fms-security-groups-audit-policy-check - AWS Config

翻訳は機械翻訳により提供されています。提供された翻訳内容と英語版の間で齟齬、不一致または矛盾がある場合、英語版が優先します。

fms-security-groups-audit-policy-check

Checks if the security groups associated inScope resources are compliant with the master security groups at each rule level based on allowSecurityGroup and denySecurityGroup flag.

注記

Only AWS Firewall Manager can create this rule.

Identifier: FMS_SECURITY_GROUP_AUDIT_POLICY_CHECK

Trigger type: 設定変更

AWS Region: All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Osaka) Region

パラメータ:

masterSecurityGroupsIds
タイプ: 文字列

Comma-separated list of master Groups Ids. Rule will check if security groups associated in scope resource compliant with the master security groups at rule level.

inScope
タイプ: 文字列

If true, the config rule owner is in AWS FMS Security Group Audit policy scope.

resourceTags
タイプ: 文字列

The resource tags (EC2 Instance, Elastic Network Interface or Security Group) that the rule should be associated with. (for example, { "tagKey1" : ["tagValue1"], "tagKey2" : ["tagValue2", "tagValue3"] }

excludeResourceTags
タイプ: ブール値

true の場合、resourceTags に一致するリソースを除外します。

resourceTypes
タイプ: 文字列

The resource type supported by this rule. Can be EC2 Instance, Elastic Network Interface or Security Group.

fmsRemediationEnabled
タイプ: ブール値

If true, AWS Firewall Manager will update non-compliant resources according to FMS policy. AWS Config ignores this parameter when customer creates this rule.

allowSecurityGroup
タイプ: ブール値

If true, the rule will check to ensure that all the in-scope security groups are within (outside, if false) the reference security group's inbound/outbound rules.

AWS CloudFormation テンプレート

To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.