AWS Config 관리형 규칙 목록

AWS Config 현재 다음과 같은 관리형 규칙을 지원합니다.

참고

관리형 규칙에 지정된 기본값은 콘솔을 사용할 때만 미리 채워집니다. AWS API, CLI 또는 SDK에는 기본값이 제공되지 않습니다.

주제

• access-keys-rotated
• account-part-of-organizations
• acm-certificate-expiration-check
• acm-certificate-rsa-check
• acm-pca-root-ca-장애인
• alb-desync-mode-check
• alb-http-drop-invalid-헤더 사용
• alb-http-to-https-리디렉션 확인
• alb-waf-enabled
• api-gwv2- access-logs-enabled
• api-gwv2- authorization-type-configured
• api-gw-associated-with-와프
• api-gw-cache-enabled-및 암호화
• api-gw-endpoint-type-체크
• api-gw-execution-logging-활성화
• api-gw-ssl-enabled
• api-gw-xray-enabled
• approved-amis-by-id
• approved-amis-by-tag
• appsync-associated-with-waf
• appsync-authorization-check
• appsync-cache-encryption-at-휴식
• appsync-logging-enabled
• athena-workgroup-encrypted-at-휴식
• aurora-last-backup-recovery-포인트 생성
• aurora-meets-restore-time-타겟
• aurora-mysql-backtracking-enabled
• aurora-resources-protected-by-백업 계획
• autoscaling-capacity-rebalancing
• autoscaling-group-elb-healthcheck-필수
• autoscaling-launchconfig-requires-imdsv2
• autoscaling-launch-config-hop-제한
• autoscaling-launch-config-public-ip 비활성화
• autoscaling-launch-template
• autoscaling-multiple-az
• autoscaling-multiple-instance-types
• backup-plan-min-frequency-and-min-retention-check
• backup-recovery-point-encrypted
• backup-recovery-point-manual-삭제 비활성화
• backup-recovery-point-minimum-보존 확인
• beanstalk-enhanced-health-reporting-활성화
• clb-desync-mode-check
• clb-multiple-az
• cloudformation-stack-drift-detection-체크
• cloudformation-stack-notification-check
• cloudfront-accesslogs-enabled
• cloudfront-associated-with-waf
• cloudfront-custom-ssl-certificate
• cloudfront-default-root-object-구성됨
• cloudfront-no-deprecated-ssl-프로토콜
• cloudfront-origin-access-identity-활성화
• cloudfront-origin-failover-enabled
• 클라우드프론트-s3- origin-access-control-enabled
• 클라우드프론트-s3- origin-non-existent-bucket
• cloudfront-security-policy-check
• cloudfront-sni-enabled
• cloudfront-traffic-to-origin-암호화
• cloudfront-viewer-policy-https
• cloudtrail-s3-dataevents-enabled
• cloudtrail-security-trail-enabled
• cloudwatch-alarm-action-check
• cloudwatch-alarm-action-enabled-체크
• cloudwatch-alarm-resource-check
• cloudwatch-alarm-settings-check
• cloudwatch-log-group-encrypted
• cloud-trail-cloud-watch-로그 지원
• cloudtrail-enabled
• cloud-trail-encryption-enabled
• cloud-trail-log-file-검증 가능
• cmk-backing-key-rotation-활성화
• codebuild-project-artifact-encryption
• codebuild-project-environment-privileged-체크
• codebuild-project-envvar-awscred-체크
• codebuild-project-logging-enabled
• codebuild-project-s3-로그 암호화
• codebuild-project-source-repo-URL 확인
• codedeploy-auto-rollback-monitor-활성화
• 코드 디플로이-ec2- minimum-healthy-hosts-configured
• codedeploy-lambda-allatonce-traffic-시프트 비활성화
• codepipeline-deployment-count-check
• codepipeline-region-fanout-check
• custom-eventbus-policy-attached
• custom-schema-registry-policy-첨부
• cw-loggroup-retention-period-체크
• dax-encryption-enabled
• dax-tls-endpoint-encryption
• db-instance-backup-enabled
• desired-instance-tenancy
• desired-instance-type
• dms-auto-minor-version-업그레이드 확인
• dms-endpoint-ssl-configured
• dms-mongo-db-authentication-활성화
• dms-neptune-iam-authorization-활성화
• dms-redis-tls-enabled
• dms-replication-not-public
• dms-replication-task-sourcedb-로깅
• dms-replication-task-targetdb-로깅
• docdb-cluster-audit-logging-활성화
• docdb-cluster-backup-retention-체크
• docdb-cluster-deletion-protection-활성화
• docdb-cluster-encrypted
• docdb-cluster-snapshot-public-금지
• dynamodb-autoscaling-enabled
• dynamodb-in-backup-plan
• dynamodb-last-backup-recovery-포인트 생성
• dynamodb-meets-restore-time-타겟
• dynamodb-pitr-enabled
• dynamodb-resources-protected-by-백업 계획
• dynamodb-table-deletion-protection-활성화
• dynamodb-table-encrypted-kms
• dynamodb-table-encryption-enabled
• dynamodb-throughput-limit-check
• ebs-in-backup-plan
• ebs-last-backup-recovery-포인트 생성
• ebs-meets-restore-time-타겟
• ebs-optimized-instance
• ebs-resources-protected-by-백업 계획
• ebs-snapshot-public-restorable-체크
• ec2- 활성화됨 client-vpn-connection-log
• ec2- -모두 client-vpn-not-authorize
• ec2- ebs-encryption-by-default
• ec2-imdsv2-check
• ec2- instance-detailed-monitoring-enabled
• ec2- -매니저 instance-managed-by-systems
• ec2- instance-multiple-eni-check
• ec2- instance-no-public-ip
• ec2- instance-profile-attached
• ec2- -생성됨 last-backup-recovery-point
• ec2- -비활성화됨 launch-template-public-ip
• ec2- managedinstance-applications-blacklisted
• ec2- managedinstance-applications-required
• ec2- -체크 managedinstance-association-compliance-status
• ec2- managedinstance-inventory-blacklisted
• ec2- -체크 managedinstance-patch-compliance-status
• ec2- managedinstance-platform-check
• ec2- meets-restore-time-target
• ec2- no-amazon-key-pair
• ec2- paravirtual-instance-check
• ec2- -플랜 resources-protected-by-backup
• ec2- -eni security-group-attached-to
• ec2- security-group-attached-to -비주기적
• ec2-stopped-instance
• ec2- token-hop-limit-check
• ec2- -첨부-비활성화됨 transit-gateway-auto-vpc
• ec2- volume-inuse-check
• ecr-private-image-scanning-활성화
• ecr-private-lifecycle-policy-구성됨
• ecr-private-tag-immutability-활성화
• ecs-awsvpc-networking-enabled
• ecs-containers-nonprivileged
• ecs-containers-readonly-access
• ecs-container-insights-enabled
• ecs-fargate-latest-platform-버전
• ecs-no-environment-secrets
• ecs-task-definition-log-구성
• ecs-task-definition-memory-하드 리밋
• ecs-task-definition-nonroot-사용자
• ecs-task-definition-pid-모드 체크
• ecs-task-definition-user-for-host-mode-check
• efs-access-point-enforce-루트 디렉터리
• efs-access-point-enforce-사용자 아이덴티티
• efs-encrypted-check
• efs-in-backup-plan
• efs-last-backup-recovery-포인트 생성
• efs-meets-restore-time-타겟
• efs-mount-target-public-접근 가능
• efs-resources-protected-by-백업 계획
• eip-attached
• eks-cluster-logging-enabled
• eks-cluster-log-enabled
• eks-cluster-oldest-supported-버전
• eks-cluster-secrets-encrypted
• eks-cluster-supported-version
• eks-endpoint-no-public-액세스
• eks-secrets-encrypted
• elasticache-auto-minor-version-업그레이드 확인
• elasticache-rbac-auth-enabled
• elasticache-redis-cluster-automatic-백업 확인
• elasticache-repl-grp-auto-페일오버 지원
• elasticache-repl-grp-encrypted-휴식 중
• elasticache-repl-grp-encrypted-운송 중
• elasticache-repl-grp-redis-인증 활성화
• elasticache-subnet-group-check
• elasticache-supported-engine-version
• elasticsearch-encrypted-at-rest
• elasticsearch-in-vpc-only
• elasticsearch-logs-to-cloudwatch
• elasticsearch-node-to-node-암호화 검사
• elastic-beanstalk-logs-to- 클라우드 워치
• elastic-beanstalk-managed-updates-활성화
• elbv2- acm-certificate-required
• elbv2-multiple-az
• elb-acm-certificate-required
• elb-cross-zone-load-밸런싱 지원
• elb-custom-security-policy-ssl-check
• elb-deletion-protection-enabled
• elb-logging-enabled
• elb-predefined-security-policy-ssl-check
• elb-tls-https-listeners전용
• emr-block-public-access
• emr-kerberos-enabled
• emr-master-no-public-ip
• encrypted-volumes
• fms-shield-resource-policy-체크
• fms-webacl-resource-policy-체크
• fms-webacl-rulegroup-association-체크
• fsx-last-backup-recovery-포인트 생성
• fsx-lustre-copy-tags백업으로
• fsx-meets-restore-time-타겟
• fsx-openzfs-copy-tags-활성화
• fsx-resources-protected-by-백업 계획
• fsx-windows-audit-log-구성
• global-endpoint-event-replication-활성화
• guardduty-enabled-centralized
• guardduty-non-archived-findings
• iam-customer-policy-blocked-kms-액션
• iam-group-has-users-체크
• iam-inline-policy-blocked-kms-액션
• iam-no-inline-policy-체크
• iam-password-policy
• iam-policy-blacklisted-check
• iam-policy-in-use
• iam-policy-no-statements-with-admin-access
• iam-policy-no-statements-with-full-access
• iam-role-managed-policy-체크
• iam-root-access-key-체크
• iam-user-group-membership-체크
• iam-user-mfa-enabled
• iam-user-no-policies-체크
• iam-user-unused-credentials-체크
• restricted-ssh
• ec2- instances-in-vpc
• internet-gateway-authorized-vpc전용
• kinesis-firehose-delivery-stream-암호화
• kinesis-stream-encrypted
• kms-cmk-not-scheduled-삭제용
• lambda-concurrency-check
• lambda-dlq-check
• lambda-function-public-access-금지
• lambda-function-settings-check
• lambda-inside-vpc
• lambda-vpc-multi-az-체크
• macie-auto-sensitive-data-디스커버리-체크
• macie-status-check
• mfa-enabled-for-iam-콘솔 액세스
• mq-active-deployment-mode
• mq-automatic-minor-version-업그레이드 가능
• mq-auto-minor-version-업그레이드 가능
• mq-cloudwatch-audit-logging-활성화
• mq-cloudwatch-audit-log-활성화
• mq-no-public-access
• mq-rabbit-deployment-mode
• msk-enhanced-monitoring-enabled
• msk-in-cluster-node-require-tls
• multi-region-cloudtrail-enabled
• nacl-no-unrestricted-ssh-rdp
• neptune-cluster-backup-retention-체크
• neptune-cluster-cloudwatch-log-내보내기 가능
• neptune-cluster-copy-tags-to-snapshot-enabled
• neptune-cluster-deletion-protection-활성화
• neptune-cluster-encrypted
• neptune-cluster-iam-database-인증
• neptune-cluster-multi-az-활성화
• neptune-cluster-snapshot-encrypted
• neptune-cluster-snapshot-public-금지
• netfw-deletion-protection-enabled
• netfw-logging-enabled
• netfw-multi-az-enabled
• netfw-policy-default-action-프래그먼트 패킷
• netfw-policy-default-action-풀 패킷
• netfw-policy-rule-group-관련
• netfw-stateless-rule-group-비어 있지 않음
• nlb-cross-zone-load-밸런싱 지원
• no-unrestricted-route-to-igw
• opensearch-access-control-enabled
• opensearch-audit-logging-enabled
• opensearch-data-node-fault-허용한도
• opensearch-encrypted-at-rest
• opensearch-https-required
• opensearch-in-vpc-only
• opensearch-logs-to-cloudwatch
• opensearch-node-to-node-암호화 검사
• opensearch-primary-node-fault-허용한도
• opensearch-update-check
• rds-aurora-mysql-audit-로깅 지원
• rds-automatic-minor-version-업그레이드 가능
• rds-cluster-auto-minor-version-upgrade-enable
• rds-cluster-default-admin-체크
• rds-cluster-deletion-protection-활성화
• rds-cluster-encrypted-at-휴식
• rds-cluster-iam-authentication-활성화
• rds-cluster-multi-az-활성화
• rds-db-security-group-허용되지 않음
• rds-enhanced-monitoring-enabled
• rds-instance-default-admin-체크
• rds-instance-deletion-protection-활성화
• rds-instance-iam-authentication-활성화
• rds-instance-public-access-체크
• rds-in-backup-plan
• rds-last-backup-recovery-포인트 생성
• rds-logging-enabled
• rds-meets-restore-time-타겟
• rds-multi-az-support
• rds-resources-protected-by-백업 계획
• rds-snapshots-public-prohibited
• rds-snapshot-encrypted
• rds-storage-encrypted
• redshift-audit-logging-enabled
• redshift-backup-enabled
• redshift-cluster-configuration-check
• redshift-cluster-kms-enabled
• redshift-cluster-maintenancesettings-check
• redshift-cluster-public-access-체크
• redshift-default-admin-check
• redshift-default-db-name-체크
• redshift-enhanced-vpc-routing-활성화
• redshift-require-tls-ssl
• required-tags
• restricted-common-ports
• root-account-hardware-mfa-활성화
• root-account-mfa-enabled
• 국도 53- query-logging-enabled
• s3- access-point-in-vpc 전용
• s3- access-point-public-access -블록
• s3- account-level-public-access -블록
• s3- account-level-public-access -블록 - 주기적
• s3- bucket-acl-prohibited
• s3- bucket-blacklisted-actions-prohibited
• s3 bucket-cross-region-replication - 활성화됨
• s3- bucket-default-lock-enabled
• s3- bucket-level-public-access -금지됨
• s3- bucket-logging-enabled
• s3- bucket-mfa-delete-enabled
• s3- bucket-policy-grantee-check
• s3- bucket-policy-not-more -허용적
• s3- bucket-public-read-prohibited
• s3- bucket-public-write-prohibited
• s3- bucket-replication-enabled
• s3 bucket-server-side-encryption - 활성화됨
• s3- bucket-ssl-requests-only
• s3- bucket-versioning-enabled
• s3- default-encryption-kms
• s3- event-notifications-enabled
• s3 last-backup-recovery-point - - 생성됨
• s3- lifecycle-policy-check
• s3- meets-restore-time-target
• s3- resources-protected-by-backup -플랜
• s3- version-lifecycle-policy-check
• sagemaker-endpoint-configuration-kms-키 구성
• sagemaker-endpoint-config-prod-인스턴스 수
• sagemaker-notebook-instance-inside-vpc
• sagemaker-notebook-instance-kms-키 구성
• sagemaker-notebook-instance-root-액세스 확인
• sagemaker-notebook-no-direct-인터넷 액세스
• secretsmanager-rotation-enabled-check
• secretsmanager-scheduled-rotation-success-체크
• secretsmanager-secret-periodic-rotation
• secretsmanager-secret-unused
• secretsmanager-using-cmk
• securityhub-enabled
• security-account-information-provided
• service-catalog-shared-within-조직
• service-vpc-endpoint-enabled
• ses-malware-scanning-enabled
• shield-advanced-enabled-autorenew
• shield-drt-access
• sns-encrypted-kms
• sns-topic-message-delivery-알림 사용
• ssm-document-not-public
• step-functions-state-machine-로깅 지원
• storagegateway-last-backup-recovery-포인트 생성
• storagegateway-resources-protected-by-백업 계획
• subnet-auto-assign-public-ip 비활성화
• transfer-family-server-no-ftp
• virtualmachine-last-backup-recovery-포인트 생성
• virtualmachine-resources-protected-by-백업 계획
• vpc-default-security-group-닫혔습니다
• vpc-flow-logs-enabled
• vpc-network-acl-unused-체크
• vpc-peering-dns-resolution-체크
• vpc-sg-open-only-to-authorized-ports
• vpc-vpn-2-tunnels-up
• wafv2-logging-enabled
• wavv2- rulegroup-logging-enabled
• wavv2- rulegroup-not-empty
• wafv2- webacl-not-empty
• waf-classic-logging-enabled
• waf-global-rulegroup-not-비어 있음
• waf-global-rule-not-비어 있음
• waf-global-webacl-not-비어 있음
• waf-regional-rulegroup-not-비어 있음
• waf-regional-rule-not-비어 있음
• waf-regional-webacl-not-비어 있음