翻訳は機械翻訳により提供されています。提供された翻訳内容と英語版の間で齟齬、不一致または矛盾がある場合、英語版が優先します。
AWS Config マネージドルールのリスト
AWS Config は現在、次の マネージドルールをサポートしています。これらのルールを使用する前に、「」を参照してください考慮事項。
トピック
- access-keys-rotated
- account-part-of-organizations
- acm-certificate-expiration-check
- acm-certificate-rsa-check
- acm-pca-root-ca- 無効
- active-mq-supported-version
- alb-desync-mode-check
- alb-http-drop-invalidヘッダー対応
- alb-http-to-https-redirection-check
- alb-waf-enabled
- api-gwv2-access-logs-enabled
- api-gwv2-authorization-type-configured
- api-gw-associated-with-waf
- api-gw-cache-enabled暗号化済み
- api-gw-endpoint-type- チェック
- api-gw-execution-logging対応
- api-gw-ssl-enabled
- api-gw-xray-enabled
- appconfig-application-tagged
- appconfig-configuration-profile-tagged
- appconfig-environment-tagged
- appconfig-extension-association-tagged
- appmesh-gateway-route-tagged
- appmesh-mesh-tagged
- appmesh-route-tagged
- appmesh-virtual-gateway-tagged
- appmesh-virtual-node-tagged
- appmesh-virtual-router-tagged
- appmesh-virtual-service-tagged
- approved-amis-by-id
- approved-amis-by-tag
- appsync-associated-with-waf
- appsync-authorization-check
- appsync-cache-ct-encryption保管時の
- appsync-cache-ct-encryption転送中
- appsync-cache-encryption-at-rest
- appsync-logging-enabled
- athena-workgroup-encrypted-at-rest
- athena-workgroup-logging-enabled
- aurora-last-backup-recovery-point-created
- aurora-meets-restore-timeターゲット
- aurora-mysql-backtracking-enabled
- aurora-resources-in-logically-air-gapped-vault
- aurora-resources-protected-by-バックアップ計画
- autoscaling-capacity-rebalancing
- autoscaling-group-elb-healthcheck必須
- autoscaling-launchconfig-requires-imdsv2
- autoscaling-launch-config-hop- 制限
- autoscaling-launch-config-public-ip-disabled
- autoscaling-launch-template
- autoscaling-multiple-az
- autoscaling-multiple-instance-types
- backup-plan-min-frequency-and-min-retention-check
- backup-recovery-point-encrypted
- backup-recovery-point-manual削除が無効
- backup-recovery-point-minimum-保持チェック
- beanstalk-enhanced-health-reporting対応
- clb-desync-mode-check
- clb-multiple-az
- cloudformation-stack-drift-detection- チェック
- cloudformation-stack-notification-check
- cloudfront-accesslogs-enabled
- cloudfront-associated-with-waf
- cloudfront-custom-ssl-certificate
- cloudfront-default-root-object- 設定済み
- cloudfront-no-deprecated-sslプロトコル
- cloudfront-origin-access-identity対応
- cloudfront-origin-failover-enabled
- cloudfront-s3-origin-access-control-enabled
- cloudfront-s3-origin-non-existent-bucket
- cloudfront-security-policy-check
- cloudfront-sni-enabled
- cloudfront-traffic-to-origin暗号化
- cloudfront-viewer-policy-https
- cloudtrail-all-read-s3-data-event-check
- cloudtrail-all-write-s3-data-event-check
- cloudtrail-s3-bucket-access-logging
- cloudtrail-s3-bucket-public-access-prohibited
- cloudtrail-s3-dataevents-enabled
- cloudtrail-security-trail-enabled
- cloudwatch-alarm-action-check
- cloudwatch-alarm-action-enabled- チェック
- cloudwatch-alarm-resource-check
- cloudwatch-alarm-settings-check
- cloudwatch-log-group-encrypted
- cloud-trail-cloud-watch-logs-enabled
- cloudtrail-enabled
- cloud-trail-encryption-enabled
- cloud-trail-log-file- 検証が有効
- cmk-backing-key-rotation対応
- codebuild-project-artifact-encryption
- codebuild-project-environment-privileged- チェック
- codebuild-project-envvar-awscred- チェック
- codebuild-project-logging-enabled
- codebuild-project-s3 ログ暗号化
- codebuild-project-source-repo-url-check
- codebuild-report-group-encrypted保管中
- codedeploy-auto-rollback-monitor対応
- codedeploy-ec2-minimum-healthy-hosts-configured
- codedeploy-lambda-allatonce-trafficシフト無効
- codepipeline-deployment-count-check
- codepipeline-region-fanout-check
- cognito-user-pool-advanced-security-enabled
- custom-eventbus-policy-attached
- custom-schema-registry-policy-アタッチ済み
- cw-loggroup-retention-period- チェック
- datasync-task-logging-enabled
- dax-encryption-enabled
- dax-tls-endpoint-encryption
- db-instance-backup-enabled
- desired-instance-tenancy
- desired-instance-type
- dms-auto-minor-versionアップグレードチェック
- dms-endpoint-ssl-configured
- dms-mongo-db-authentication対応
- dms-neptune-iam-authorization対応
- dms-redis-tls-enabled
- dms-replication-not-public
- dms-replication-task-sourcedbログ記録
- dms-replication-task-targetdbログ記録
- docdb-cluster-audit-logging対応
- docdb-cluster-backup-retention- チェック
- docdb-cluster-deletion-protection対応
- docdb-cluster-encrypted
- docdb-cluster-snapshot-public禁止
- dynamodb-autoscaling-enabled
- dynamodb-in-backup-plan
- dynamodb-last-backup-recovery-point-created
- dynamodb-meets-restore-timeターゲット
- dynamodb-pitr-enabled
- dynamodb-resources-protected-by-バックアップ計画
- dynamodb-table-deletion-protection対応
- dynamodb-table-encrypted-kms
- dynamodb-table-encryption-enabled
- dynamodb-throughput-limit-check
- ebs-in-backup-plan
- ebs-last-backup-recovery-point-created
- ebs-meets-restore-timeターゲット
- ebs-optimized-instance
- ebs-resources-in-logically-air-gapped-vault
- ebs-resources-protected-by-バックアップ計画
- ebs-snapshot-public-restorable- チェック
- EC2 client-vpn-connection-log対応
- EC2-client-vpn-not-authorize-all
- EC2-ebs-encryption-by-default
- ec2-imdsv2-check
- EC2-instance-detailed-monitoring-enabled
- EC2instance-managed-by-systems--マネージャー
- EC2-instance-multiple-eni-check
- EC2-instance-no-public-ip
- EC2-instance-profile-attached
- EC2 last-backup-recovery-point作成
- ec2-launch-template-imdsv2-check
- ec2-launch-template-public-ip-disabled
- EC2-managedinstance-applications-blacklisted
- EC2-managedinstance-applications-required
- EC2 managedinstance-association-compliance-statusチェック
- EC2-managedinstance-inventory-blacklisted
- EC2 managedinstance-patch-compliance-statusチェック
- EC2-managedinstance-platform-check
- EC2-meets-restore-time-target
- EC2-no-amazon-key-pair
- EC2-paravirtual-instance-check
- ec2-resources-in-logically-air-gapped-vault
- EC2 resources-protected-by-backupプラン
- EC2security-group-attached-to--eni
- EC2-security-group-attached-to-eni-periodic
- ec2-stopped-instance
- EC2-token-hop-limit-check
- ec2-transit-gateway-auto-vpc-attach-disabled
- EC2-volume-inuse-check
- EC2-vpn-connection-logging-enabled
- ecr-private-image-scanning対応
- ecr-private-lifecycle-policy- 設定済み
- ecr-private-tag-immutability対応
- ecs-awsvpc-networking-enabled
- ecs-containers-nonprivileged
- ecs-containers-readonly-access
- ecs-container-insights-enabled
- ecs-fargate-latest-platformバージョン
- ecs-no-environment-secrets
- ecs-task-definition-log設定
- ecs-task-definition-memory-hard-limit
- ecs-task-definition-nonrootユーザー
- ecs-task-definition-pid-mode-check
- ecs-task-definition-user-for-host-mode-check
- efs-access-point-enforce-root-directory
- efs-access-point-enforce-ユーザー ID
- efs-automatic-backups-enabled
- efs-encrypted-check
- efs-filesystem-ct-encrypted
- efs-in-backup-plan
- efs-last-backup-recovery-point-created
- efs-meets-restore-timeターゲット
- efs-mount-target-publicアクセス可能
- efs-resources-in-logically-air-gapped-vault
- efs-resources-protected-by-バックアップ計画
- eip-attached
- eks-cluster-logging-enabled
- eks-cluster-log-enabled
- eks-cluster-oldest-supportedバージョン
- eks-cluster-secrets-encrypted
- eks-cluster-supported-version
- eks-endpoint-no-publicアクセス
- eks-secrets-encrypted
- elasticache-auto-minor-versionアップグレードチェック
- elasticache-rbac-auth-enabled
- elasticache-redis-cluster-automatic-backup-check
- elasticache-repl-grp-auto- フェイルオーバー対応
- elasticache-repl-grp-encrypted保管中の
- elasticache-repl-grp-encrypted転送中
- elasticache-repl-grp-redis-認証が有効
- elasticache-subnet-group-check
- elasticache-supported-engine-version
- elasticsearch-encrypted-at-rest
- elasticsearch-in-vpc-only
- elasticsearch-logs-to-cloudwatch
- elasticsearch-node-to-node暗号化チェック
- elastic-beanstalk-logs-to-cloudwatch
- elastic-beanstalk-managed-updates対応
- elbv2-acm-certificate-required
- elbv2-multiple-az
- elb-acm-certificate-required
- elb-cross-zone-load- バランシングが有効
- elb-custom-security-policy-ssl-check
- elb-deletion-protection-enabled
- elb-logging-enabled
- elb-predefined-security-policy-ssl-check
- elb-tls-https-listenersのみ
- emr-block-public-access
- emr-kerberos-enabled
- emr-master-no-public-ip
- encrypted-volumes
- evidently-launch-tagged
- evidently-project-tagged
- evidently-segment-tagged
- fms-shield-resource-policy- チェック
- fms-webacl-resource-policy- チェック
- fms-webacl-rulegroup-association- チェック
- frauddetector-entity-type-tagged
- frauddetector-label-tagged
- frauddetector-outcome-tagged
- frauddetector-variable-tagged
- fsx-last-backup-recovery-point-created
- fsx-lustre-copy-tagsからバックアップへ
- fsx-meets-restore-timeターゲット
- fsx-openzfs-copy-tags対応
- fsx-resources-protected-by-バックアップ計画
- fsx-windows-audit-log- 設定済み
- global-endpoint-event-replication対応
- glue-job-logging-enabled
- glue-ml-transform-encrypted保管中の
- guardduty-eks-protection-audit対応
- guardduty-eks-protection-runtime対応
- guardduty-enabled-centralized
- guardduty-lambda-protection-enabled
- guardduty-malware-protection-enabled
- guardduty-non-archived-findings
- guardduty-rds-protection-enabled
- guardduty-s3-protection-enabled
- iam-customer-policy-blocked-kms-actions
- iam-external-access-analyzer対応
- iam-group-has-users- チェック
- iam-inline-policy-blocked-kms-actions
- iam-no-inline-policy- チェック
- iam-password-policy
- iam-policy-blacklisted-check
- iam-policy-in-use
- iam-policy-no-statements-with-admin-access
- iam-policy-no-statements-with-full-access
- iam-role-managed-policy- チェック
- iam-root-access-key- チェック
- iam-server-certificate-expiration- チェック
- iam-user-group-membership- チェック
- iam-user-mfa-enabled
- iam-user-no-policies- チェック
- iam-user-unused-credentials- チェック
- restricted-ssh
- inspector-ec2-scan-enabled
- inspector-ecr-scan-enabled
- inspector-lambda-code-scan対応
- inspector-lambda-standard-scan対応
- EC2-instances-in-vpc
- internet-gateway-authorized-vpcのみ
- iotsitewise-asset-model-tagged
- iotsitewise-dashboard-tagged
- iotsitewise-gateway-tagged
- iotsitewise-portal-tagged
- iotsitewise-project-tagged
- kinesis-firehose-delivery-stream暗号化
- kinesis-stream-backup-retention- チェック
- kinesis-stream-encrypted
- kms-cmk-not-scheduled削除対象
- kms-key-policy-noパブリックアクセス
- lambda-concurrency-check
- lambda-dlq-check
- lambda-function-public-access禁止
- lambda-function-settings-check
- lambda-inside-vpc
- lambda-vpc-multi-az- チェック
- macie-auto-sensitive-data-検出-チェック
- macie-status-check
- mfa-enabled-for-iamコンソールアクセス
- mq-active-deployment-mode
- mq-automatic-minor-version- アップグレード対応
- mq-auto-minor-version- アップグレード対応
- mq-cloudwatch-audit-logging対応
- mq-cloudwatch-audit-log対応
- mq-no-public-access
- mq-rabbit-deployment-mode
- msk-enhanced-monitoring-enabled
- msk-in-cluster-node-require-tls
- multi-region-cloudtrail-enabled
- nacl-no-unrestricted-ssh-rdp
- neptune-cluster-backup-retention- チェック
- neptune-cluster-cloudwatch-log-export-enabled
- neptune-cluster-copy-tags-to-snapshot-enabled
- neptune-cluster-deletion-protection対応
- neptune-cluster-encrypted
- neptune-cluster-iam-database- 認証
- neptune-cluster-multi-az対応
- neptune-cluster-snapshot-encrypted
- neptune-cluster-snapshot-public禁止
- netfw-deletion-protection-enabled
- netfw-logging-enabled
- netfw-multi-az-enabled
- netfw-policy-default-action-fragment-packets
- netfw-policy-default-action-full-packets
- netfw-policy-rule-group関連
- netfw-stateless-rule-group空ではない
- nlb-cross-zone-load- バランシングが有効
- no-unrestricted-route-to-igw
- opensearch-access-control-enabled
- opensearch-audit-logging-enabled
- opensearch-data-node-fault- 許容値
- opensearch-encrypted-at-rest
- opensearch-https-required
- opensearch-in-vpc-only
- opensearch-logs-to-cloudwatch
- opensearch-node-to-node暗号化チェック
- opensearch-primary-node-fault- 許容値
- opensearch-update-check
- rabbit-mq-supported-version
- rds-aurora-mysql-auditログ記録が有効
- rds-aurora-postgresql-logsから CloudWatch へ
- rds-automatic-minor-version- アップグレード対応
- rds-cluster-auto-minor-version-upgrade-enable
- rds-cluster-default-admin- チェック
- rds-cluster-deletion-protection対応
- rds-cluster-encrypted-at-rest
- rds-cluster-iam-authentication対応
- rds-cluster-multi-az対応
- rds-db-security-group- 許可されていません
- rds-enhanced-monitoring-enabled
- rds-instance-default-admin- チェック
- rds-instance-deletion-protection対応
- rds-instance-iam-authentication対応
- rds-instance-public-access- チェック
- rds-in-backup-plan
- rds-last-backup-recovery-point-created
- rds-logging-enabled
- rds-meets-restore-timeターゲット
- rds-multi-az-support
- rds-mysql-instance-encrypted転送中
- rds-postgresql-logs-to-cloudwatch
- rds-postgres-instance-encrypted転送中
- rds-resources-protected-by-バックアップ計画
- rds-snapshots-public-prohibited
- rds-snapshot-encrypted
- rds-sql-server-logsから CloudWatch へ
- rds-storage-encrypted
- redshift-audit-logging-enabled
- redshift-backup-enabled
- redshift-cluster-configuration-check
- redshift-cluster-kms-enabled
- redshift-cluster-maintenancesettings-check
- redshift-cluster-public-access- チェック
- redshift-cluster-subnet-group-multi-az
- redshift-default-admin-check
- redshift-default-db-name- チェック
- redshift-enhanced-vpc-routing対応
- redshift-require-tls-ssl
- redshift-unrestricted-port-access
- required-tags
- restricted-common-ports
- root-account-hardware-mfa対応
- root-account-mfa-enabled
- route53-query-logging-enabled
- s3 access-point-in-vpcのみ
- s3access-point-public-access--blocks
- s3account-level-public-access--blocks
- s3-account-level-public-access-blocks-periodic
- s3-bucket-acl-prohibited
- s3-bucket-blacklisted-actions-prohibited
- s3 bucket-cross-region-replication対応
- s3-bucket-default-lock-enabled
- s3 bucket-level-public-access禁止
- s3-bucket-logging-enabled
- s3-bucket-mfa-delete-enabled
- s3-bucket-policy-grantee-check
- s3-bucket-policy-not-more-permissive
- s3-bucket-public-read-prohibited
- s3-bucket-public-write-prohibited
- s3-bucket-replication-enabled
- s3 bucket-server-side-encryption対応
- s3-bucket-ssl-requests-only
- s3-bucket-versioning-enabled
- s3-default-encryption-kms
- s3-event-notifications-enabled
- s3 last-backup-recovery-point作成
- s3-lifecycle-policy-check
- s3-meets-restore-time-target
- s3resources-in-logically-air--gapped-vault
- s3resources-protected-by-backup--plan
- s3-version-lifecycle-policy-check
- sagemaker-endpoint-configuration-kms-key-configured
- sagemaker-endpoint-config-prodインスタンス数
- sagemaker-notebook-instance-inside- VPC
- sagemaker-notebook-instance-kms-key-configured
- sagemaker-notebook-instance-root-access-check
- sagemaker-notebook-no-direct-internet-access
- secretsmanager-rotation-enabled-check
- secretsmanager-scheduled-rotation-success- チェック
- secretsmanager-secret-periodic-rotation
- secretsmanager-secret-unused
- secretsmanager-using-cmk
- securityhub-enabled
- security-account-information-provided
- service-catalog-shared-within- 組織
- service-vpc-endpoint-enabled
- ses-malware-scanning-enabled
- shield-advanced-enabled-autorenew
- shield-drt-access
- sns-encrypted-kms
- sns-topic-message-delivery通知が有効
- sns-topic-no-publicアクセス
- ssm-document-not-public
- step-functions-state-machineログ記録が有効
- storagegateway-last-backup-recovery-point-created
- storagegateway-resources-in-logically-air-gapped-vault
- storagegateway-resources-protected-by-バックアップ計画
- subnet-auto-assign-public-ip-disabled
- transfer-family-server-no-ftp
- virtualmachine-last-backup-recovery-point-created
- virtualmachine-resources-in-logically-air-gapped-vault
- virtualmachine-resources-protected-by-バックアップ計画
- vpc-default-security-group閉鎖
- vpc-endpoint-enabled
- vpc-flow-logs-enabled
- vpc-network-acl-unused- チェック
- vpc-peering-dns-resolution- チェック
- vpc-sg-open-only-to-authorized-ports
- vpc-sg-port-restriction- チェック
- vpc-vpn-2-tunnels-up
- wafv2-logging-enabled
- wafv2-rulegroup-logging-enabled
- wafv2-rulegroup-not-empty
- wafv2-webacl-not-empty
- waf-classic-logging-enabled
- waf-global-rulegroup-not- 空
- waf-global-rule-not- 空
- waf-global-webacl-not- 空
- waf-regional-rulegroup-not- 空
- waf-regional-rule-not- 空
- waf-regional-webacl-not- 空
- workspaces-root-volume-encryption対応
- workspaces-user-volume-encryption対応