fms-security-groups-resource-association-check - AWS Config

翻訳は機械翻訳により提供されています。提供された翻訳内容と英語版の間で齟齬、不一致または矛盾がある場合、英語版が優先します。

fms-security-groups-resource-association-check

Checks if Amazon EC2 or an elastic network interface is associated with AWS Firewall Manager security groups. リソースが FMS セキュリティグループに関連付けられていない場合、ルールは NON_COMPLIANT です。

注記

Only AWS Firewall Manager can create this rule.

Identifier: FMS_SECURITY_GROUP_RESOURCE_ASSOCIATION_CHECK

Trigger type: 設定変更

AWS Region: All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Osaka) Region

パラメータ:

vpcIds
タイプ: 文字列

Comma-separated list of VPC ids in the account.

securityGroupsIds
タイプ: 文字列

Comma-separated list of security groups IDs created by AWS Firewall Manager in every VPC in the account. Sorted by VPC.

resourceTags
タイプ: 文字列

The resource tags (EC2 Instance or Elastic Network Interface or ALB or ELB) that the rule should be associated with. (for example, { "tagKey1" : ["tagValue1"], "tagKey2" : ["tagValue2", "tagValue3"] }

excludeResourceTags
タイプ: ブール値

true の場合、resourceTags に一致するリソースを除外します。

resourceTypes
タイプ: 文字列

The resource type supported by this rule. Can be EC2 Instance or Elastic Network Interface or ALB or ELB.

fmsRemediationEnabled
タイプ: ブール値

If true, AWS Firewall Manager will update non-compliant resources according to FMS policy. AWS Config ignores this parameter when customer creates this rule.

exclusiveResourceSecurityGroupManagementFlag
タイプ: ブール値

Only allow AWS Firewall Manager created security groups associate with resource if this flag set to true.

applyToAllEC2InstanceENIs (Optional)
タイプ: ブール値

If true, AWS Firewall Manager will enforce the policy on all ENIs on EC2 Instance. Otherwise AWS Firewall Manager enforce the policy on default ENI on EC2 Instance.

AWS CloudFormation テンプレート

To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.