Documentación AWS Config Guía para desarrolladores

Las traducciones son generadas a través de traducción automática. En caso de conflicto entre la traducción y la version original de inglés, prevalecerá la version en inglés.

Lista de AWS Config Reglas administradas por modo de evaluación

AWS Config actualmente admite las siguientes reglas administradas. Antes de usar estas reglas, consulte Consideraciones.

Evaluación proactiva

Las reglas proactivas son reglas que respaldan el modo de evaluación proactiva de los recursos que no se han implementado todavía. Esto le permite evaluar si un conjunto de propiedades de un recurso, si se utiliza para definir un AWS recurso, cumpliría o no lo es, dado el conjunto de reglas proactivas que tiene en su cuenta de su región. Para obtener más información, consulte Modos de evaluación.

nota

Las reglas proactivas no corrigen los recursos que están marcados como NON_COMPLIANT ni impiden su implementación.

eip-attached
subnet-auto-assign-public-ip-disabled

Evaluación de detectives

Las reglas de detectives son reglas que admiten el modo de evaluación de detectives para los recursos que ya se han implementado. Esto le permite evaluar los ajustes de configuración de los recursos existentes.

nota

Actualmente, todas las AWS Config reglas respaldan la evaluación policial.

access-keys-rotated
account-part-of-organizations
acmpca-certificate-authority-tagged
acm-certificate-expiration-check
acm-certificate-rsa-check
certificado acm habilitado para el registro transparente
acm-pca-root-ca-disabled
active-mq-supported-version
alb-desync-mode-check
alb-http-drop-invalid-header-enabled
alb-http-to-https-redirection-check
alb-internal-scheme-check
alb-listener-tagged
alb-tagged
alb-waf-enabled
amplify-app-branch-auto-deletion-enabled
amplify-app-build-spec-configurable
amplify-app-description
amplify-app-no-environment-variables
amplify-app-platform-check
amplify-app-tagged
amplify-branch-habilitada para la construcción automática
amplify-branch-build-spec-configurado
amplify-branch-description
amplify-branch-framework-configurado
amplify-branch-performance-mode-enabled
amplify-branch-pull-request-previsualización habilitada
amplify-branch-tagged
apigatewayv2, integración-priva-https habilitada
apigatewayv2-stage-description
apigateway-nombre-dominio-tls-check
apigateway-stage-access-logs-enabled
apigateway-stage-description
api-gwv2-access-logs-enabled
api-gwv2-authorization-type-configured
api-gwv2-stage-default-route-detailed-metrics-enabled
api-gw-associated-with-waf
api-gw-cache-enabled-and-encrypted
api-gw-endpoint-type-check
api-gw-execution-logging-enabled
api-gw-rest-api-tagged
api-gw-ssl-enabled
api-gw-stage-tagged
api-gw-xray-enabled
appconfig-application-description
appconfig-application-tagged
appconfig-configuration-profile-tagged
appconfig-configuration-profile-validators-not-empty
appconfig-deployment-strategy-description
appconfig-deployment-strategy-minimum-final-bake-time
appconfig-deployment-strategy-replicate-to-ssm
appconfig-deployment-strategy-tagged
appconfig-environment-description
appconfig-environment-tagged
appconfig-extension-association-tagged
appconfig-freeform-profile-config-storage
appconfig-hosted-configuration-version-description
appflow-flow-tagged
appflow-flow-trigger-type-check
verifican las integraciones de aplicaciones, las aplicaciones aprueban los orígenes
integraciones de aplicaciones, etiquetadas con aplicaciones
appintegrations-event-integration-description
appintegrations-event-integration-tagged
appmesh-gateway-route-tagged
appmesh-mesh-deny-tcp-forwarding
appmesh-mesh-ip-pref-check
appmesh-mesh-tagged
appmesh-route-tagged
appmesh-virtual-gateway-backend-defaults-tls
appmesh-virtual-gateway-listeners-health-check habilitado
appmesh-virtual-gateway-logging-file-path-exists
appmesh-virtual-gateway-tagged
appmesh-virtual-node-backend-defaults-tls-on
appmesh-virtual-node-cloud-map-ip-pref-check
appmesh-virtual-node-dns-ip-pref-check
appmesh-virtual-node-listeners-health-check activado
appmesh-virtual-node-listeners-outlier-detect-activado
appmesh-virtual-node-logging-file-path-exists
appmesh-virtual-node-service-backends-tls-forced
appmesh-virtual-node-tagged
appmesh-virtual-router-tagged
appmesh-virtual-service-tagged
approved-amis-by-id
approved-amis-by-tag
apprunner-service-in-vpc
apprunner-service-ip-address-type-check
apprunner-service-max-unhealthy-threshold
aprunner-service-no-public-access
aprunner-service-observability-enabled
apprunner-service-tagged
apprunner-vpc-connector-tagged
appstream-fleet-in-vpc
appsync-associated-with-waf
appsync-authorization-check
appsync-cache-ct-encryption-at-rest
appsync-cache-ct-encryption-in-transit
appsync-cache-encryption-at-rest
appsync-graphql-api-xray-enabled
appsync-logging-enabled
aps-rule-groups-namespace-tagged
athena-data-catalog-description
athena-prepared-statement-description
athena-workgroup-description
athena-workgroup-encrypted-at-rest
athena-workgroup-enforce-workgroup-configuration
athena-workgroup-engine-version-auto-upgrade
athena-workgroup-logging-enabled
auditmanager-assessment-tagged
cifrado de bases de datos global aurora-en reposo
aurora-last-backup-recovery-point-created
aurora-meets-restore-time-target
aurora-mysql-backtracking-enabled
aurora-mysql-cluster-audit-logging
aurora-resources-in-logically-air-gapped-vault
aurora-resources-protected-by-backup-plan
autoscaling-capacity-rebalancing
autoscaling-group-elb-healthcheck-required
autoscaling-launchconfig-requires-imdsv2
autoscaling-launch-config-hop-limit
autoscaling-launch-config-public-ip-disabled
autoscaling-launch-template
autoscaling-multiple-az
autoscaling-multiple-instance-types
backup-plan-min-frequency-and-min-retention-check
backup-recovery-point-encrypted
backup-recovery-point-manual-deletion-disabled
backup-recovery-point-minimum-retention-check
batch-compute-environment-enabled
batch-compute-environment-managed
batch-compute-environment-tagged
batch-job-queue-enabled
batch-job-queue-tagged
batch-managed-compute-environment-using-launch-template
batch-managed-compute-env-allocation-strategy-check
batch-managed-compute-env-compute-resources-tagged
batch-managed-spot-compute-environment-max-bid
batch-scheduling-policy-tagged
beanstalk-enhanced-health-reporting-enabled
bedrock agentcore-gateway-authorizer-enabled
bedrock Agent Core: tiempo de ejecución, red privada, requerida
bedrock-agentcore - cifrado de memoria activado
cassandra-keyspace-tagged
clb-desync-mode-check
clb-multiple-az
cloudformation-stack-drift-detection-check
cloudformation-stack-notification-check
cloudformation-stack-service-role-check
cloudformation-termination-protection-check
cloudfront-accesslogs-enabled
cloudfront-associated-with-waf
cloudfront-custom-ssl-certificate
cloudfront-default-root-object-configured
cloudfront-distribution-key-group habilitado
cloudfront-no-deprecated-ssl-protocols
cloudfront-origin-access-identity-enabled
cloudfront-origin-failover-enabled
cloudfront-origin-lambda-url-oac-enabled
cloudfront-s3-origin-access-control-enabled
cloudfront-s3-origin-non-existent-bucket
cloudfront-security-policy-check
cloudfront-sni-enabled
cloudfront-ssl-policy-check
cloudfront-traffic-to-origin-encrypted
cloudfront-viewer-policy-https
cloudtrail-all-read-s3-data-event-check
cloudtrail-all-write-s3-data-event-check
cloudtrail-event-data-store-multirregión
cloudtrail-s3-bucket-access-logging
cloudtrail-s3-bucket-public-access-prohibited
cloudtrail-s3-dataevents-enabled
cloudtrail-security-trail-enabled
cloudwatch-alarm-action-check
cloudwatch-alarm-action-enabled-check
descripción de cloudwatch-alarm-
cloudwatch-alarm-resource-check
cloudwatch-alarm-settings-check
cloudwatch-log-group-encrypted
cloudwatch-metric-stream-tagged
cloud-trail-cloud-watch-logs-enabled
cloud-trail-enabled
cloud-trail-encryption-enabled
cloud-trail-log-file-validation-enabled
cmk-backing-key-rotation-enabled
codeartifact-repository-tagged
codebuild-project-artifact-encryption
codebuild-project-environment-privileged-check
codebuild-project-envvar-awscred-check
codebuild-project-logging-enabled
codebuild-project-s3-logs-encrypted
codebuild-project-source-repo-url-check
codebuild-project-tagged
codebuild-report-group-encrypted-at-rest
codebuild-report-group-tagged
codedeploy-auto-rollback-monitor-enabled
codedeploy-deployment-group-auto-rollback-enabled
codedeploy-deployment-group-outdated-instances-update
codedeploy-ec2-minimum-healthy-hosts-configured
codedeploy-lambda-allatonce-traffic-shift-disabled
codeguruprofiler-profiling-group-tagged
codegurureviewer-repository-association-tagged
codepipeline-deployment-count-check
codepipeline-region-fanout-check
cognito-identity-pool-unauthenticated-logins
cognito-identity-pool-unauth-access-check
cognito-userpool-cust-auth-threat-full-check
cognito-user-pool-advanced-security-enabled
cognito-user-pool está habilitada para la protección contra la eliminación de grupos de usuarios
compatible con cognito-user-pool-mfa
cognito-user-pool-password-policy-check
cognito-user-pool-tagged
connect-instance-logging-enabled
customerprofiles-domain-tagged
customerprofiles-object-type-allow-profile-creation
customerprofiles-object-type-tagged
custom-eventbus-policy-attached
custom-schema-registry-policy-attached
cw-loggroup-retention-period-check
datasync-location-object-storage-using-https
datasync-task-data-verification-enabled
datasync-task-logging-enabled
datasync-task-tagged
dax-encryption-enabled
dax-tls-endpoint-encryption
db-instance-backup-enabled
desired-instance-tenancy
desired-instance-type
devicefarm-instance-profile-tagged
devicefarm-project-tagged
devicefarm-test-grid-project-tagged
dms-auto-minor-version-upgrade-check
dms-endpoint-ssl-configured
dms-endpoint-tagged
dms-mongo-db-authentication-enabled
dms-neptune-iam-authorization-enabled
dms-redis-tls-enabled
dms-replication-instance-multi-az-enabled
dms-replication-not-public
dms-replication-task-sourcedb-logging
dms-replication-task-tagged
dms-replication-task-targetdb-logging
docdb-cluster-audit-logging-enabled
docdb-cluster-backup-retention-check
docdb-cluster-deletion-protection-enabled
docdb-cluster-encrypted
docdb-cluster-encrypted-in-transit
docdb-cluster-snapshot-public-prohibited
dynamodb-autoscaling-enabled
dynamodb-in-backup-plan
dynamodb-last-backup-recovery-point-created
dynamodb-meets-restore-time-target
dynamodb-pitr-enabled
dynamodb-resources-protected-by-backup-plan
dynamodb-table-deletion-protection-enabled
dynamodb-table-encrypted-kms
dynamodb-table-encryption-enabled
dynamodb-throughput-limit-check
ebs-in-backup-plan
ebs-last-backup-recovery-point-created
ebs-meets-restore-time-target
ebs-optimized-instance
ebs-resources-in-logically-air-gapped-vault
ebs-resources-protected-by-backup-plan
ebs-snapshot-block-public access
ebs-snapshot-public-restorable-check
ec2-capacity-reservation-tagged
ec2-carrier-gateway-tagged
ec2-client-vpn-connection-log-enabled
ec2-client-vpn-endpoint-tagged
ec2-client-vpn-not-authorize-all
ec2-dhcp-options-tagged
ec2-ebs-encryption-by-default
ec2-enis-source-destination-check-enabled
ec2-fleet-tagged
ec2-imdsv2-check
ec2-instance-detailed-monitoring-enabled
ec2-instance-launched-with-allowed-ami
ec2-instance-managed-by-ssm
ec2-instance-multiple-eni-check
ec2-instance-no-public-ip
ec2-instance-profile-attached
ec2-ipamscope-tagged
ec2-last-backup-recovery-point-created
plantilla de lanzamiento de ec2-encriptada con ebs
ec2-launch-templates-ebs-volume-encrypted
ec2-launch-template-imdsv2-check
ec2-launch-template-public-ip-disabled
ec2-launch-template-tagged
ec2-managedinstance-applications-blacklisted
ec2-managedinstance-applications-required
ec2-managedinstance-association-compliance-status-check
ec2-managedinstance-inventory-blacklisted
ec2-managedinstance-patch-compliance-status-check
ec2-managedinstance-platform-check
ec2-meets-restore-time-target
ec2-network-insights-access-scope-analysis-tagged
ec2-network-insights-access-scope-tagged
ec2-network-insights-analysis-tagged
ec2-network-insights-path-tagged
ec2-no-amazon-key-pair
ec2-paravirtual-instance-check
ec2-prefix-list-tagged
ec2-resources-in-logically-air-gapped-vault
ec2-resources-protected-by-backup-plan
ec2-security-group-attached-to-eni
ec2-security-group-attached-to-eni-periodic
ec2-spot-fleet-request-ct-encryption-at-rest
ec2-stopped-instance
ec2-token-hop-limit-check
ec2-traffic-mirror-filter-description
ec2-traffic-mirror-filter-tagged
ec2-traffic-mirror-session-description
ec2-traffic-mirror-session-tagged
ec2-traffic-mirror-target-description
ec2-traffic-mirror-target-tagged
ec2-transit-gateway-auto-vpc-attach-disabled
ec2-transit-gateway-multicast-domain-tagged
ec2-volume-inuse-check
ec2-vpn-connection-ike-version-check
ec2-vpn-connection-logging-enabled
ec2-vpn-connection-tagged
ecr-private-image-scanning-enabled
ecr-private-lifecycle-policy-configured
ecr-private-tag-immutability-enabled
ecr-repository-cmk-encryption-enabled
ecr-repository-tagged
ecs-awsvpc-networking-enabled
ecs-capacity-provider-tagged
ecs-capacity provider-termination-check
ecs-containers-nonprivileged
ecs-containers-readonly-access
ecs-container-insights-enabled
ecs-fargate-latest-platform-version
ecs-no-environment-secrets
ecs-service-propagate-tags-habilitado
ecs-task-definition-efs-encryption-habilitado
ecs-task-definition-linux-user-non-root
ecs-task-definition-log-configuration
ecs-task-definition-memory-hard-limit
ecs-task-definition-network-mode-not-host
ecs-task-definition-nonroot-user
ecs-task-definition-pid-mode-check
ecs-task-definition-user-for-host-mode-check
ecs-task-definition-windows-user-non-admin
efs-access-point-enforce-root-directory
efs-access-point-enforce-user-identity
efs-automatic-backups-enabled
efs-encrypted-check
efs-filesystem-ct-encrypted
efs-file-system-tagged
efs-in-backup-plan
efs-last-backup-recovery-point-created
efs-meets-restore-time-target
efs-mount-target-public-accessible
efs-resources-in-logically-air-gapped-vault
efs-resources-protected-by-backup-plan
eip-attached
eks-addon-tagged
eks-cluster-logging-enabled
eks-cluster-log-enabled
eks-cluster-oldest-supported-version
eks-cluster-secrets-encrypted
eks-cluster-supported-version
eks-endpoint-no-public-access
eks-fargate-profile-tagged
comprobación de versiones compatible con eks-nodegroup
eks-secrets-encrypted
elasticache-automatic-backup-check-enabled
elasticache-auto-minor-version-upgrade-check
elasticache-rbac-auth-enabled
elasticache-redis-cluster-automatic-backup-check
elasticache-repl-grp-auto-failover-enabled
elasticache-repl-grp-encrypted-at-rest
elasticache-repl-grp-encrypted-in-transit
elasticache-repl-grp-redis-auth-enabled
elasticache-subnet-group-check
elasticache-supported-engine-version
elasticbeanstalk-application-description
elasticbeanstalk-application-version-description
elasticbeanstalk-environment-description
elasticsearch-encrypted-at-rest
elasticsearch-in-vpc-only
elasticsearch-logs-to-cloudwatch
elasticsearch-node-to-node-encryption-check
elastic-beanstalk-logs-to-cloudwatch
elastic-beanstalk-managed-updates-enabled
elbv2-acm-certificate-required
elbv2-listener-encryption-in-transit
elbv2-multiple-az
elbv2-predefined-security-policy-ssl-check
elbv2-targetgroup-healthcheck-protocolo-encriptado
elbv2, grupo de destino, cifrado con protocolo
elb-acm-certificate-required
elb-cross-zone-load-balancing-enabled
elb-custom-security-policy-ssl-check
elb-deletion-protection-enabled
elb-internal-scheme-check
elb-logging-enabled
elb-predefined-security-policy-ssl-check
elb-tagged
elb-tls-https-listeners-only
emr-block-public-access
emr-kerberos-enabled
emr-master-no-public-ip
emr-security-configuration-encryption-rest
emr-security-configuration-encryption-transit
encrypted-volumes
esquemas de eventos: descubridor-etiquetado
esquemas de eventos: etiquetados en el registro
event-data-store-cmk-encryption-enabled
evidently-launch-description
evidently-launch-tagged
evidently-project-description
evidently-project-tagged
evidently-segment-description
evidently-segment-tagged
fis-experiment-template-log-configuration-exists
fis-experiment-template-tagged
fms-shield-resource-policy-check
fms-webacl-resource-policy-check
fms-webacl-rulegroup-association-check
frauddetector-entity-type-tagged
frauddetector-label-tagged
frauddetector-outcome-tagged
frauddetector-variable-tagged
fsx-last-backup-recovery-point-created
fsx-lustre-copy-tags-to-backups
fsx-meets-restore-time-target
fsx-ontap-deployment-type-check
fsx-openzfs-copy-tags-enabled
fsx-openzfs-deployment-type-check
fsx-resources-protected-by-backup-plan
fsx-windows-audit-log-configured
fsx-windows-deployment-type-check
glb-listener-tagged
glb-tagged
global-endpoint-event-replication-enabled
glue-job-logging-enabled
glue-ml-transform-encrypted-at-rest
glue-ml-transform-tagged
glue-spark-job-supported-version
función de configuración de estación terrestre etiquetada
estación terrestre: flujo de datos, punto final, etiquetada
estación terrestre, perfil de misión, etiquetado
guardduty-ec2-protection-runtime-enabled
guardduty-ecs-protection-runtime-enabled
guardduty-eks-protection-audit-enabled
guardduty-eks-protection-runtime-enabled
guardduty-enabled-centralized
guardduty-lambda-protection-enabled
guardduty-malware-protection-enabled
guardduty-non-archived-findings
guardduty-rds-protection-enabled
guardduty-runtime-monitoring-enabled
guardduty-s3-protection-enabled
tienda de datos de healthlake-fhir etiquetada
iam-customer-policy-blocked-kms-actions
iam-external-access-analyzer-enabled
iam-group-has-users-check
iam-inline-policy-blocked-kms-actions
iam-no-inline-policy-check
iam-oidc-provider-client-id-list-check
iam-oidc-provider-tagged
iam-password-policy
iam-policy-blacklisted-check
descripción de la política de iam
iam-policy-in-use
iam-policy-no-statements-with-admin-access
iam-policy-no-statements-with-full-access
iam-role-managed-policy-check
iam-root-access-key-check
iam-saml-provider-tagged
iam-server-certificate-expiration-check
iam-server-certificate-tagged
iam-user-group-membership-check
iam-user-mfa-enabled
iam-user-no-policies-check
iam-user-unused-credentials-check
generador de imágenes: configuración de distribución, etiquetada
imagebuilder-imagepipeline-tagged
imagebuilder-receta de imagen -ebs-volúmenes cifrados
imagebuilder-receta de imagen etiquetada
generador de imágenes: configuración de infraestructura, etiquetado
incoming-ssh-disabled
inspector-ec2-scan-enabled
inspector-ecr-scan-enabled
inspector-lambda-code-scan-enabled
inspector-lambda-standard-scan-enabled
instances-in-vpc
internet-gateway-authorized-vpc-only
iotdevicedefender-custom-metric-tagged
iotevents-alarm-model-tagged
iotevents-detector-model-tagged
iotevents-input-tagged
iotsitewise-asset-model-tagged
iotsitewise-dashboard-tagged
iotsitewise-gateway-tagged
iotsitewise-portal-tagged
iotsitewise-project-tagged
iottwinmaker-component-type-tagged
iottwinmaker-entity-tagged
iottwinmaker-scene-tagged
iottwinmaker-sync-job-tagged
iottwinmaker-workspace-tagged
iotwireless-fuota-task-tagged
iotwireless-multicast-group-tagged
iotwireless-service-profile-tagged
iot-authorizer-token-signing-enabled
iot-job-template-tagged
iot-provisioning-template-description
iot-provisioning-template-jitp
iot-provisioning-template-tagged
iot-scheduled-audit-tagged
ivs-channel-playback-authorization-enabled
ivs-channel-tagged
ivs-playback-key-pair-tagged
ivs-recording-configuration-tagged
kendra: indexada
canal de señalización de vídeo de Kinesis etiquetado
kinesis con etiquetas de transmisión de vídeo
kinesis-firehose-delivery-stream-encrypted
kinesis-stream-backup-retention-check
kinesis-stream-encrypted
kinesis-video-stream-minimum-data-retention
kms-cmk-not-scheduled-for-deletion
kms-key-policy-no-public-access
kms-key-tagged
lambda-concurrency-check
lambda-dlq-check
comprobación del nivel de registro de la aplicación lambda
lambda-function-description
lambda-función-log-format-json
lambda-function-public-access-prohibited
lambda-function-settings-check
comprobación del nivel de registro del sistema de funciones lambda
lambda-function-xray-enabled
lambda-inside-vpc
lambda-vpc-multi-az-check
lightsail-bucket-allow-public-overrides-disabled
lightsail-bucket está habilitado para el control de versiones de objetos
con etiqueta LightSail-Bucket-Tagged
etiquetado con certificado de vela ligera
LightSail-Disk-Tagged
macie-auto-sensitive-data-discovery-check
macie-status-check
mariadb-publish-logs-to-cloudwatch-logs
paquete multimedia, configuración de embalaje, etiquetado
configuración de reproducción personalizada y etiquetada
memorydb-subnetgroup-tagged
mfa-enabled-for-iam-console-access
mq-active-broker-ldap-authentication
mq-active-deployment-mode
mq-active-single-instance-broker-storage-type-efs
mq-automatic-minor-version-upgrade-enabled
mq-auto-minor-version-upgrade-enabled
mq-broker-general-logging-enabled
mq-cloudwatch-audit-logging-enabled
mq-cloudwatch-audit-log-enabled
mq-no-public-access
mq-rabbit-deployment-mode
msk-cluster-public-access-disabled
msk-cluster-tagged
msk-connect-connector-logging-enabled
msk-enhanced-monitoring-enabled
msk-in-cluster-node-require-tls
msk-unrestricted-access-check
multi-region-cloud-trail-enabled
nacl-no-unrestricted-ssh-rdp
neptune-cluster-backup-retention-check
neptune-cluster-cloudwatch-log-export-enabled
neptune-cluster-copy-tags-to-snapshot-enabled
neptune-cluster-deletion-protection-enabled
neptune-cluster-encrypted
neptune-cluster-iam-database-authentication
neptune-cluster-multi-az-enabled
neptune-cluster-snapshot-encrypted
neptune-cluster-snapshot-iam-database-auth-enabled
neptune-cluster-snapshot-public-prohibited
netfw-deletion-protection-enabled
netfw-logging-enabled
netfw-multi-az-enabled
netfw-policy-default-action-fragment-packets
netfw-policy-default-action-full-packets
netfw-policy-rule-group-associated
netfw-stateless-rule-group-not-empty
netfw-subnet-change-protection-enabled
nlb-cross-zone-load-balancing-enabled
nlb-internal-scheme-check
nlb-listener-tagged
nlb-logging-enabled
nlb-tagged
no-unrestricted-route-to-igw
descripción de opensearchserverless-collection-
opensearch server, sin recopilación, réplicas en espera habilitadas
opensearch-access-control-enabled
opensearch-audit-logging-enabled
opensearch-data-node-fault-tolerance
opensearch-encrypted-at-rest
opensearch-https-required
opensearch-in-vpc-only
opensearch-logs-to-cloudwatch
opensearch-node-to-node-encryption-check
opensearch-primary-node-fault-tolerance
opensearch-update-check
paquete panorama-etiquetado
rabbit-mq-supported-version
rds-aurora-mysql-audit-logging-enabled
rds-aurora-postgresql-logs-to-cloudwatch
rds-automatic-minor-version-upgrade-enabled
rds-cluster-auto-minor-version-upgrade-enable
rds-cluster-backup-retention-check
rds-cluster-default-admin-check
rds-cluster-deletion-protection-enabled
rds-cluster-encrypted-at-rest
rds-cluster-iam-authentication-enabled
rds-cluster-multi-az-enabled
rds-db-security-group-not-allowed
rds-enhanced-monitoring-enabled
rds-event-subscription-tagged
versión compatible con rds-global-cluster-aurora-mysql-
rds-instance-default-admin-check
rds-instance-deletion-protection-enabled
rds-instance-iam-authentication-enabled
rds-instance-public-access-check
rds-instance-subnet-igw-check
rds-in-backup-plan
rds-last-backup-recovery-point-created
rds-logging-enabled
rds-mariadb-instance-encrypted-in-transit
rds-meets-restore-time-target
rds-multi-az-support
rds-mysql-cluster-copy-tags-to-snapshot-check
rds-mysql-instance-encrypted-in-transit
rds-option-group-tagged
rds-pgsql-cluster-copy-tags-to-snapshot-check
rds-postgresql-logs-to-cloudwatch
rds-postgres-instance-encrypted-in-transit
rds-proxy-tls-encryption
rds-resources-protected-by-backup-plan
rds-snapshots-public-prohibited
rds-snapshot-encrypted
rds-sqlserver-encrypted-in-transit
rds-sql-server-logs-to-cloudwatch
rds-storage-encrypted
redshift-audit-logging-enabled
redshift-backup-enabled
redshift-cluster-configuration-check
redshift-cluster-kms-enabled
redshift-cluster-maintenancesettings-check
redshift-cluster-multi-az-enabled
redshift-cluster-parameter-group-tagged
redshift-cluster-public-access-check
redshift-cluster-subnet-group-multi-az
redshift-default-admin-check
redshift-default-db-name-check
redshift-enhanced-vpc-routing-enabled
redshift-require-tls-ssl
redshift-serverless-default-admin-check
redshift-serverless-default-db-name-check
redshift-serverless-namespace-cmk-encryption
redshift-serverless-publish-logs-to-cloudwatch
redshift-serverless-workgroup-encrypted-in-transit
redshift-serverless-workgroup-no-public-access
redshift-serverless-workgroup-routes-within-vpc
redshift-unrestricted-port-access
required-tags
resiliencehub-app-tagged
resiliencehub-etiquetado con política de resiliencia
restricted-incoming-traffic
root-account-hardware-mfa-enabled
root-account-mfa-enabled
route53-health-check-tagged
route53-hosted-zone-tagged
route53-query-logging-enabled
route53 - recovery-control-cluster-tagged
route53: lista para la recuperación, etiquetada con celdas
route53: lista para la recuperación, lista para la recuperación, etiquetada
route53: lista para la recuperación, lista para la recuperación, etiquetada con un grupo
route53-recovery-readiness-resource-set-tagged
route53-resolver-firewall-domain-list-tagged
route53-resolver-firewall-rule-group-association-tagged
route53-resolver-firewall-rule-group-tagged
route53-resolver-resolver-endpoint-tagged
route53-resolver-resolver-rule-tagged
rum-app-monitor-cloudwatch-logs-enabled
rum-app-monitor-tagged
s3express-dir-bucket-lifecycle-rules-check
s3-access-point-in-vpc-only
s3-access-point-public-access-blocks
s3-account-level-public-access-blocks
s3-account-level-public-access-blocks-periodic
s3-bucket-acl-prohibited
s3-bucket-blacklisted-actions-prohibited
s3-bucket-cross-region-replication-enabled
s3-bucket-default-lock-enabled
s3-bucket-level-public-access-prohibited
s3-bucket-logging-enabled
s3-bucket-mfa-delete-enabled
s3-bucket-policy-grantee-check
s3-bucket-policy-not-more-permissive
s3-bucket-public-read-prohibited
s3-bucket-public-write-prohibited
s3-bucket-replication-enabled
s3-bucket-server-side-encryption-enabled
s3-bucket-ssl-requests-only
s3-bucket-tagged
s3-bucket-versioning-enabled
s3-default-encryption-kms
s3-directory-bucket, ciclo de vida, política, regla, verificación
s3-event-notifications-enabled
s3-last-backup-recovery-point-created
s3-lifecycle-policy-check
s3-meets-restore-time-target
s3-resources-in-logically-air-gapped-vault
s3-resources-protected-by-backup-plan
s3-version-lifecycle-policy-check
sagemaker-app-image-config-tagged
sagemaker-data-quality-job-encrypt-in-transit
sagemaker-dato-quality-job-isolation
sagemaker-domain-in-vpc
sagemaker-domain-tagged
sagemaker-endpoint-configuration-kms-key-configured
sagemaker-endpoint-config-prod-instance-count
descripción del grupo de funciones de sagemaker
sagemaker-featuregroup-encryption-at-rest
sagemaker-featuregroup-online-store-encryption
sagemaker-feature-group-tagged
sagemaker-image-description
sagemaker-image-tagged
sagemaker-inferenceexperiment-tagged
sagemaker-model-bias-job-encrypt-in-transit
sagemaker-model-bias-job-isolation
sagemaker-model-explicability-job-encrypt-in-transit
sagemaker-model-in-vpc
sagemaker-model-isolation-enabled
sagemaker-model-multicontenedor-private-registry
se requiere el registro privado del modelo sagemaker-model-private
sagemaker-model-quality-job-encrypt-in-transit
sagemaker-monitorización-planificación-aislamiento
sagemaker-notebook-instance-inside-vpc
sagemaker-notebook-instance-kms-key-configured
sagemaker-notebook-instance-platform-version
sagemaker-notebook-instance-root-access-check
sagemaker-notebook-no-direct-internet-access
secretsmanager-rotation-enabled-check
secretsmanager-scheduled-rotation-success-check
secretsmanager-secret-periodic-rotation
secretsmanager-secret-unused
secretsmanager-using-cmk
securityhub-enabled
security-account-information-provided
service-catalog-portfolio-tagged
service-catalog-shared-within-organization
service-vpc-endpoint-enabled
ses-malware-scanning-enabled
ses-sending-tls-required
shield-advanced-enabled-autorenew
shield-drt-access
signer-signingprofile-tagged
sns-encrypted-kms
sns-topic-message-delivery-notification-enabled
sns-topic-no-public-access
sqs-queue-dlq-check
sqs-queue-no-public-access
sqs-queue-policy-full-access-check
ssm-automation-block-public-sharing
ssm-automation-logging-enabled
ssm-document-not-public
ssm-document-tagged
stepfunctions-state-machine-tagged
step-functions-state-machine-logging-enabled
storagegateway-last-backup-recovery-point-created
storagegateway-resources-in-logically-air-gapped-vault
storagegateway-resources-protected-by-backup-plan
subnet-auto-assign-public-ip-disabled
transfer-agreement-description
transfer-agreement-tagged
transfer-certificate-description
transfer-certificate-tagged
conector de transferencia como 2: verificación del algoritmo de cifrado
transfer-connector-as2-mdn-signing-algoritm-check
conector de transferencia as2: comprobación del algoritmo de firma
transfer-connector-logging-enabled
transfer-connector-tagged
transfer-family-server-no-ftp
transfer-profile-tagged
transfer-workflow-description
transfer-workflow-tagged
virtualmachine-last-backup-recovery-point-created
virtualmachine-resources-in-logically-air-gapped-vault
virtualmachine-resources-protected-by-backup-plan
vpc-default-security-group-closed
vpc-endpoint-enabled
vpc-flow-logs-enabled
vpc-network-acl-unused-check
vpc-peering-dns-resolution-check
vpc-sg-open-only-to-authorized-ports
vpc-sg-port-restriction-check
vpc-vpn-2-tunnels-up
wafv2-logging-enabled
wafv2-rulegroup-logging-enabled
wafv2-rulegroup-not-empty
wafv2-webacl-not-empty
waf-classic-logging-enabled
waf-global-rulegroup-not-empty
waf-global-rule-not-empty
waf-global-webacl-not-empty
waf-regional-rulegroup-not-empty
waf-regional-rule-not-empty
waf-regional-webacl-not-empty
workspaces-connection-alias-tagged
workspaces-root-volume-encryption-enabled
workspaces-user-volume-encryption-enabled
workspaces-workspace-tagged

Aviso JavaScript está desactivado o no está disponible en su navegador.

Para utilizar la documentación de AWS, debe estar habilitado JavaScript. Para obtener más información, consulte las páginas de ayuda de su navegador.

Convenciones del documento

workspaces-workspace-tagged

Lista de reglas administradas por tipo de desencadenador

¿Le ha servido de ayuda esta página? - Sí

Gracias por hacernos saber que estamos haciendo un buen trabajo.

Si tiene un momento, díganos qué es lo que le ha gustado para que podamos seguir trabajando en esa línea.

¿Le ha servido de ayuda esta página? - No

Gracias por informarnos de que debemos trabajar en esta página. Lamentamos haberle defraudado.

Si tiene un momento, díganos cómo podemos mejorar la documentación.