本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
控制限制
AWS Control Tower AWS 透過以各種形式實作的控制項,例如服務控制政策 (SCPs)、 AWS Config 規則和 AWS CloudFormation 勾點,協助您在 上維護安全的多帳戶環境。
控制項參考指南
AWS Control Tower 控制項的詳細資訊已移至 AWS Control Tower 控制項參考指南。
如果您修改 SCP 等 AWS Control Tower 資源,或移除任何 AWS Config 資源,例如 Config 記錄器或彙總器,AWS Control Tower 無法保證控制項的運作方式如設計。因此,多帳戶環境的安全性可能會受到影響。 AWS 共同的責任模型
注意
當您更新登陸區域時,AWS Control Tower 會將預防性控制項SCPs 重設為標準組態,以協助維護您環境的完整性。您可能對 SCPs所做的變更,會由標準版本的控制項取代為設計。
區域限制
AWS Control Tower 中的某些控制項無法在 AWS Control Tower 可用的某些 AWS 區域 中運作,因為這些區域不支援必要的基礎功能。因此,當您部署該控制項時,它可能不會在您透過 AWS Control Tower 管理的所有區域中運作。此限制會影響 Security Hub Service 受管標準中的特定偵測控制、特定主動控制和特定控制:AWS Control Tower。如需區域可用性的詳細資訊,請參閱 Security Hub 控制項。另請參閱區域服務清單文件
在混合控管的情況下,控制行為也會受到限制。如需詳細資訊,請參閱設定區域時避免混合控管。
如需 AWS Control Tower 如何管理區域和控制項限制的詳細資訊,請參閱 啟用 AWS 選擇加入區域的考量事項。
注意
如需控制和區域支援的最新資訊,建議您呼叫 GetControl和 ListControls API 操作。
尋找可用的控制項和區域
您可以在 AWS Control Tower 主控台中檢視每個控制項的可用區域。您可以使用 AWS Control Catalog 中的 GetControl和 ListControls API,以程式設計方式檢視可用的區域。 APIs
另請參閱《AWS Control Tower 控制項參考指南》中的 AWS Control Tower 控制項和支援區域的參考表、依區域的控制可用性。
如需來自服務受管標準:某些 中不支援的 AWS Control Tower AWS Security Hub 控制項的詳細資訊 AWS 區域,請參閱 Security Hub 標準中的「不支援的區域」。
下表顯示特定 中不支援的特定主動控制 AWS 區域。
| 控制項識別符 | 不可部署的區域 |
|---|---|
|
ap-southeast-5、ca-west-1、us-west-1 |
|
ap-south-2、ap-southeast-3、ap-southeast-4、ca-west-1、eu-central-2、eu-south-2、il-central-1、me-central-1 |
下表顯示特定 中不支援的 AWS Control Tower 偵測控制項 AWS 區域。
| 控制項識別符 | 不可部署的區域 |
|---|---|
|
ap-southeast-5、ca-west-1 |
|
af-south-1、ap-south-2、ap-southeast-3、ap-southeast-4、ap-southeast-5、ca-west-1、eu-central-2、eu-south-2、il-central-1、me-central-1 |
|
ap-south-2、ap-southeast-3、ap-southeast-4、ap-southeast-5、ca-west-1、eu-central-2、eu-south-2、il-central-1、me-central-1 |
|
ap-south-2、ap-southeast-3、ap-southeast-4、ap-southeast-5、ca-west-1、eu-central-2、eu-south-2、il-central-1、me-central-1 |
|
ap-south-2、ap-southeast-3、ap-southeast-4、ap-southeast-5、ca-west-1、eu-central-2、eu-south-2、il-central-1、me-central-1 |
|
ap-northeast-3、ap-southeast-3、ap-southeast-4、ap-southeast-5、ca-west-1、il-central-1 |
|
af-south-1、ap-south-2、ap-southeast-3、ap-southeast-4、ap-southeast-5、ca-west-1、eu-central-2、eu-south-1、eu-south-2、il-central-1、me-central-1 |
|
ap-southeast-5、ca-west-1 |
|
eu-south-2 |
|
ap-northeast-3 |
|
ap-southeast-5、ca-west-1 |
|
ap-southeast-5、ca-west-1 |
|
ap-south-2、ap-southeast-3、ap-southeast-4、ap-southeast-5、ca-west-1、eu-central-2、eu-south-2、il-central-1 |
|
af-south-1、ap-northeast-3、ap-south-2、ap-southeast-3、ap-southeast-4、ap-southeast-5、ca-west-1、eu-central-2、eu-south-1、eu-south-2、il-central-1、me-central-1 |
|
af-south-1、ap-northeast-3、eu-south-1、il-central-1 |
|
ap-south-2、ap-southeast-4、ap-southeast-5、ca-west-1、eu-central-2、eu-south-2、il-central-1、me-central-1 |
|
eu-south-2 |
|
ap-south-2、ap-southeast-4、ap-southeast-5、ca-west-1、eu-central-2、eu-south-2、il-central-1、me-central-1 |
|
ap-northeast-3、ap-south-2、ap-southeast-3、ap-southeast-5、ca-west-1、eu-south-2 |
|
ap-south-2、eu-south-2 |
|
af-south-1、ap-southeast-4、eu-central-2、eu-south-1、eu-south-2、il-central-1 |
|
eu-central-2、eu-south-2 |
|
ap-south-2、ap-southeast-3、ap-southeast-5、ca-west-1、eu-south-2 |
|
af-south-1、eu-south-1 |
|
ap-southeast-5、ca-west-1、il-central-1、me-central-1 |
|
eu-central-2、eu-south-2、il-central-1 |
|
af-south-1、ap-northeast-3、ap-south-2、ap-southeast-3、ap-southeast-4、ap-southeast-5、ca-west-1、eu-central-2、eu-south-1、eu-south-2、il-central-1、me-central-1 |
|
ap-southeast-5、ca-west-1、il-central-1 |
|
ap-northeast-3 |
|
ap-south-2、ap-southeast-3、ap-southeast-4、ap-southeast-5、ca-west-1、eu-central-2、eu-south-2、il-central-1、me-central-1 |
|
ap-south-2、ap-southeast-3、ap-southeast-4、ap-southeast-5、ca-west-1、eu-central-2、eu-south-2、il-central-1、me-central-1 |
|
ap-south-2、ap-southeast-3、ap-southeast-4、ap-southeast-5、ca-west-1、eu-central-2、eu-south-2、il-central-1、me-central-1 |
