ec2-resources-in-logically-air-gapped-vault - AWS Config

ec2-resources-in-logically-air-gapped-vault

Checks if Amazon Elastic Compute Cloud (Amazon EC2) instances are in a logically air-gapped vault. The rule is NON_COMPLIANT if an Amazon EC2 instance is not in a logically air-gapped vault within the specified time period.

Identifier: EC2_RESOURCES_IN_LOGICALLY_AIR_GAPPED_VAULT

Resource Types: AWS::EC2::Instance

Trigger type: Periodic

AWS Region: All supported AWS regions

Parameters:

resourceTags (Optional)
Type: String

Tags of Amazon EC2 instances for the rule to check, in JSON format.

resourceId (Optional)
Type: String

ID of Amazon EC2 instance for the rule to check.

recoveryPointAgeValue (Optional)
Type: int
Default: 1

Numerical value for maximum allowed age. No more than 2184 for hours, 91 for days.

recoveryPointAgeUnit (Optional)
Type: String
Default: days

Unit of time for maximum allowed age. Accepted values: 'hours', 'days'.

AWS CloudFormation template

To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.