIC
https://docs.aws.amazon.com/config/latest/developerguide/restricted-common-ports.html@Stability(value=Experimental) public static final String EC2_STOPPED_INSTANCE
https://docs.aws.amazon.com/config/latest/developerguide/ec2-stopped-instance.html@Stability(value=Experimental) public static final String EC2_VOLUME_INUSE_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/ec2-volume-inuse-check.html@Stability(value=Experimental) public static final String EFS_ENCRYPTED_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/efs-encrypted-check.html@Stability(value=Experimental) public static final String EFS_IN_BACKUP_PLAN
https://docs.aws.amazon.com/config/latest/developerguide/efs-in-backup-plan.html@Stability(value=Experimental) public static final String EIP_ATTACHED
https://docs.aws.amazon.com/config/latest/developerguide/eip-attached.html@Stability(value=Experimental) public static final String EKS_ENDPOINT_NO_PUBLIC_ACCESS
https://docs.aws.amazon.com/config/latest/developerguide/eks-endpoint-no-public-access.html@Stability(value=Experimental) public static final String EKS_SECRETS_ENCRYPTED
https://docs.aws.amazon.com/config/latest/developerguide/eks-secrets-encrypted.html@Stability(value=Experimental) public static final String ELASTICACHE_REDIS_CLUSTER_AUTOMATIC_BACKUP_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/elasticache-redis-cluster-automatic-backup-check.html@Stability(value=Experimental) public static final String ELASTICSEARCH_ENCRYPTED_AT_REST
https://docs.aws.amazon.com/config/latest/developerguide/elasticsearch-encrypted-at-rest.html@Stability(value=Experimental) public static final String ELASTICSEARCH_IN_VPC_ONLY
https://docs.aws.amazon.com/config/latest/developerguide/elasticsearch-in-vpc-only.html@Stability(value=Experimental) public static final String ELASTICSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/elasticsearch-node-to-node-encryption-check.html@Stability(value=Experimental) public static final String ELB_ACM_CERTIFICATE_REQUIRED
https://docs.aws.amazon.com/config/latest/developerguide/elb-acm-certificate-required.html@Stability(value=Experimental) public static final String ELB_CROSS_ZONE_LOAD_BALANCING_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/elb-cross-zone-load-balancing-enabled.html@Stability(value=Experimental) public static final String ELB_CUSTOM_SECURITY_POLICY_SSL_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/elb-custom-security-policy-ssl-check.html@Stability(value=Experimental) public static final String ELB_DELETION_PROTECTION_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/elb-deletion-protection-enabled.html@Stability(value=Experimental) public static final String ELB_LOGGING_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/elb-logging-enabled.html@Stability(value=Experimental) public static final String ELB_PREDEFINED_SECURITY_POLICY_SSL_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/elb-predefined-security-policy-ssl-check.html@Stability(value=Experimental) public static final String ELB_TLS_HTTPS_LISTENERS_ONLY
https://docs.aws.amazon.com/config/latest/developerguide/elb-tls-https-listeners-only.html@Stability(value=Experimental) public static final String EMR_KERBEROS_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/emr-kerberos-enabled.html@Stability(value=Experimental) public static final String EMR_MASTER_NO_PUBLIC_IP
https://docs.aws.amazon.com/config/latest/developerguide/emr-master-no-public-ip.html@Stability(value=Experimental) public static final String FMS_SECURITY_GROUP_AUDIT_POLICY_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/fms-security-group-audit-policy-check.html@Stability(value=Experimental) public static final String FMS_SECURITY_GROUP_CONTENT_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/fms-security-group-content-check.html@Stability(value=Experimental) public static final String FMS_SECURITY_GROUP_RESOURCE_ASSOCIATION_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/fms-security-group-resource-association-check.html@Stability(value=Experimental) public static final String FMS_SHIELD_RESOURCE_POLICY_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/fms-shield-resource-policy-check.html@Stability(value=Experimental) public static final String FMS_WEBACL_RESOURCE_POLICY_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/fms-webacl-resource-policy-check.html@Stability(value=Experimental) public static final String FMS_WEBACL_RULEGROUP_ASSOCIATION_CHECK
The correct priority is decided by the rank of the rule groups in the ruleGroups parameter.
https://docs.aws.amazon.com/config/latest/developerguide/fms-webacl-rulegroup-association-check.html@Stability(value=Experimental) public static final String GUARDDUTY_ENABLED_CENTRALIZED
If you provide an AWS account for centralization, the rule evaluates the Amazon GuardDuty results in the centralized account.
https://docs.aws.amazon.com/config/latest/developerguide/guardduty-enabled-centralized.html@Stability(value=Experimental) public static final String GUARDDUTY_NON_ARCHIVED_FINDINGS
https://docs.aws.amazon.com/config/latest/developerguide/guardduty-non-archived-findings.html@Stability(value=Experimental) public static final String IAM_CUSTOMER_POLICY_BLOCKED_KMS_ACTIONS
https://docs.aws.amazon.com/config/latest/developerguide/iam-customer-policy-blocked-kms-actions.html@Stability(value=Experimental) public static final String IAM_GROUP_HAS_USERS_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/iam-group-has-users-check.html@Stability(value=Experimental) public static final String IAM_INLINE_POLICY_BLOCKED_KMS_ACTIONS
https://docs.aws.amazon.com/config/latest/developerguide/iam-inline-policy-blocked-kms-actions.html@Stability(value=Experimental) public static final String IAM_NO_INLINE_POLICY_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/iam-no-inline-policy-check.html@Stability(value=Experimental) public static final String IAM_PASSWORD_POLICY
https://docs.aws.amazon.com/config/latest/developerguide/iam-password-policy.html@Stability(value=Experimental) public static final String IAM_POLICY_BLOCKED_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/iam-policy-blacklisted-check.html@Stability(value=Experimental) public static final String IAM_POLICY_IN_USE
https://docs.aws.amazon.com/config/latest/developerguide/iam-policy-in-use.html@Stability(value=Experimental) public static final String IAM_POLICY_NO_STATEMENTS_WITH_ADMIN_ACCESS
https://docs.aws.amazon.com/config/latest/developerguide/iam-policy-no-statements-with-admin-access.html@Stability(value=Experimental) public static final String IAM_ROLE_MANAGED_POLICY_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/iam-role-managed-policy-check.html@Stability(value=Experimental) public static final String IAM_ROOT_ACCESS_KEY_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/iam-root-access-key-check.html@Stability(value=Experimental) public static final String IAM_USER_GROUP_MEMBERSHIP_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/iam-user-group-membership-check.html@Stability(value=Experimental) public static final String IAM_USER_MFA_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/iam-user-mfa-enabled.html@Stability(value=Experimental) public static final String IAM_USER_NO_POLICIES_CHECK
IAM users must inherit permissions from IAM groups or roles.
https://docs.aws.amazon.com/config/latest/developerguide/iam-user-no-policies-check.html@Stability(value=Experimental) public static final String IAM_USER_UNUSED_CREDENTIALS_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/iam-user-unused-credentials-check.html@Stability(value=Experimental) public static final String INTERNET_GATEWAY_AUTHORIZED_VPC_ONLY
https://docs.aws.amazon.com/config/latest/developerguide/internet-gateway-authorized-vpc-only.html@Stability(value=Experimental) public static final String KMS_CMK_NOT_SCHEDULED_FOR_DELETION
https://docs.aws.amazon.com/config/latest/developerguide/kms-cmk-not-scheduled-for-deletion.html@Stability(value=Experimental) public static final String LAMBDA_CONCURRENCY_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/lambda-concurrency-check.html@Stability(value=Experimental) public static final String LAMBDA_DLQ_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/lambda-dlq-check.html@Stability(value=Experimental) public static final String LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED
https://docs.aws.amazon.com/config/latest/developerguide/lambda-function-public-access-prohibited.html@Stability(value=Experimental) public static final String LAMBDA_FUNCTION_SETTINGS_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/lambda-function-settings-check.html@Stability(value=Experimental) public static final String LAMBDA_INSIDE_VPC
https://docs.aws.amazon.com/config/latest/developerguide/lambda-inside-vpc.html@Stability(value=Experimental) public static final String MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS
https://docs.aws.amazon.com/config/latest/developerguide/mfa-enabled-for-iam-console-access.html@Stability(value=Experimental) public static final String RDS_CLUSTER_DELETION_PROTECTION_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/rds-cluster-deletion-protection-enabled.html@Stability(value=Experimental) public static final String RDS_DB_INSTANCE_BACKUP_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/db-instance-backup-enabled.html@Stability(value=Experimental) public static final String RDS_ENHANCED_MONITORING_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/rds-enhanced-monitoring-enabled.html@Stability(value=Experimental) public static final String RDS_IN_BACKUP_PLAN
https://docs.aws.amazon.com/config/latest/developerguide/rds-in-backup-plan.html@Stability(value=Experimental) public static final String RDS_INSTANCE_DELETION_PROTECTION_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/rds-instance-deletion-protection-enabled.html@Stability(value=Experimental) public static final String RDS_INSTANCE_IAM_AUTHENTICATION_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/rds-instance-iam-authentication-enabled.html@Stability(value=Experimental) public static final String RDS_INSTANCE_PUBLIC_ACCESS_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/rds-instance-public-access-check.html@Stability(value=Experimental) public static final String RDS_LOGGING_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/rds-logging-enabled.html@Stability(value=Experimental) public static final String RDS_MULTI_AZ_SUPPORT
https://docs.aws.amazon.com/config/latest/developerguide/rds-multi-az-support.html@Stability(value=Experimental) public static final String RDS_SNAPSHOT_ENCRYPTED
https://docs.aws.amazon.com/config/latest/developerguide/rds-snapshot-encrypted.html@Stability(value=Experimental) public static final String RDS_SNAPSHOTS_PUBLIC_PROHIBITED
https://docs.aws.amazon.com/config/latest/developerguide/rds-snapshots-public-prohibited.html@Stability(value=Experimental) public static final String RDS_STORAGE_ENCRYPTED
https://docs.aws.amazon.com/config/latest/developerguide/rds-storage-encrypted.html@Stability(value=Experimental) public static final String REDSHIFT_BACKUP_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/redshift-backup-enabled.html@Stability(value=Experimental) public static final String REDSHIFT_CLUSTER_CONFIGURATION_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/redshift-cluster-configuration-check.html@Stability(value=Experimental) public static final String REDSHIFT_CLUSTER_MAINTENANCE_SETTINGS_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/redshift-cluster-maintenancesettings-check.html@Stability(value=Experimental) public static final String REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/redshift-cluster-public-access-check.html@Stability(value=Experimental) public static final String REDSHIFT_REQUIRE_TLS_SSL
https://docs.aws.amazon.com/config/latest/developerguide/redshift-require-tls-ssl.html@Stability(value=Experimental) public static final String REQUIRED_TAGS
For example, you can check whether your Amazon EC2 instances have the CostCenter tag.
https://docs.aws.amazon.com/config/latest/developerguide/required-tags.html@Stability(value=Experimental) public static final String ROOT_ACCOUNT_HARDWARE_MFA_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/root-account-hardware-mfa-enabled.html@Stability(value=Experimental) public static final String ROOT_ACCOUNT_MFA_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/root-account-mfa-enabled.html@Stability(value=Experimental) public static final String S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS
https://docs.aws.amazon.com/config/latest/developerguide/s3-account-level-public-access-blocks.html@Stability(value=Experimental) public static final String S3_BUCKET_BLOCKED_ACTIONS_PROHIBITED
https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-blacklisted-actions-prohibited.html@Stability(value=Experimental) public static final String S3_BUCKET_DEFAULT_LOCK_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-default-lock-enabled.html@Stability(value=Experimental) public static final String S3_BUCKET_LOGGING_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-logging-enabled.html@Stability(value=Experimental) public static final String S3_BUCKET_POLICY_GRANTEE_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-policy-grantee-check.html@Stability(value=Experimental) public static final String S3_BUCKET_POLICY_NOT_MORE_PERMISSIVE
https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-policy-not-more-permissive.html@Stability(value=Experimental) public static final String S3_BUCKET_PUBLIC_READ_PROHIBITED
https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-public-read-prohibited.html@Stability(value=Experimental) public static final String S3_BUCKET_PUBLIC_WRITE_PROHIBITED
https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-public-write-prohibited.html@Stability(value=Experimental) public static final String S3_BUCKET_REPLICATION_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-replication-enabled.html@Stability(value=Experimental) public static final String S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-server-side-encryption-enabled.html@Stability(value=Experimental) public static final String S3_BUCKET_SSL_REQUESTS_ONLY
https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-ssl-requests-only.html@Stability(value=Experimental) public static final String S3_BUCKET_VERSIONING_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-versioning-enabled.html@Stability(value=Experimental) public static final String S3_DEFAULT_ENCRYPTION_KMS
https://docs.aws.amazon.com/config/latest/developerguide/s3-default-encryption-kms.html@Stability(value=Experimental) public static final String SAGEMAKER_ENDPOINT_CONFIGURATION_KMS_KEY_CONFIGURED
https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-endpoint-configuration-kms-key-configured.html@Stability(value=Experimental) public static final String SAGEMAKER_NOTEBOOK_INSTANCE_KMS_KEY_CONFIGURED
https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-notebook-instance-kms-key-configured.html@Stability(value=Experimental) public static final String SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS
https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-notebook-no-direct-internet-access.html@Stability(value=Experimental) public static final String SECRETSMANAGER_ROTATION_ENABLED_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/secretsmanager-rotation-enabled-check.html@Stability(value=Experimental) public static final String SECRETSMANAGER_SCHEDULED_ROTATION_SUCCESS_CHECK
https://docs.aws.amazon.com/config/latest/developerguide/secretsmanager-scheduled-rotation-success-check.html@Stability(value=Experimental) public static final String SECURITYHUB_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/securityhub-enabled.html@Stability(value=Experimental) public static final String SERVICE_VPC_ENDPOINT_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/service-vpc-endpoint-enabled.html@Stability(value=Experimental) public static final String SHIELD_ADVANCED_ENABLED_AUTO_RENEW
https://docs.aws.amazon.com/config/latest/developerguide/shield-advanced-enabled-autorenew.html@Stability(value=Experimental) public static final String SHIELD_DRT_ACCESS
https://docs.aws.amazon.com/config/latest/developerguide/shield-drt-access.html@Stability(value=Experimental) public static final String SNS_ENCRYPTED_KMS
https://docs.aws.amazon.com/config/latest/developerguide/sns-encrypted-kms.html@Stability(value=Experimental) public static final String VPC_DEFAULT_SECURITY_GROUP_CLOSED
The rule returns NOT_APPLICABLE if the security group is not default.
https://docs.aws.amazon.com/config/latest/developerguide/vpc-default-security-group-closed.html@Stability(value=Experimental) public static final String VPC_FLOW_LOGS_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/vpc-flow-logs-enabled.html@Stability(value=Experimental) public static final String VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS
https://docs.aws.amazon.com/config/latest/developerguide/vpc-sg-open-only-to-authorized-ports.html@Stability(value=Experimental) public static final String VPC_VPN_2_TUNNELS_UP
https://docs.aws.amazon.com/config/latest/developerguide/vpc-vpn-2-tunnels-up.html@Stability(value=Experimental) public static final String WAF_CLASSIC_LOGGING_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/waf-classic-logging-enabled.html@Stability(value=Experimental) public static final String WAFV2_LOGGING_ENABLED
https://docs.aws.amazon.com/config/latest/developerguide/wafv2-logging-enabled.htmlCopyright © 2021. All rights reserved.