ManagedRuleIdentifiers¶
-
class
aws_cdk.aws_config.
ManagedRuleIdentifiers
(*args, **kwargs)¶ Bases:
object
Managed rules that are supported by AWS Config.
Attributes
-
ACCESS_KEYS_ROTATED
= 'ACCESS_KEYS_ROTATED'¶
-
ACCOUNT_PART_OF_ORGANIZATIONS
= 'ACCOUNT_PART_OF_ORGANIZATIONS'¶
-
ACM_CERTIFICATE_EXPIRATION_CHECK
= 'ACM_CERTIFICATE_EXPIRATION_CHECK'¶
-
ALB_HTTP_DROP_INVALID_HEADER_ENABLED
= 'ALB_HTTP_DROP_INVALID_HEADER_ENABLED'¶
-
ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK
= 'ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK'¶
-
ALB_WAF_ENABLED
= 'ALB_WAF_ENABLED'¶
-
API_GW_CACHE_ENABLED_AND_ENCRYPTED
= 'API_GW_CACHE_ENABLED_AND_ENCRYPTED'¶
-
API_GW_ENDPOINT_TYPE_CHECK
= 'API_GW_ENDPOINT_TYPE_CHECK'¶
-
API_GW_EXECUTION_LOGGING_ENABLED
= 'API_GW_EXECUTION_LOGGING_ENABLED'¶
-
APPROVED_AMIS_BY_ID
= 'APPROVED_AMIS_BY_ID'¶
-
APPROVED_AMIS_BY_TAG
= 'APPROVED_AMIS_BY_TAG'¶
-
AUTOSCALING_GROUP_ELB_HEALTHCHECK_REQUIRED
= 'AUTOSCALING_GROUP_ELB_HEALTHCHECK_REQUIRED'¶
-
CLOUDFORMATION_STACK_DRIFT_DETECTION_CHECK
= 'CLOUDFORMATION_STACK_DRIFT_DETECTION_CHECK'¶
-
CLOUDFORMATION_STACK_NOTIFICATION_CHECK
= 'CLOUDFORMATION_STACK_NOTIFICATION_CHECK'¶
-
CLOUDFRONT_DEFAULT_ROOT_OBJECT_CONFIGURED
= 'CLOUDFRONT_DEFAULT_ROOT_OBJECT_CONFIGURED'¶
-
CLOUDFRONT_ORIGIN_ACCESS_IDENTITY_ENABLED
= 'CLOUDFRONT_ORIGIN_ACCESS_IDENTITY_ENABLED'¶
-
CLOUDFRONT_ORIGIN_FAILOVER_ENABLED
= 'CLOUDFRONT_ORIGIN_FAILOVER_ENABLED'¶
-
CLOUDFRONT_SNI_ENABLED
= 'CLOUDFRONT_SNI_ENABLED'¶
-
CLOUDFRONT_VIEWER_POLICY_HTTPS
= 'CLOUDFRONT_VIEWER_POLICY_HTTPS'¶
-
CLOUDTRAIL_MULTI_REGION_ENABLED
= 'MULTI_REGION_CLOUD_TRAIL_ENABLED'¶
-
CLOUDTRAIL_S3_DATAEVENTS_ENABLED
= 'CLOUDTRAIL_S3_DATAEVENTS_ENABLED'¶
-
CLOUDTRAIL_SECURITY_TRAIL_ENABLED
= 'CLOUDTRAIL_SECURITY_TRAIL_ENABLED'¶
-
CLOUDWATCH_ALARM_ACTION_CHECK
= 'CLOUDWATCH_ALARM_ACTION_CHECK'¶
-
CLOUDWATCH_ALARM_RESOURCE_CHECK
= 'CLOUDWATCH_ALARM_RESOURCE_CHECK'¶
-
CLOUDWATCH_ALARM_SETTINGS_CHECK
= 'CLOUDWATCH_ALARM_SETTINGS_CHECK'¶
-
CLOUDWATCH_LOG_GROUP_ENCRYPTED
= 'CLOUDWATCH_LOG_GROUP_ENCRYPTED'¶
-
CLOUD_TRAIL_CLOUD_WATCH_LOGS_ENABLED
= 'CLOUD_TRAIL_CLOUD_WATCH_LOGS_ENABLED'¶
-
CLOUD_TRAIL_ENABLED
= 'CLOUD_TRAIL_ENABLED'¶
-
CLOUD_TRAIL_ENCRYPTION_ENABLED
= 'CLOUD_TRAIL_ENCRYPTION_ENABLED'¶
-
CLOUD_TRAIL_LOG_FILE_VALIDATION_ENABLED
= 'CLOUD_TRAIL_LOG_FILE_VALIDATION_ENABLED'¶
-
CMK_BACKING_KEY_ROTATION_ENABLED
= 'CMK_BACKING_KEY_ROTATION_ENABLED'¶
-
CODEBUILD_PROJECT_ENVVAR_AWSCRED_CHECK
= 'CODEBUILD_PROJECT_ENVVAR_AWSCRED_CHECK'¶
-
CODEBUILD_PROJECT_SOURCE_REPO_URL_CHECK
= 'CODEBUILD_PROJECT_SOURCE_REPO_URL_CHECK'¶
-
CODEPIPELINE_DEPLOYMENT_COUNT_CHECK
= 'CODEPIPELINE_DEPLOYMENT_COUNT_CHECK'¶
-
CODEPIPELINE_REGION_FANOUT_CHECK
= 'CODEPIPELINE_REGION_FANOUT_CHECK'¶
-
CW_LOGGROUP_RETENTION_PERIOD_CHECK
= 'CW_LOGGROUP_RETENTION_PERIOD_CHECK'¶
-
DAX_ENCRYPTION_ENABLED
= 'DAX_ENCRYPTION_ENABLED'¶
-
DMS_REPLICATION_NOT_PUBLIC
= 'DMS_REPLICATION_NOT_PUBLIC'¶
-
DYNAMODB_AUTOSCALING_ENABLED
= 'DYNAMODB_AUTOSCALING_ENABLED'¶
-
DYNAMODB_IN_BACKUP_PLAN
= 'DYNAMODB_IN_BACKUP_PLAN'¶
-
DYNAMODB_PITR_ENABLED
= 'DYNAMODB_PITR_ENABLED'¶
-
DYNAMODB_TABLE_ENCRYPTED_KMS
= 'DYNAMODB_TABLE_ENCRYPTED_KMS'¶
-
DYNAMODB_TABLE_ENCRYPTION_ENABLED
= 'DYNAMODB_TABLE_ENCRYPTION_ENABLED'¶
-
DYNAMODB_THROUGHPUT_LIMIT_CHECK
= 'DYNAMODB_THROUGHPUT_LIMIT_CHECK'¶
-
EBS_ENCRYPTED_VOLUMES
= 'ENCRYPTED_VOLUMES'¶
-
EBS_IN_BACKUP_PLAN
= 'EBS_IN_BACKUP_PLAN'¶
-
EBS_OPTIMIZED_INSTANCE
= 'EBS_OPTIMIZED_INSTANCE'¶
-
EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK
= 'EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK'¶
-
EC2_DESIRED_INSTANCE_TENANCY
= 'DESIRED_INSTANCE_TENANCY'¶
-
EC2_DESIRED_INSTANCE_TYPE
= 'DESIRED_INSTANCE_TYPE'¶
-
EC2_EBS_ENCRYPTION_BY_DEFAULT
= 'EC2_EBS_ENCRYPTION_BY_DEFAULT'¶
-
EC2_IMDSV2_CHECK
= 'EC2_IMDSV2_CHECK'¶
-
EC2_INSTANCES_IN_VPC
= 'INSTANCES_IN_VPC'¶
-
EC2_INSTANCE_DETAILED_MONITORING_ENABLED
= 'EC2_INSTANCE_DETAILED_MONITORING_ENABLED'¶
-
EC2_INSTANCE_MANAGED_BY_SSM
= 'EC2_INSTANCE_MANAGED_BY_SSM'¶
-
EC2_INSTANCE_NO_PUBLIC_IP
= 'EC2_INSTANCE_NO_PUBLIC_IP'¶
-
EC2_MANAGED_INSTANCE_APPLICATIONS_BLOCKED
= 'EC2_MANAGEDINSTANCE_APPLICATIONS_BLACKLISTED'¶
-
EC2_MANAGED_INSTANCE_APPLICATIONS_REQUIRED
= 'EC2_MANAGEDINSTANCE_APPLICATIONS_REQUIRED'¶
-
EC2_MANAGED_INSTANCE_ASSOCIATION_COMPLIANCE_STATUS_CHECK
= 'EC2_MANAGEDINSTANCE_ASSOCIATION_COMPLIANCE_STATUS_CHECK'¶
-
EC2_MANAGED_INSTANCE_INVENTORY_BLOCKED
= 'EC2_MANAGEDINSTANCE_INVENTORY_BLACKLISTED'¶
-
EC2_MANAGED_INSTANCE_PATCH_COMPLIANCE_STATUS_CHECK
= 'EC2_MANAGEDINSTANCE_PATCH_COMPLIANCE_STATUS_CHECK'¶
-
EC2_MANAGED_INSTANCE_PLATFORM_CHECK
= 'EC2_MANAGEDINSTANCE_PLATFORM_CHECK'¶
-
EC2_SECURITY_GROUPS_INCOMING_SSH_DISABLED
= 'INCOMING_SSH_DISABLED'¶
-
EC2_SECURITY_GROUPS_RESTRICTED_INCOMING_TRAFFIC
= 'RESTRICTED_INCOMING_TRAFFIC'¶
-
EC2_SECURITY_GROUP_ATTACHED_TO_ENI
= 'EC2_SECURITY_GROUP_ATTACHED_TO_ENI'¶
-
EC2_STOPPED_INSTANCE
= 'EC2_STOPPED_INSTANCE'¶
-
EC2_VOLUME_INUSE_CHECK
= 'EC2_VOLUME_INUSE_CHECK'¶
-
EFS_ENCRYPTED_CHECK
= 'EFS_ENCRYPTED_CHECK'¶
-
EFS_IN_BACKUP_PLAN
= 'EFS_IN_BACKUP_PLAN'¶
-
EIP_ATTACHED
= 'EIP_ATTACHED'¶
-
EKS_ENDPOINT_NO_PUBLIC_ACCESS
= 'EKS_ENDPOINT_NO_PUBLIC_ACCESS'¶
-
EKS_SECRETS_ENCRYPTED
= 'EKS_SECRETS_ENCRYPTED'¶
-
ELASTICACHE_REDIS_CLUSTER_AUTOMATIC_BACKUP_CHECK
= 'ELASTICACHE_REDIS_CLUSTER_AUTOMATIC_BACKUP_CHECK'¶
-
ELASTICSEARCH_ENCRYPTED_AT_REST
= 'ELASTICSEARCH_ENCRYPTED_AT_REST'¶
-
ELASTICSEARCH_IN_VPC_ONLY
= 'ELASTICSEARCH_IN_VPC_ONLY'¶
-
ELASTICSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK
= 'ELASTICSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK'¶
-
ELB_ACM_CERTIFICATE_REQUIRED
= 'ELB_ACM_CERTIFICATE_REQUIRED'¶
-
ELB_CROSS_ZONE_LOAD_BALANCING_ENABLED
= 'ELB_CROSS_ZONE_LOAD_BALANCING_ENABLED'¶
-
ELB_CUSTOM_SECURITY_POLICY_SSL_CHECK
= 'ELB_CUSTOM_SECURITY_POLICY_SSL_CHECK'¶
-
ELB_DELETION_PROTECTION_ENABLED
= 'ELB_DELETION_PROTECTION_ENABLED'¶
-
ELB_LOGGING_ENABLED
= 'ELB_LOGGING_ENABLED'¶
-
ELB_PREDEFINED_SECURITY_POLICY_SSL_CHECK
= 'ELB_PREDEFINED_SECURITY_POLICY_SSL_CHECK'¶
-
ELB_TLS_HTTPS_LISTENERS_ONLY
= 'ELB_TLS_HTTPS_LISTENERS_ONLY'¶
-
EMR_KERBEROS_ENABLED
= 'EMR_KERBEROS_ENABLED'¶
-
EMR_MASTER_NO_PUBLIC_IP
= 'EMR_MASTER_NO_PUBLIC_IP'¶
-
FMS_SECURITY_GROUP_AUDIT_POLICY_CHECK
= 'FMS_SECURITY_GROUP_AUDIT_POLICY_CHECK'¶
-
FMS_SECURITY_GROUP_CONTENT_CHECK
= 'FMS_SECURITY_GROUP_CONTENT_CHECK'¶
-
FMS_SECURITY_GROUP_RESOURCE_ASSOCIATION_CHECK
= 'FMS_SECURITY_GROUP_RESOURCE_ASSOCIATION_CHECK'¶
-
FMS_SHIELD_RESOURCE_POLICY_CHECK
= 'FMS_SHIELD_RESOURCE_POLICY_CHECK'¶
-
FMS_WEBACL_RESOURCE_POLICY_CHECK
= 'FMS_WEBACL_RESOURCE_POLICY_CHECK'¶
-
FMS_WEBACL_RULEGROUP_ASSOCIATION_CHECK
= 'FMS_WEBACL_RULEGROUP_ASSOCIATION_CHECK'¶
-
GUARDDUTY_ENABLED_CENTRALIZED
= 'GUARDDUTY_ENABLED_CENTRALIZED'¶
-
GUARDDUTY_NON_ARCHIVED_FINDINGS
= 'GUARDDUTY_NON_ARCHIVED_FINDINGS'¶
-
IAM_CUSTOMER_POLICY_BLOCKED_KMS_ACTIONS
= 'IAM_CUSTOMER_POLICY_BLOCKED_KMS_ACTIONS'¶
-
IAM_GROUP_HAS_USERS_CHECK
= 'IAM_GROUP_HAS_USERS_CHECK'¶
-
IAM_INLINE_POLICY_BLOCKED_KMS_ACTIONS
= 'IAM_INLINE_POLICY_BLOCKED_KMS_ACTIONS'¶
-
IAM_NO_INLINE_POLICY_CHECK
= 'IAM_NO_INLINE_POLICY_CHECK'¶
-
IAM_PASSWORD_POLICY
= 'IAM_PASSWORD_POLICY'¶
-
IAM_POLICY_BLOCKED_CHECK
= 'IAM_POLICY_BLACKLISTED_CHECK'¶
-
IAM_POLICY_IN_USE
= 'IAM_POLICY_IN_USE'¶
-
IAM_POLICY_NO_STATEMENTS_WITH_ADMIN_ACCESS
= 'IAM_POLICY_NO_STATEMENTS_WITH_ADMIN_ACCESS'¶
-
IAM_ROLE_MANAGED_POLICY_CHECK
= 'IAM_ROLE_MANAGED_POLICY_CHECK'¶
-
IAM_ROOT_ACCESS_KEY_CHECK
= 'IAM_ROOT_ACCESS_KEY_CHECK'¶
-
IAM_USER_GROUP_MEMBERSHIP_CHECK
= 'IAM_USER_GROUP_MEMBERSHIP_CHECK'¶
-
IAM_USER_MFA_ENABLED
= 'IAM_USER_MFA_ENABLED'¶
-
IAM_USER_NO_POLICIES_CHECK
= 'IAM_USER_NO_POLICIES_CHECK'¶
-
IAM_USER_UNUSED_CREDENTIALS_CHECK
= 'IAM_USER_UNUSED_CREDENTIALS_CHECK'¶
-
INTERNET_GATEWAY_AUTHORIZED_VPC_ONLY
= 'INTERNET_GATEWAY_AUTHORIZED_VPC_ONLY'¶
-
KMS_CMK_NOT_SCHEDULED_FOR_DELETION
= 'KMS_CMK_NOT_SCHEDULED_FOR_DELETION'¶
-
LAMBDA_CONCURRENCY_CHECK
= 'LAMBDA_CONCURRENCY_CHECK'¶
-
LAMBDA_DLQ_CHECK
= 'LAMBDA_DLQ_CHECK'¶
-
LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED
= 'LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED'¶
-
LAMBDA_FUNCTION_SETTINGS_CHECK
= 'LAMBDA_FUNCTION_SETTINGS_CHECK'¶
-
LAMBDA_INSIDE_VPC
= 'LAMBDA_INSIDE_VPC'¶
-
MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS
= 'MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS'¶
-
RDS_CLUSTER_DELETION_PROTECTION_ENABLED
= 'RDS_CLUSTER_DELETION_PROTECTION_ENABLED'¶
-
RDS_DB_INSTANCE_BACKUP_ENABLED
= 'DB_INSTANCE_BACKUP_ENABLED'¶
-
RDS_ENHANCED_MONITORING_ENABLED
= 'RDS_ENHANCED_MONITORING_ENABLED'¶
-
RDS_INSTANCE_DELETION_PROTECTION_ENABLED
= 'RDS_INSTANCE_DELETION_PROTECTION_ENABLED'¶
-
RDS_INSTANCE_IAM_AUTHENTICATION_ENABLED
= 'RDS_INSTANCE_IAM_AUTHENTICATION_ENABLED'¶
-
RDS_INSTANCE_PUBLIC_ACCESS_CHECK
= 'RDS_INSTANCE_PUBLIC_ACCESS_CHECK'¶
-
RDS_IN_BACKUP_PLAN
= 'RDS_IN_BACKUP_PLAN'¶
-
RDS_LOGGING_ENABLED
= 'RDS_LOGGING_ENABLED'¶
-
RDS_MULTI_AZ_SUPPORT
= 'RDS_MULTI_AZ_SUPPORT'¶
-
RDS_SNAPSHOTS_PUBLIC_PROHIBITED
= 'RDS_SNAPSHOTS_PUBLIC_PROHIBITED'¶
-
RDS_SNAPSHOT_ENCRYPTED
= 'RDS_SNAPSHOT_ENCRYPTED'¶
-
RDS_STORAGE_ENCRYPTED
= 'RDS_STORAGE_ENCRYPTED'¶
-
REDSHIFT_BACKUP_ENABLED
= 'REDSHIFT_BACKUP_ENABLED'¶
-
REDSHIFT_CLUSTER_CONFIGURATION_CHECK
= 'REDSHIFT_CLUSTER_CONFIGURATION_CHECK'¶
-
REDSHIFT_CLUSTER_MAINTENANCE_SETTINGS_CHECK
= 'REDSHIFT_CLUSTER_MAINTENANCESETTINGS_CHECK'¶
-
REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK
= 'REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK'¶
-
REDSHIFT_REQUIRE_TLS_SSL
= 'REDSHIFT_REQUIRE_TLS_SSL'¶
-
REQUIRED_TAGS
= 'REQUIRED_TAGS'¶
-
ROOT_ACCOUNT_HARDWARE_MFA_ENABLED
= 'ROOT_ACCOUNT_HARDWARE_MFA_ENABLED'¶
-
ROOT_ACCOUNT_MFA_ENABLED
= 'ROOT_ACCOUNT_MFA_ENABLED'¶
-
S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS
= 'S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS'¶
-
S3_BUCKET_BLOCKED_ACTIONS_PROHIBITED
= 'S3_BUCKET_BLACKLISTED_ACTIONS_PROHIBITED'¶
-
S3_BUCKET_DEFAULT_LOCK_ENABLED
= 'S3_BUCKET_DEFAULT_LOCK_ENABLED'¶
-
S3_BUCKET_LOGGING_ENABLED
= 'S3_BUCKET_LOGGING_ENABLED'¶
-
S3_BUCKET_POLICY_GRANTEE_CHECK
= 'S3_BUCKET_POLICY_GRANTEE_CHECK'¶
-
S3_BUCKET_POLICY_NOT_MORE_PERMISSIVE
= 'S3_BUCKET_POLICY_NOT_MORE_PERMISSIVE'¶
-
S3_BUCKET_PUBLIC_READ_PROHIBITED
= 'S3_BUCKET_PUBLIC_READ_PROHIBITED'¶
-
S3_BUCKET_PUBLIC_WRITE_PROHIBITED
= 'S3_BUCKET_PUBLIC_WRITE_PROHIBITED'¶
-
S3_BUCKET_REPLICATION_ENABLED
= 'S3_BUCKET_REPLICATION_ENABLED'¶
-
S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED
= 'S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED'¶
-
S3_BUCKET_SSL_REQUESTS_ONLY
= 'S3_BUCKET_SSL_REQUESTS_ONLY'¶
-
S3_BUCKET_VERSIONING_ENABLED
= 'S3_BUCKET_VERSIONING_ENABLED'¶
-
S3_DEFAULT_ENCRYPTION_KMS
= 'S3_DEFAULT_ENCRYPTION_KMS'¶
-
SAGEMAKER_ENDPOINT_CONFIGURATION_KMS_KEY_CONFIGURED
= 'SAGEMAKER_ENDPOINT_CONFIGURATION_KMS_KEY_CONFIGURED'¶
-
SAGEMAKER_NOTEBOOK_INSTANCE_KMS_KEY_CONFIGURED
= 'SAGEMAKER_NOTEBOOK_INSTANCE_KMS_KEY_CONFIGURED'¶
-
SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS
= 'SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS'¶
-
SECRETSMANAGER_ROTATION_ENABLED_CHECK
= 'SECRETSMANAGER_ROTATION_ENABLED_CHECK'¶
-
SECRETSMANAGER_SCHEDULED_ROTATION_SUCCESS_CHECK
= 'SECRETSMANAGER_SCHEDULED_ROTATION_SUCCESS_CHECK'¶
-
SECURITYHUB_ENABLED
= 'SECURITYHUB_ENABLED'¶
-
SERVICE_VPC_ENDPOINT_ENABLED
= 'SERVICE_VPC_ENDPOINT_ENABLED'¶
-
SHIELD_ADVANCED_ENABLED_AUTO_RENEW
= 'SHIELD_ADVANCED_ENABLED_AUTORENEW'¶
-
SHIELD_DRT_ACCESS
= 'SHIELD_DRT_ACCESS'¶
-
SNS_ENCRYPTED_KMS
= 'SNS_ENCRYPTED_KMS'¶
-
VPC_DEFAULT_SECURITY_GROUP_CLOSED
= 'VPC_DEFAULT_SECURITY_GROUP_CLOSED'¶
-
VPC_FLOW_LOGS_ENABLED
= 'VPC_FLOW_LOGS_ENABLED'¶
-
VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS
= 'VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS'¶
-
VPC_VPN_2_TUNNELS_UP
= 'VPC_VPN_2_TUNNELS_UP'¶
-
WAFV2_LOGGING_ENABLED
= 'WAFV2_LOGGING_ENABLED'¶
-
WAF_CLASSIC_LOGGING_ENABLED
= 'WAF_CLASSIC_LOGGING_ENABLED'¶
-