ec2-resources-in-logically-air-gapped-vault
Checks if Amazon Elastic Compute Cloud (Amazon EC2) instances are in a logically air-gapped vault. The rule is NON_COMPLIANT if an Amazon EC2 instance is not in a logically air-gapped vault within the specified time period.
Identifier: EC2_RESOURCES_IN_LOGICALLY_AIR_GAPPED_VAULT
Resource Types: AWS::EC2::Instance
Trigger type: Periodic
AWS Region: All supported AWS regions
Parameters:
- resourceTags (Optional)
- Type: String
-
Tags of Amazon EC2 instances for the rule to check, in JSON format.
- resourceId (Optional)
- Type: String
-
ID of Amazon EC2 instance for the rule to check.
- recoveryPointAgeValue (Optional)
- Type: int
- Default: 1
-
Numerical value for maximum allowed age. No more than 2184 for hours, 91 for days.
- recoveryPointAgeUnit (Optional)
- Type: String
- Default: days
-
Unit of time for maximum allowed age. Accepted values: 'hours', 'days'.
AWS CloudFormation template
To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.