fms-security-groups-content-check - AWS Config

翻訳は機械翻訳により提供されています。提供された翻訳内容と英語版の間で齟齬、不一致または矛盾がある場合、英語版が優先します。

fms-security-groups-content-check

Checks if AWS Firewall Manager created security groups content is the same as the master security groups. コンテンツが一致しない場合、ルールは NON_COMPLIANT です。

注記

Only AWS Firewall Manager can create this rule.

Identifier: FMS_SECURITY_GROUP_CONTENT_CHECK

Trigger type: 設定変更

AWS Region: All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Osaka) Region

パラメータ:

vpcIds
タイプ: 文字列

Comma-separated list of VPC ids in the account.

securityGroupsIds
タイプ: 文字列

Comma-separated list of security groups IDs created by AWS Firewall Manager in every VPC in the account. Sorted by VPC ids.

fmsRemediationEnabled
タイプ: ブール値

If true, AWS Firewall Manager will update non-compliant resources according to FMS policy. AWS Config ignores this parameter when customer creates this rule.

revertManualSecurityGroupChangesFlag
タイプ: ブール値

If true, AWS Firewall Manager will check the security groups in the securityGroupsIds parameter.

masterSecurityGroupsIds (Optional)
タイプ: 文字列

This parameter only applies to AWS Firewall Manager admin account. Comma-separated list of master security groups id in AWS Firewall manager admin account. Rule will check if the AWS Firewall manager created security groups in the account are same as the master security groups.

AWS CloudFormation テンプレート

To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.