fms-security-groups-content-check - AWS Config



Checks if AWS Firewall Manager created security groups content is the same as the master security groups. コンテンツが一致しない場合、ルールは NON_COMPLIANT です。


Only AWS Firewall Manager can create this rule.


Trigger type: 設定変更

AWS Region: All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Osaka) Region


タイプ: 文字列

Comma-separated list of VPC ids in the account.

タイプ: 文字列

Comma-separated list of security groups IDs created by AWS Firewall Manager in every VPC in the account. Sorted by VPC ids.

タイプ: ブール値

If true, AWS Firewall Manager will update non-compliant resources according to FMS policy. AWS Config ignores this parameter when customer creates this rule.

タイプ: ブール値

If true, AWS Firewall Manager will check the security groups in the securityGroupsIds parameter.

masterSecurityGroupsIds (Optional)
タイプ: 文字列

This parameter only applies to AWS Firewall Manager admin account. Comma-separated list of master security groups id in AWS Firewall manager admin account. Rule will check if the AWS Firewall manager created security groups in the account are same as the master security groups.

AWS CloudFormation テンプレート

To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.