Die vorliegende Übersetzung wurde maschinell erstellt. Im Falle eines Konflikts oder eines Widerspruchs zwischen dieser übersetzten Fassung und der englischen Fassung (einschließlich infolge von Verzögerungen bei der Übersetzung) ist die englische Fassung maßgeblich.
Liste der AWS Config verwalteten Regeln
AWS Config unterstützt derzeit die folgenden verwalteten Regeln. Bevor Sie diese Regeln verwenden, finden Sie weitere Informationen unterÜberlegungen.
Themen
- access-keys-rotated
- account-part-of-organizations
- acmpca-certificate-authority-tagged
- acm-certificate-expiration-check
- acm-certificate-rsa-check
- acm-pca-root-ca-deaktiviert
- active-mq-supported-version
- alb-desync-mode-check
- alb-http-drop-invalid-Header-fähig
- alb-http-to-https-Weiterleitungsprüfung
- alb-internal-scheme-check
- alb-waf-enabled
- api-gwv2- access-logs-enabled
- api-gwv2- authorization-type-configured
- api-gw-cache-enabled-und-verschlüsselt
- api-gw-endpoint-type-überprüfen
- api-gw-execution-logging-aktiviert
- appconfig-application-description
- appconfig-application-tagged
- appconfig-configuration-profile-tagged
- appconfig-deployment-strategy-description
- appconfig-environment-description
- appconfig-environment-tagged
- appconfig-extension-association-tagged
- appflow-flow-tagged
- appmesh-gateway-route-tagged
- appmesh-mesh-deny-tcp-spedition
- appmesh-mesh-tagged
- appmesh-route-tagged
- appmesh-virtual-gateway-backend-Standards-tls
- appmesh-virtual-gateway-logging-file-path-exists
- appmesh-virtual-gateway-tagged
- appmesh-virtual-node-backend-defaults-tls-on
- appmesh-virtual-node-logging-file-path-exists
- appmesh-virtual-node-tagged
- appmesh-virtual-router-tagged
- appmesh-virtual-service-tagged
- approved-amis-by-id
- approved-amis-by-tag
- apprunner-service-in-vpc
- apprunner-service-no-public-Zugang
- apprunner-service-tagged
- apprunner-vpc-connector-tagged
- appsync-associated-with-waf
- appsync-authorization-check
- appsync-cache-ct-encryption-im Ruhezustand
- appsync-cache-ct-encryptionim Transit
- appsync-cache-encryption-at-ausruhen
- appsync-logging-enabled
- athena-workgroup-encrypted-at-ausruhen
- athena-workgroup-logging-enabled
- aurora-last-backup-recovery-Punkt-erstellt
- aurora-meets-restore-time-ziel
- aurora-resources-in-logically-air-gapped-vault
- aurora-resources-protected-by-Backup-Plan
- autoscaling-capacity-rebalancing
- autoscaling-group-elb-healthcheck-erforderlich
- autoscaling-launchconfig-requires-imdsv2
- autoscaling-launch-config-hop-Grenze
- autoscaling-launch-template
- autoscaling-multiple-az
- autoscaling-multiple-instance-types
- backup-plan-min-frequency-and-min-retention-check
- backup-recovery-point-encrypted
- backup-recovery-point-manual-löschen-deaktiviert
- backup-recovery-point-minimum-Aufbewahrungsprüfung
- batch-compute-environment-tagged
- batch-job-queue-tagged
- batch-scheduling-policy-tagged
- beanstalk-logs-to-cloudwatch
- cassandra-keyspace-tagged
- clb-desync-mode-check
- clb-multiple-az
- cloudformation-stack-drift-detection-überprüfen
- cloudformation-stack-notification-check
- cloudfront-default-root-object-konfiguriert
- cloudfront-no-deprecated-ssl-protokolle
- cloudfront-origin-access-identity-aktiviert
- cloudfront-origin-failover-enabled
- Wolkenfront - 3 origin-access-control-enabled
- Wolkenfront - 3 origin-non-existent-bucket
- cloudfront-security-policy-check
- cloudfront-sni-enabled
- cloudfront-traffic-to-origin-verschlüsselt
- cloudfront-viewer-policy-https
- cloudtrail-all-read-s3- data-event-check
- cloudtrail-all-write-s3- data-event-check
- Wolkenspur-S3- bucket-access-logging
- Wolkenspur-S3- bucket-public-access-prohibited
- cloudtrail-s3-dataevents-enabled
- cloudtrail-security-trail-enabled
- cloudwatch-alarm-action-check
- cloudwatch-alarm-action-enabled-überprüfen
- cloudwatch-alarm-resource-check
- cloudwatch-alarm-settings-check
- cloudwatch-log-group-encrypted
- cloud-trail-cloud-watch-logs-aktiviert
- cloudtrail-enabled
- cloud-trail-encryption-enabled
- cloud-trail-log-file-validierung aktiviert
- cmk-backing-key-rotation-aktiviert
- codebuild-project-artifact-encryption
- codebuild-project-environment-privileged-überprüfen
- codebuild-project-envvar-awscred-überprüfen
- codebuild-project-logging-enabled
- codebuild-project-s3-log-verschlüsselt
- codebuild-project-source-repo-URL-Prüfung
- codebuild-report-group-encrypted-im Ruhezustand
- codedeploy-auto-rollback-monitor-aktiviert
- codedeploy-ec2- minimum-healthy-hosts-configured
- codedeploy-lambda-allatonce-traffic-shift-deaktiviert
- codeguruprofiler-profiling-group-tagged
- codegurureviewer-repository-association-tagged
- codepipeline-deployment-count-check
- codepipeline-region-fanout-check
- cognito-user-pool-advanced-sicherheitsaktiviert
- customerprofiles-object-type-tagged
- custom-eventbus-policy-attached
- custom-schema-registry-policy-angehängt
- cw-loggroup-retention-period-überprüfen
- datasync-task-logging-enabled
- dax-encryption-enabled
- dax-tls-endpoint-encryption
- db-instance-backup-enabled
- desired-instance-tenancy
- desired-instance-type
- dms-auto-minor-version-Upgrade-Check
- dms-endpoint-ssl-configured
- dms-mongo-db-authentication-aktiviert
- dms-neptune-iam-authorization-aktiviert
- dms-redis-tls-enabled
- dms-replication-not-public
- dms-replication-task-sourcedb-Protokollierung
- dms-replication-task-targetdb-Protokollierung
- docdb-cluster-audit-logging-aktiviert
- docdb-cluster-backup-retention-überprüfen
- docdb-cluster-deletion-protection-aktiviert
- docdb-cluster-encrypted
- docdb-cluster-snapshot-public-verboten
- dynamodb-autoscaling-enabled
- dynamodb-in-backup-plan
- dynamodb-last-backup-recovery-Punkt-erstellt
- dynamodb-meets-restore-time-ziel
- dynamodb-pitr-enabled
- dynamodb-resources-protected-by-Backup-Plan
- dynamodb-table-deletion-protection-aktiviert
- dynamodb-table-encrypted-kms
- dynamodb-table-encryption-enabled
- dynamodb-throughput-limit-check
- ebs-in-backup-plan
- ebs-last-backup-recovery-Punkt-erstellt
- ebs-meets-restore-time-ziel
- ebs-optimized-instance
- ebs-resources-in-logically-air-gapped-vault
- ebs-resources-protected-by-Backup-Plan
- ebs-snapshot-public-restorable-überprüfen
- ec2- aktiviert client-vpn-connection-log
- ec2- -alle client-vpn-not-authorize
- ec2- ebs-encryption-by-default
- ec2-imdsv2-check
- ec2- instance-detailed-monitoring-enabled
- ec2-manager instance-managed-by-systems
- ec2- instance-no-public-ip
- ec2- erstellt last-backup-recovery-point
- ec2-2-check launch-template-imdsv
- ec2- deaktiviert launch-template-public-ip
- ec2- managedinstance-applications-blacklisted
- ec2- managedinstance-applications-required
- ec2-prüfen managedinstance-association-compliance-status
- ec2- managedinstance-inventory-blacklisted
- ec2-prüfen managedinstance-patch-compliance-status
- ec2- managedinstance-platform-check
- ec2- meets-restore-time-target
- ec2- no-amazon-key-pair
- ec2- paravirtual-instance-check
- ec2-Gapped-Tresor resources-in-logically-air
- ec2-plan resources-protected-by-backup
- ec2-eni security-group-attached-to
- ec2- security-group-attached-to -einperiodisch
- ec2-stopped-instance
- ec2- token-hop-limit-check
- ec2- transit-gateway-auto-vpc -attach-deaktiviert
- ec2- volume-inuse-check
- ec2- vpn-connection-logging-enabled
- ecr-private-image-scanning-aktiviert
- ecr-private-lifecycle-policy-konfiguriert
- ecr-private-tag-immutability-aktiviert
- ecr-repository-lifecycle-policy-konfiguriert
- ecs-awsvpc-networking-enabled
- ecs-containers-nonprivileged
- ecs-containers-readonly-access
- ecs-container-insights-enabled
- ecs-fargate-latest-platform-Ausführung
- ecs-no-environment-secrets
- ecs-task-definition-log-Konfiguration
- ecs-task-definition-memory-hartes Limit
- ecs-task-definition-nonroot-benutzer
- ecs-task-definition-pid-Modusprüfung
- ecs-task-definition-user-for-host-mode-check
- efs-access-point-enforce-root-Verzeichnis
- efs-access-point-enforce-Benutzeridentität
- efs-automatic-backups-enabled
- efs-encrypted-check
- efs-filesystem-ct-encrypted
- efs-in-backup-plan
- efs-last-backup-recovery-Punkt-erstellt
- efs-meets-restore-time-ziel
- efs-mount-target-public-zugänglich
- efs-resources-in-logically-air-gapped-vault
- efs-resources-protected-by-Backup-Plan
- eip-attached
- eks-cluster-logging-enabled
- eks-cluster-log-enabled
- eks-cluster-oldest-supported-Ausführung
- eks-cluster-secrets-encrypted
- eks-cluster-supported-version
- eks-endpoint-no-public-Zugang
- eks-secrets-encrypted
- elasticache-auto-minor-version-Upgrade-Check
- elasticache-rbac-auth-enabled
- elasticache-redis-cluster-automatic-Backup-Check
- elasticache-repl-grp-auto-Failover-fähig
- elasticache-repl-grp-encrypted-im Ruhezustand
- elasticache-repl-grp-encryptedim Transit
- elasticache-repl-grp-redis-auth-aktiviert
- elasticache-subnet-group-check
- elasticache-supported-engine-version
- elasticsearch-encrypted-at-rest
- elasticsearch-in-vpc-only
- elasticsearch-logs-to-cloudwatch
- elasticsearch-node-to-node-Verschlüsselungsprüfung
- elasticsearch-update-check
- elbv2-multiple-az
- elb-acm-certificate-required
- elb-cross-zone-load-Balancing aktiviert
- elb-custom-security-policy-ssl-Prüfung
- elb-deletion-protection-enabled
- elb-logging-enabled
- elb-predefined-security-policy-ssl-Prüfung
- elb-tls-https-listeners-nur
- emr-block-public-access
- emr-kerberos-enabled
- emr-master-no-public-ip
- emr-security-configuration-encryption-ausruhen
- emr-security-configuration-encryption-Transit
- encrypted-volumes
- evidently-launch-description
- evidently-launch-tagged
- evidently-project-description
- evidently-project-tagged
- evidently-segment-description
- evidently-segment-tagged
- fms-shield-resource-policy-überprüfen
- fms-webacl-resource-policy-überprüfen
- fms-webacl-rulegroup-association-überprüfen
- frauddetector-entity-type-tagged
- frauddetector-label-tagged
- frauddetector-outcome-tagged
- frauddetector-variable-tagged
- fsx-last-backup-recovery-Punkt-erstellt
- fsx-lustre-copy-tagszu Backups
- fsx-meets-restore-time-ziel
- fsx-openzfs-copy-tags-aktiviert
- fsx-resources-protected-by-Backup-Plan
- fsx-windows-audit-log-konfiguriert
- global-endpoint-event-replication-aktiviert
- glue-job-logging-enabled
- glue-ml-transform-encrypted-im Ruhezustand
- guardduty-eks-protection-audit-aktiviert
- guardduty-eks-protection-runtime-aktiviert
- guardduty-enabled-centralized
- guardduty-lambda-protection-enabled
- guardduty-malware-protection-enabled
- guardduty-non-archived-findings
- guardduty-rds-protection-enabled
- GuardDuty-S3-Schutz aktiviert
- iam-customer-policy-blocked-kms-Aktionen
- iam-external-access-analyzer-aktiviert
- iam-group-has-users-überprüfen
- iam-inline-policy-blocked-KMS-Aktionen
- iam-no-inline-policy-überprüfen
- iam-password-policy
- iam-policy-blacklisted-check
- iam-policy-in-use
- iam-policy-no-statements-with-admin-access
- iam-role-managed-policy-überprüfen
- iam-root-access-key-überprüfen
- iam-server-certificate-expiration-überprüfen
- iam-user-group-membership-überprüfen
- iam-user-mfa-enabled
- iam-user-no-policies-überprüfen
- iam-user-unused-credentials-überprüfen
- restricted-ssh
- inspector-ec2-Scan aktiviert
- inspector-ecr-scan-enabled
- inspector-lambda-code-scan-aktiviert
- inspector-lambda-standard-scan-aktiviert
- ec2- instances-in-vpc
- internet-gateway-authorized-vpc-nur
- iotevents-alarm-model-tagged
- iotevents-detector-model-tagged
- iotevents-input-tagged
- iotsitewise-asset-model-tagged
- iotsitewise-dashboard-tagged
- iotsitewise-gateway-tagged
- iotsitewise-portal-tagged
- iotsitewise-project-tagged
- iottwinmaker-entity-tagged
- iottwinmaker-scene-tagged
- iottwinmaker-sync-job-tagged
- iottwinmaker-workspace-tagged
- iotwireless-fuota-task-tagged
- iotwireless-multicast-group-tagged
- iotwireless-service-profile-tagged
- iot-authorizer-token-signing-aktiviert
- ivs-channel-tagged
- ivs-playback-key-pair-markiert
- ivs-recording-configuration-tagged
- kinesis-firehose-delivery-stream-verschlüsselt
- kinesis-stream-backup-retention-überprüfen
- kinesis-stream-encrypted
- kms-cmk-not-scheduled-zum Löschen
- kms-key-policy-no-öffentlich zugänglich
- lambda-concurrency-check
- lambda-dlq-check
- lambda-function-public-access-verboten
- lambda-function-settings-check
- lambda-inside-vpc
- lambda-vpc-multi-az-überprüfen
- macie-auto-sensitive-data-Discovery-Check
- macie-status-check
- mfa-enabled-for-iam-Konsolenzugriff
- mq-active-deployment-mode
- mq-automatic-minor-version-upgrade-fähig
- mq-auto-minor-version-upgrade-fähig
- mq-cloudwatch-audit-logging-aktiviert
- mq-cloudwatch-audit-log-aktiviert
- mq-no-public-access
- mq-rabbit-deployment-mode
- msk-enhanced-monitoring-enabled
- msk-in-cluster-node-TLS erforderlich
- multi-region-cloudtrail-enabled
- nacl-no-unrestricted-ssh-rdp
- neptune-cluster-backup-retention-überprüfen
- neptune-cluster-cloudwatch-log-exportfähig
- neptune-cluster-copy-tags-to-snapshot-enabled
- neptune-cluster-deletion-protection-aktiviert
- neptune-cluster-encrypted
- neptune-cluster-iam-database-Authentifizierung
- neptune-cluster-multi-az-aktiviert
- neptune-cluster-snapshot-encrypted
- neptune-cluster-snapshot-public-verboten
- netfw-deletion-protection-enabled
- netfw-logging-enabled
- netfw-multi-az-enabled
- netfw-policy-default-action-fragment-Pakete
- netfw-policy-default-action-vollständige Pakete
- netfw-policy-rule-group-assoziiert
- netfw-stateless-rule-group-nicht leer
- nlb-internal-scheme-check
- opensearch-access-control-enabled
- opensearch-audit-logging-enabled
- opensearch-data-node-fault-Toleranz
- opensearch-encrypted-at-rest
- opensearch-https-required
- opensearch-in-vpc-only
- opensearch-logs-to-cloudwatch
- opensearch-node-to-node-Verschlüsselungsprüfung
- opensearch-primary-node-fault-Toleranz
- opensearch-update-check
- rabbit-mq-supported-version
- rds-aurora-mysql-audit-Protokollierung aktiviert
- rds-aurora-postgresql-logs-zu-Cloud-Watch
- rds-cluster-auto-minor-version-upgrade-enable
- rds-cluster-default-admin-überprüfen
- rds-cluster-deletion-protection-aktiviert
- rds-cluster-encrypted-at-ausruhen
- rds-db-security-group-nicht erlaubt
- rds-enhanced-monitoring-enabled
- rds-instance-default-admin-überprüfen
- rds-instance-deletion-protection-aktiviert
- rds-instance-iam-authentication-aktiviert
- rds-instance-public-access-überprüfen
- rds-in-backup-plan
- rds-last-backup-recovery-Punkt-erstellt
- rds-logging-enabled
- rds-meets-restore-time-ziel
- rds-multi-az-support
- rds-mysql-instance-encryptedim Transit
- rds-postgresql-logs-to-Wolkenbeobachtung
- rds-postgres-instance-encryptedim Transit
- rds-resources-protected-by-Backup-Plan
- rds-snapshots-public-prohibited
- rds-snapshot-encrypted
- rds-sql-server-logs-zu-Cloud-Watch
- rds-storage-encrypted
- redshift-backup-enabled
- redshift-cluster-configuration-check
- redshift-cluster-maintenancesettings-check
- redshift-cluster-public-access-überprüfen
- redshift-cluster-subnet-group-Multi-AZ
- redshift-default-admin-check
- redshift-default-db-name-überprüfen
- redshift-require-tls-ssl
- redshift-unrestricted-port-access
- required-tags
- restricted-common-ports
- root-account-hardware-mfa-aktiviert
- root-account-mfa-enabled
- Route 53- query-logging-enabled
- nur s3 access-point-in-vpc -
- access-point-public-accesss3-Blöcke
- account-level-public-accesss3-Blöcke
- account-level-public-accesss3-Blöcke-periodisch
- s-3 bucket-acl-prohibited
- s-3 bucket-blacklisted-actions-prohibited
- bucket-cross-region-replications3-fähig
- s-3 bucket-default-lock-enabled
- s-3 bucket-logging-enabled
- s-3 bucket-policy-grantee-check
- bucket-policy-not-mores3-permissiv
- s-3 bucket-public-read-prohibited
- s-3 bucket-public-write-prohibited
- s-3 bucket-replication-enabled
- bucket-server-side-encryptions3-fähig
- s-3 bucket-ssl-requests-only
- s-3 bucket-versioning-enabled
- s-3 default-encryption-kms
- s-3 event-notifications-enabled
- s3 last-backup-recovery-point - erstellt
- s-3 meets-restore-time-target
- resources-in-logically-airS3-Gapped-Tresor
- resources-protected-by-backups3-plan
- s-3 version-lifecycle-policy-check
- sagemaker-domain-in-vpc
- sagemaker-endpoint-configuration-kms-schlüsselkonfiguriert
- sagemaker-endpoint-config-prod-Instanzenanzahl
- sagemaker-model-in-vpc
- sagemaker-model-isolation-enabled
- sagemaker-notebook-instance-inside-vpc
- sagemaker-notebook-instance-kms-schlüsselkonfiguriert
- sagemaker-notebook-instance-root-Zugriffsprüfung
- sagemaker-notebook-no-direct-Internetzugang
- secretsmanager-rotation-enabled-check
- secretsmanager-scheduled-rotation-success-überprüfen
- secretsmanager-secret-periodic-rotation
- securityhub-enabled
- security-account-information-provided
- service-catalog-shared-within-Organisation
- service-vpc-endpoint-enabled
- ses-malware-scanning-enabled
- shield-advanced-enabled-autorenew
- shield-drt-access
- sns-encrypted-kms
- sns-topic-message-delivery-Benachrichtigung aktiviert
- sns-topic-no-public-Zugang
- ssm-document-not-public
- step-functions-state-machine-Protokollierung aktiviert
- storagegateway-last-backup-recovery-Punkt-erstellt
- storagegateway-resources-in-logically-air-gapped-vault
- storagegateway-resources-protected-by-Backup-Plan
- transfer-family-server-no-ftp
- virtualmachine-last-backup-recovery-Punkt-erstellt
- virtualmachine-resources-in-logically-air-gapped-vault
- virtualmachine-resources-protected-by-Backup-Plan
- vpc-default-security-group-geschlossen
- vpc-endpoint-enabled
- vpc-flow-logs-enabled
- vpc-peering-dns-resolution-überprüfen
- vpc-sg-open-only-to-authorized-ports
- vpc-sg-port-restriction-überprüfen
- vpc-vpn-2-tunnels-up
- wafv2-logging-enabled
- WAF 2- rulegroup-logging-enabled
- WAF 2- rulegroup-not-empty
- WAF 2- webacl-not-empty
- waf-classic-logging-enabled
- waf-classic-regional-acl-Protokollierung aktiviert
- waf-classic-regional-rule-group-not-empty
- waf-global-rulegroup-not-leer
- waf-global-rule-not-leer
- waf-global-webacl-not-leer
- waf-regional-rulegroup-not-leer
- waf-regional-rule-not-leer
- waf-regional-webacl-not-leer
- workspaces-root-volume-encryption-aktiviert
- workspaces-user-volume-encryption-aktiviert