Les traductions sont fournies par des outils de traduction automatique. En cas de conflit entre le contenu d'une traduction et celui de la version originale en anglais, la version anglaise prévaudra.
Liste des règles AWS Config gérées
AWS Config prend actuellement en charge les règles gérées suivantes.
Note
Les valeurs par défaut spécifiées pour les règles gérées sont préremplies uniquement lors de l'utilisation de la AWS console. Les valeurs par défaut ne sont pas fournies pour l'API, la CLI ou le kit SDK.
Rubriques
- access-keys-rotated
- account-part-of-organizations
- acm-certificate-expiration-check
- acm-certificate-rsa-check
- acm-pca-root-ca-handicapé
- alb-desync-mode-check
- alb-http-drop-invalid-activé par en-tête
- alb-http-to-https-vérification de redirection
- alb-waf-enabled
- api-gwv2- access-logs-enabled
- api-gwv2- authorization-type-configured
- api-gw-associated-with-guerre
- api-gw-cache-enabledet crypté
- api-gw-endpoint-type-vérifier
- api-gw-execution-logging-activé
- api-gw-ssl-enabled
- api-gw-xray-enabled
- approved-amis-by-id
- approved-amis-by-tag
- appsync-associated-with-waf
- appsync-authorization-check
- appsync-cache-encryption-at-repos
- appsync-logging-enabled
- athena-workgroup-encrypted-at-repos
- aurora-last-backup-recovery-point créé
- aurora-meets-restore-time-cible
- aurora-mysql-backtracking-enabled
- aurora-resources-protected-by-plan de sauvegarde
- autoscaling-capacity-rebalancing
- autoscaling-group-elb-healthcheck-obligatoire
- autoscaling-launchconfig-requires-imdsv2
- autoscaling-launch-config-hop-limite
- autoscaling-launch-config-public-IP désactivé
- autoscaling-launch-template
- autoscaling-multiple-az
- autoscaling-multiple-instance-types
- backup-plan-min-frequency-and-min-retention-check
- backup-recovery-point-encrypted
- backup-recovery-point-manual-suppression désactivée
- backup-recovery-point-minimum-contrôle de rétention
- beanstalk-enhanced-health-reporting-activé
- clb-desync-mode-check
- clb-multiple-az
- cloudformation-stack-drift-detection-vérifier
- cloudformation-stack-notification-check
- cloudfront-accesslogs-enabled
- cloudfront-associated-with-waf
- cloudfront-custom-ssl-certificate
- cloudfront-default-root-object-configuré
- cloudfront-no-deprecated-ssl-protocoles
- cloudfront-origin-access-identity-activé
- cloudfront-origin-failover-enabled
- cloudfront-s3- origin-access-control-enabled
- cloudfront-s3- origin-non-existent-bucket
- cloudfront-security-policy-check
- cloudfront-sni-enabled
- cloudfront-traffic-to-origin-crypté
- cloudfront-viewer-policy-https
- cloudtrail-s3-dataevents-enabled
- cloudtrail-security-trail-enabled
- cloudwatch-alarm-action-check
- cloudwatch-alarm-action-enabled-vérifier
- cloudwatch-alarm-resource-check
- cloudwatch-alarm-settings-check
- cloudwatch-log-group-encrypted
- cloud-trail-cloud-watch-activé pour les journaux
- cloudtrail-enabled
- cloud-trail-encryption-enabled
- cloud-trail-log-file-activé pour la validation
- cmk-backing-key-rotation-activé
- codebuild-project-artifact-encryption
- codebuild-project-environment-privileged-vérifier
- codebuild-project-envvar-awscred-vérifier
- codebuild-project-logging-enabled
- codebuild-project-sChiffré à 3 journaux
- codebuild-project-source-repo-vérification de l'URL
- codedeploy-auto-rollback-monitor-activé
- codedeploy-ec2- minimum-healthy-hosts-configured
- codedeploy-lambda-allatonce-traffic-shift-disabled
- codepipeline-deployment-count-check
- codepipeline-region-fanout-check
- custom-eventbus-policy-attached
- custom-schema-registry-policy-attaché
- cw-loggroup-retention-period-vérifier
- dax-encryption-enabled
- dax-tls-endpoint-encryption
- db-instance-backup-enabled
- desired-instance-tenancy
- desired-instance-type
- dms-auto-minor-version-vérification de mise à niveau
- dms-endpoint-ssl-configured
- dms-mongo-db-authentication-activé
- dms-neptune-iam-authorization-activé
- dms-redis-tls-enabled
- dms-replication-not-public
- dms-replication-task-sourcedb-journalisation
- dms-replication-task-targetdb-journalisation
- docdb-cluster-audit-logging-activé
- docdb-cluster-backup-retention-vérifier
- docdb-cluster-deletion-protection-activé
- docdb-cluster-encrypted
- docdb-cluster-snapshot-public-interdit
- dynamodb-autoscaling-enabled
- dynamodb-in-backup-plan
- dynamodb-last-backup-recovery-point créé
- dynamodb-meets-restore-time-cible
- dynamodb-pitr-enabled
- dynamodb-resources-protected-by-plan de sauvegarde
- dynamodb-table-deletion-protection-activé
- dynamodb-table-encrypted-kms
- dynamodb-table-encryption-enabled
- dynamodb-throughput-limit-check
- ebs-in-backup-plan
- ebs-last-backup-recovery-point créé
- ebs-meets-restore-time-cible
- ebs-optimized-instance
- ebs-resources-protected-by-plan de sauvegarde
- ebs-snapshot-public-restorable-vérifier
- compatible avec ec2 client-vpn-connection-log
- ec2- -all client-vpn-not-authorize
- ec2- ebs-encryption-by-default
- ec2-imdsv2-check
- ec2- instance-detailed-monitoring-enabled
- ec2- -manager instance-managed-by-systems
- ec2- instance-multiple-eni-check
- ec2- instance-no-public-ip
- ec2- instance-profile-attached
- ec2- créé last-backup-recovery-point
- ec2- -désactivé launch-template-public-ip
- ec2- managedinstance-applications-blacklisted
- ec2- managedinstance-applications-required
- ec2- -check managedinstance-association-compliance-status
- ec2- managedinstance-inventory-blacklisted
- ec2- -check managedinstance-patch-compliance-status
- ec2- managedinstance-platform-check
- ec2- meets-restore-time-target
- ec2- no-amazon-key-pair
- ec2- paravirtual-instance-check
- plan ec2 resources-protected-by-backup
- ec2- -eni security-group-attached-to
- ec2- -eni-périodique security-group-attached-to
- ec2-stopped-instance
- ec2- token-hop-limit-check
- ec2- -attach-disabled transit-gateway-auto-vpc
- ec2- volume-inuse-check
- ecr-private-image-scanning-activé
- ecr-private-lifecycle-policy-configuré
- ecr-private-tag-immutability-activé
- ecs-awsvpc-networking-enabled
- ecs-containers-nonprivileged
- ecs-containers-readonly-access
- ecs-container-insights-enabled
- ecs-fargate-latest-platform-version
- ecs-no-environment-secrets
- ecs-task-definition-log-configuration
- ecs-task-definition-memory-limite stricte
- ecs-task-definition-nonroot-utilisateur
- ecs-task-definition-pid-vérification du mode
- ecs-task-definition-user-for-host-mode-check
- efs-access-point-enforce-répertoire racine
- efs-access-point-enforce-identité de l'utilisateur
- efs-encrypted-check
- efs-in-backup-plan
- efs-last-backup-recovery-point créé
- efs-meets-restore-time-cible
- efs-mount-target-public-accessible
- efs-resources-protected-by-plan de sauvegarde
- eip-attached
- eks-cluster-logging-enabled
- eks-cluster-log-enabled
- eks-cluster-oldest-supported-version
- eks-cluster-secrets-encrypted
- eks-cluster-supported-version
- eks-endpoint-no-public-accès
- eks-secrets-encrypted
- elasticache-auto-minor-version-vérification de mise à niveau
- elasticache-rbac-auth-enabled
- elasticache-redis-cluster-automatic-vérification des sauvegardes
- elasticache-repl-grp-auto-compatible avec le basculement
- elasticache-repl-grp-encrypted-au repos
- elasticache-repl-grp-encrypted-en transit
- elasticache-repl-grp-redis-auth activé
- elasticache-subnet-group-check
- elasticache-supported-engine-version
- elasticsearch-encrypted-at-rest
- elasticsearch-in-vpc-only
- elasticsearch-logs-to-cloudwatch
- elasticsearch-node-to-node-vérification du chiffrement
- elastic-beanstalk-logs-to- montre cloud
- elastic-beanstalk-managed-updates-activé
- elbv2- acm-certificate-required
- elbv2-multiple-az
- elb-acm-certificate-required
- elb-cross-zone-load-activé pour l'équilibrage
- elb-custom-security-policy-vérification SSL
- elb-deletion-protection-enabled
- elb-logging-enabled
- elb-predefined-security-policy-vérification SSL
- elb-tls-https-listeners-uniquement
- emr-block-public-access
- emr-kerberos-enabled
- emr-master-no-public-IP
- encrypted-volumes
- fms-shield-resource-policy-vérifier
- fms-webacl-resource-policy-vérifier
- fms-webacl-rulegroup-association-vérifier
- fsx-last-backup-recovery-point créé
- fsx-lustre-copy-tagsà des sauvegardes
- fsx-meets-restore-time-cible
- fsx-openzfs-copy-tags-activé
- fsx-resources-protected-by-plan de sauvegarde
- fsx-windows-audit-log-configuré
- global-endpoint-event-replication-activé
- guardduty-enabled-centralized
- guardduty-non-archived-findings
- iam-customer-policy-blocked-kms-actions
- iam-group-has-users-vérifier
- iam-inline-policy-blocked-kms-actions
- iam-no-inline-policy-vérifier
- iam-password-policy
- iam-policy-blacklisted-check
- iam-policy-in-use
- iam-policy-no-statements-with-admin-access
- iam-policy-no-statements-with-full-access
- iam-role-managed-policy-vérifier
- iam-root-access-key-vérifier
- iam-user-group-membership-vérifier
- iam-user-mfa-enabled
- iam-user-no-policies-vérifier
- iam-user-unused-credentials-vérifier
- restricted-ssh
- ec2- instances-in-vpc
- internet-gateway-authorized-vpc-uniquement
- kinesis-firehose-delivery-stream-crypté
- kinesis-stream-encrypted
- kms-cmk-not-scheduled-pour suppression
- lambda-concurrency-check
- lambda-dlq-check
- lambda-function-public-access-interdit
- lambda-function-settings-check
- lambda-inside-vpc
- lambda-vpc-multi-az-vérifier
- macie-auto-sensitive-data-découvre-check
- macie-status-check
- mfa-enabled-for-iam-accès à la console
- mq-active-deployment-mode
- mq-automatic-minor-version-activé pour la mise à niveau
- mq-auto-minor-version-activé pour la mise à niveau
- mq-cloudwatch-audit-logging-activé
- mq-cloudwatch-audit-log-activé
- mq-no-public-access
- mq-rabbit-deployment-mode
- msk-enhanced-monitoring-enabled
- msk-in-cluster-node-require-tls
- multi-region-cloudtrail-enabled
- nacl-no-unrestricted-ssh-rdp
- neptune-cluster-backup-retention-vérifier
- neptune-cluster-cloudwatch-log-compatible avec l'exportation
- neptune-cluster-copy-tags-to-snapshot-enabled
- neptune-cluster-deletion-protection-activé
- neptune-cluster-encrypted
- neptune-cluster-iam-database-authentification
- neptune-cluster-multi-az-activé
- neptune-cluster-snapshot-encrypted
- neptune-cluster-snapshot-public-interdit
- netfw-deletion-protection-enabled
- netfw-logging-enabled
- netfw-multi-az-enabled
- netfw-policy-default-action-paquets de fragments
- netfw-policy-default-action-paquets complets
- netfw-policy-rule-group-associé
- netfw-stateless-rule-group-non vide
- nlb-cross-zone-load-activé pour l'équilibrage
- no-unrestricted-route-to-igw
- opensearch-access-control-enabled
- opensearch-audit-logging-enabled
- opensearch-data-node-fault-tolérance
- opensearch-encrypted-at-rest
- opensearch-https-required
- opensearch-in-vpc-only
- opensearch-logs-to-cloudwatch
- opensearch-node-to-node-vérification du chiffrement
- opensearch-primary-node-fault-tolérance
- opensearch-update-check
- rds-aurora-mysql-audit-activé pour la journalisation
- rds-automatic-minor-version-activé pour la mise à niveau
- rds-cluster-auto-minor-version-upgrade-enable
- rds-cluster-default-admin-vérifier
- rds-cluster-deletion-protection-activé
- rds-cluster-encrypted-at-repos
- rds-cluster-iam-authentication-activé
- rds-cluster-multi-az-activé
- rds-db-security-group-non autorisé
- rds-enhanced-monitoring-enabled
- rds-instance-default-admin-vérifier
- rds-instance-deletion-protection-activé
- rds-instance-iam-authentication-activé
- rds-instance-public-access-vérifier
- rds-in-backup-plan
- rds-last-backup-recovery-point créé
- rds-logging-enabled
- rds-meets-restore-time-cible
- rds-multi-az-support
- rds-resources-protected-by-plan de sauvegarde
- rds-snapshots-public-prohibited
- rds-snapshot-encrypted
- rds-storage-encrypted
- redshift-audit-logging-enabled
- redshift-backup-enabled
- redshift-cluster-configuration-check
- redshift-cluster-kms-enabled
- redshift-cluster-maintenancesettings-check
- redshift-cluster-public-access-vérifier
- redshift-default-admin-check
- redshift-default-db-name-vérifier
- redshift-enhanced-vpc-routing-activé
- redshift-require-tls-ssl
- required-tags
- restricted-common-ports
- root-account-hardware-mfa-activé
- root-account-mfa-enabled
- itinéraire 53- query-logging-enabled
- s3 access-point-in-vpc - uniquement
- blocs s3 access-point-public-access -
- blocs s3 account-level-public-access -
- s3- account-level-public-access -blocs-périodique
- s3- bucket-acl-prohibited
- s3- bucket-blacklisted-actions-prohibited
- compatible avec bucket-cross-region-replication s3
- s3- bucket-default-lock-enabled
- s3- bucket-level-public-access -interdit
- s3- bucket-logging-enabled
- s3- bucket-mfa-delete-enabled
- s3- bucket-policy-grantee-check
- s3- bucket-policy-not-more -permissif
- s3- bucket-public-read-prohibited
- s3- bucket-public-write-prohibited
- s3- bucket-replication-enabled
- compatible s3 bucket-server-side-encryption -
- s3- bucket-ssl-requests-only
- s3- bucket-versioning-enabled
- s3- default-encryption-kms
- s3- event-notifications-enabled
- s3- last-backup-recovery-point -créé
- s3- lifecycle-policy-check
- s3- meets-restore-time-target
- plan resources-protected-by-backup s3
- s3- version-lifecycle-policy-check
- sagemaker-endpoint-configuration-kms-configuré par clé
- sagemaker-endpoint-config-prod-nombre d'instances
- sagemaker-notebook-instance-inside-vpc
- sagemaker-notebook-instance-kms-configuré par clé
- sagemaker-notebook-instance-root-contrôle d'accès
- sagemaker-notebook-no-direct-accès à Internet
- secretsmanager-rotation-enabled-check
- secretsmanager-scheduled-rotation-success-vérifier
- secretsmanager-secret-periodic-rotation
- secretsmanager-secret-unused
- secretsmanager-using-cmk
- securityhub-enabled
- security-account-information-provided
- service-catalog-shared-within-organisation
- service-vpc-endpoint-enabled
- ses-malware-scanning-enabled
- shield-advanced-enabled-autorenew
- shield-drt-access
- sns-encrypted-kms
- sns-topic-message-delivery-activé pour les notifications
- ssm-document-not-public
- step-functions-state-machine-activé pour la journalisation
- storagegateway-last-backup-recovery-point créé
- storagegateway-resources-protected-by-plan de sauvegarde
- subnet-auto-assign-public-IP désactivé
- transfer-family-server-no-ftp
- virtualmachine-last-backup-recovery-point créé
- virtualmachine-resources-protected-by-plan de sauvegarde
- vpc-default-security-group-fermé
- vpc-flow-logs-enabled
- vpc-network-acl-unused-vérifier
- vpc-peering-dns-resolution-vérifier
- vpc-sg-open-only-to-authorized-ports
- vpc-vpn-2-tunnels-up
- wafv2-logging-enabled
- wafv2- rulegroup-logging-enabled
- wafv2- rulegroup-not-empty
- wafv2- webacl-not-empty
- waf-classic-logging-enabled
- waf-global-rulegroup-not-vide
- waf-global-rule-not-vide
- waf-global-webacl-not-vide
- waf-regional-rulegroup-not-vide
- waf-regional-rule-not-vide
- waf-regional-webacl-not-vide