Documentación AWS Config Guía para desarrolladores

Las traducciones son generadas a través de traducción automática. En caso de conflicto entre la traducción y la version original de inglés, prevalecerá la version en inglés.

Lista de AWS Config Reglas administradas por tipo de activador

AWS Config actualmente admite las siguientes reglas administradas. Antes de usar estas reglas, consulte Consideraciones.

Cambios de configuración

Change-triggered las reglas son reglas que se AWS Config evalúan en respuesta a los cambios de configuración.

acmpca-certificate-authority-tagged
acm-certificate-rsa-check
acm-certificate-transparent-logging-habilitado
active-mq-supported-version
alb-desync-mode-check
alb-http-drop-invalid-header-enabled
alb-internal-scheme-check
alb-listener-tagged
alb-tagged
alb-waf-enabled
amplify-app-branch-auto-deletion-enabled
amplify-app-build-spec-configurable
amplify-app-description
amplify-app-no-environment-variables
amplify-app-platform-check
amplify-app-tagged
amplify-branch-habilitada para autoconstrucción
amplify-branch-build-spec-configurado
amplify-branch-description
amplify-branch-framework-configurado
amplify-branch-performance-mode-enabled
amplify-branch-pull-request-previsualización habilitada
amplify-branch-tagged
apigatewayv2, integración-priva-https habilitada
apigatewayv2-stage-description
apigateway-nombre-dominio-tls-check
apigateway-stage-access-logs-enabled
apigateway-stage-description
api-gwv2-access-logs-enabled
api-gwv2-stage-default-route-detailed-metrics-enabled
api-gw-associated-with-waf
api-gw-cache-enabled-and-encrypted
api-gw-endpoint-type-check
api-gw-execution-logging-enabled
api-gw-rest-api-tagged
api-gw-ssl-enabled
api-gw-stage-tagged
api-gw-xray-enabled
appconfig-application-description
appconfig-application-tagged
appconfig-configuration-profile-tagged
appconfig-configuration-profile-validators-not-empty
appconfig-deployment-strategy-description
appconfig-deployment-strategy-minimum-final-bake-time
appconfig-deployment-strategy-replicate-to-ssm
appconfig-deployment-strategy-tagged
appconfig-environment-description
appconfig-environment-tagged
appconfig-extension-association-tagged
appconfig-freeform-profile-config-storage
appconfig-hosted-configuration-version-description
appflow-flow-tagged
appflow-flow-trigger-type-check
verifican las integraciones de aplicaciones, las aplicaciones aprueban los orígenes
integraciones de aplicaciones, etiquetadas con aplicaciones
appintegrations-event-integration-description
appintegrations-event-integration-tagged
appmesh-gateway-route-tagged
appmesh-mesh-deny-tcp-forwarding
appmesh-mesh-ip-pref-check
appmesh-mesh-tagged
appmesh-route-tagged
appmesh-virtual-gateway-backend-defaults-tls
appmesh-virtual-gateway-listeners-health-check habilitado
appmesh-virtual-gateway-logging-file-path-exists
appmesh-virtual-gateway-tagged
appmesh-virtual-node-backend-defaults-tls-on
appmesh-virtual-node-cloud-map-ip-pref-check
appmesh-virtual-node-dns-ip-pref-check
appmesh-virtual-node-listeners-health-check activado
appmesh-virtual-node-listeners-outlier-detect-activado
appmesh-virtual-node-logging-file-path-exists
appmesh-virtual-node-service-backends-tls-forced
appmesh-virtual-node-tagged
appmesh-virtual-router-tagged
appmesh-virtual-service-tagged
approved-amis-by-id
approved-amis-by-tag
apprunner-service-in-vpc
apprunner-service-ip-address-type-check
apprunner-service-max-unhealthy-threshold
aprunner-service-no-public-access
aprunner-service-observability-enabled
apprunner-service-tagged
apprunner-vpc-connector-tagged
appstream-fleet-in-vpc
appsync-authorization-check
appsync-cache-ct-encryption-at-rest
appsync-cache-ct-encryption-in-transit
appsync-graphql-api-xray-enabled
appsync-logging-enabled
aps-rule-groups-namespace-tagged
athena-data-catalog-description
athena-prepared-statement-description
athena-workgroup-description
athena-workgroup-encrypted-at-rest
athena-workgroup-enforce-workgroup-configuration
athena-workgroup-engine-version-auto-upgrade
athena-workgroup-logging-enabled
auditmanager-assessment-tagged
cifrado de bases de datos global aurora-en reposo
aurora-mysql-backtracking-enabled
autoscaling-capacity-rebalancing
autoscaling-group-elb-healthcheck-required
autoscaling-launchconfig-requires-imdsv2
autoscaling-launch-config-hop-limit
autoscaling-launch-config-public-ip-disabled
autoscaling-launch-template
autoscaling-multiple-az
autoscaling-multiple-instance-types
backup-plan-min-frequency-and-min-retention-check
backup-recovery-point-encrypted
backup-recovery-point-manual-deletion-disabled
backup-recovery-point-minimum-retention-check
batch-compute-environment-enabled
batch-compute-environment-managed
batch-compute-environment-tagged
batch-job-queue-enabled
batch-job-queue-tagged
batch-managed-compute-environment-using-launch-template
batch-managed-compute-env-allocation-strategy-check
batch-managed-compute-env-compute-resources-tagged
batch-managed-spot-compute-environment-max-bid
batch-scheduling-policy-tagged
beanstalk-enhanced-health-reporting-enabled
bedrock agentcore-gateway-authorizer-enabled
bedrock Agent Core: tiempo de ejecución, red privada, requerida
bedrock-agentcore - cifrado de memoria activado
cassandra-keyspace-tagged
clb-desync-mode-check
clb-multiple-az
cloudformation-stack-notification-check
cloudformation-stack-service-role-check
cloudformation-termination-protection-check
cloudfront-accesslogs-enabled
cloudfront-associated-with-waf
cloudfront-custom-ssl-certificate
cloudfront-default-root-object-configured
cloudfront-distribution-key-group habilitado
cloudfront-no-deprecated-ssl-protocols
cloudfront-origin-access-identity-enabled
cloudfront-origin-failover-enabled
cloudfront-origin-lambda-url-oac-enabled
cloudfront-s3-origin-access-control-enabled
cloudfront-security-policy-check
cloudfront-sni-enabled
cloudfront-ssl-policy-check
cloudfront-traffic-to-origin-encrypted
cloudfront-viewer-policy-https
cloudtrail-event-data-store-multirregión
cloudwatch-alarm-action-check
cloudwatch-alarm-action-enabled-check
descripción de cloudwatch-alarm-
cloudwatch-alarm-settings-check
cloudwatch-metric-stream-tagged
codeartifact-repository-tagged
codebuild-project-artifact-encryption
codebuild-project-environment-privileged-check
codebuild-project-envvar-awscred-check
codebuild-project-logging-enabled
codebuild-project-s3-logs-encrypted
codebuild-project-source-repo-url-check
codebuild-project-tagged
codebuild-report-group-encrypted-at-rest
codebuild-report-group-tagged
codedeploy-auto-rollback-monitor-enabled
codedeploy-deployment-group-auto-rollback-enabled
codedeploy-deployment-group-outdated-instances-update
codedeploy-ec2-minimum-healthy-hosts-configured
codedeploy-lambda-allatonce-traffic-shift-disabled
codeguruprofiler-profiling-group-tagged
codegurureviewer-repository-association-tagged
codepipeline-deployment-count-check
codepipeline-region-fanout-check
cognito-identity-pool-unauthenticated-logins
cognito-identity-pool-unauth-access-check
cognito-userpool-cust-auth-threat-full-check
cognito-user-pool-advanced-security-enabled
cognito-user-pool está habilitada para la protección contra la eliminación de grupos de usuarios
compatible con cognito-user-pool-mfa
cognito-user-pool-password-policy-check
cognito-user-pool-tagged
connect-instance-logging-enabled
customerprofiles-domain-tagged
customerprofiles-object-type-allow-profile-creation
customerprofiles-object-type-tagged
custom-eventbus-policy-attached
datasync-location-object-storage-using-https
datasync-task-data-verification-enabled
datasync-task-logging-enabled
datasync-task-tagged
db-instance-backup-enabled
desired-instance-tenancy
desired-instance-type
devicefarm-instance-profile-tagged
devicefarm-project-tagged
devicefarm-test-grid-project-tagged
dms-auto-minor-version-upgrade-check
dms-endpoint-ssl-configured
dms-endpoint-tagged
dms-mongo-db-authentication-enabled
dms-neptune-iam-authorization-enabled
dms-redis-tls-enabled
dms-replication-instance-multi-az-enabled
dms-replication-task-sourcedb-logging
dms-replication-task-tagged
dms-replication-task-targetdb-logging
docdb-cluster-audit-logging-enabled
docdb-cluster-backup-retention-check
docdb-cluster-deletion-protection-enabled
docdb-cluster-encrypted
docdb-cluster-snapshot-public-prohibited
dynamodb-pitr-enabled
dynamodb-table-deletion-protection-enabled
dynamodb-table-encrypted-kms
dynamodb-table-encryption-enabled
ebs-optimized-instance
ebs-snapshot-block-public access
ec2-capacity-reservation-tagged
ec2-carrier-gateway-tagged
ec2-client-vpn-connection-log-enabled
ec2-client-vpn-endpoint-tagged
ec2-dhcp-options-tagged
ec2-enis-source-destination-check-enabled
ec2-fleet-tagged
ec2-imdsv2-check
ec2-instance-detailed-monitoring-enabled
ec2-instance-managed-by-ssm
ec2-instance-multiple-eni-check
ec2-instance-no-public-ip
ec2-instance-profile-attached
ec2-ipamscope-tagged
plantilla de lanzamiento de ec2-encriptada con ebs
ec2-launch-templates-ebs-volume-encrypted
ec2-launch-template-imdsv2-check
ec2-launch-template-public-ip-disabled
ec2-launch-template-tagged
ec2-managedinstance-applications-blacklisted
ec2-managedinstance-applications-required
ec2-managedinstance-association-compliance-status-check
ec2-managedinstance-inventory-blacklisted
ec2-managedinstance-patch-compliance-status-check
ec2-managedinstance-platform-check
ec2-network-insights-access-scope-analysis-tagged
ec2-network-insights-access-scope-tagged
ec2-network-insights-analysis-tagged
ec2-network-insights-path-tagged
ec2-no-amazon-key-pair
ec2-paravirtual-instance-check
ec2-prefix-list-tagged
ec2-security-group-attached-to-eni
ec2-spot-fleet-request-ct-encryption-at-rest
ec2-token-hop-limit-check
ec2-traffic-mirror-filter-description
ec2-traffic-mirror-filter-tagged
ec2-traffic-mirror-session-description
ec2-traffic-mirror-session-tagged
ec2-traffic-mirror-target-description
ec2-traffic-mirror-target-tagged
ec2-transit-gateway-auto-vpc-attach-disabled
ec2-transit-gateway-multicast-domain-tagged
ec2-volume-inuse-check
ec2-vpn-connection-ike-version-check
ec2-vpn-connection-logging-enabled
ec2-vpn-connection-tagged
ecr-private-lifecycle-policy-configured
ecr-private-tag-immutability-enabled
ecr-repository-cmk-encryption-enabled
ecr-repository-tagged
ecs-awsvpc-networking-enabled
ecs-capacity-provider-tagged
ecs-capacity provider-termination-check
ecs-containers-nonprivileged
ecs-containers-readonly-access
ecs-container-insights-enabled
ecs-fargate-latest-platform-version
ecs-no-environment-secrets
ecs-service-propagate-tags-habilitado
ecs-task-definition-efs-encryption-habilitado
ecs-task-definition-linux-user-non-root
ecs-task-definition-log-configuration
ecs-task-definition-memory-hard-limit
ecs-task-definition-network-mode-not-host
ecs-task-definition-nonroot-user
ecs-task-definition-pid-mode-check
ecs-task-definition-user-for-host-mode-check
ecs-task-definition-windows-user-non-admin
efs-access-point-enforce-root-directory
efs-access-point-enforce-user-identity
efs-automatic-backups-enabled
efs-filesystem-ct-encrypted
efs-file-system-tagged
eip-attached
eks-addon-tagged
eks-cluster-log-enabled
eks-cluster-oldest-supported-version
eks-cluster-supported-version
eks-fargate-profile-tagged
comprobación de versiones compatible con eks-nodegroup
elasticbeanstalk-application-description
elasticbeanstalk-application-version-description
elasticbeanstalk-environment-description
elasticsearch-logs-to-cloudwatch
elasticsearch-node-to-node-encryption-check
elastic-beanstalk-logs-to-cloudwatch
elastic-beanstalk-managed-updates-enabled
elbv2-listener-encryption-in-transit
elbv2-multiple-az
elbv2-predefined-security-policy-ssl-check
elbv2-targetgroup-healthcheck-protocolo-encriptado
elbv2, grupo de destino, cifrado con protocolo
elb-acm-certificate-required
elb-cross-zone-load-balancing-enabled
elb-custom-security-policy-ssl-check
elb-deletion-protection-enabled
elb-internal-scheme-check
elb-logging-enabled
elb-predefined-security-policy-ssl-check
elb-tagged
elb-tls-https-listeners-only
emr-security-configuration-encryption-rest
emr-security-configuration-encryption-transit
encrypted-volumes
esquemas de eventos: descubridor-etiquetado
esquemas de eventos: etiquetados en el registro
evidently-launch-description
evidently-launch-tagged
evidently-project-description
evidently-project-tagged
evidently-segment-description
evidently-segment-tagged
fis-experiment-template-log-configuration-exists
fis-experiment-template-tagged
fms-shield-resource-policy-check
fms-webacl-resource-policy-check
fms-webacl-rulegroup-association-check
frauddetector-entity-type-tagged
frauddetector-label-tagged
frauddetector-outcome-tagged
frauddetector-variable-tagged
glb-listener-tagged
glb-tagged
global-endpoint-event-replication-enabled
glue-job-logging-enabled
glue-ml-transform-encrypted-at-rest
glue-ml-transform-tagged
glue-spark-job-supported-version
función de configuración de estación terrestre etiquetada
estación terrestre: flujo de datos, punto final, etiquetada
estación terrestre, perfil de misión, etiquetado
tienda de datos de healthlake-fhir etiquetada
iam-customer-policy-blocked-kms-actions
iam-group-has-users-check
iam-inline-policy-blocked-kms-actions
iam-no-inline-policy-check
iam-oidc-provider-client-id-list-check
iam-oidc-provider-tagged
iam-policy-blacklisted-check
descripción de la política de iam
iam-policy-no-statements-with-admin-access
iam-policy-no-statements-with-full-access
iam-role-managed-policy-check
iam-saml-provider-tagged
iam-server-certificate-tagged
iam-user-group-membership-check
iam-user-no-policies-check
generador de imágenes: configuración de distribución, etiquetada
imagebuilder-imagepipeline-tagged
imagebuilder-receta de imagen -ebs-volúmenes cifrados
imagebuilder-receta de imagen etiquetada
generador de imágenes: configuración de infraestructura, etiquetado
instances-in-vpc
internet-gateway-authorized-vpc-only
iotdevicedefender-custom-metric-tagged
iotevents-alarm-model-tagged
iotevents-detector-model-tagged
iotevents-input-tagged
iotsitewise-asset-model-tagged
iotsitewise-dashboard-tagged
iotsitewise-gateway-tagged
iotsitewise-portal-tagged
iotsitewise-project-tagged
iottwinmaker-component-type-tagged
iottwinmaker-entity-tagged
iottwinmaker-scene-tagged
iottwinmaker-sync-job-tagged
iottwinmaker-workspace-tagged
iotwireless-fuota-task-tagged
iotwireless-multicast-group-tagged
iotwireless-service-profile-tagged
iot-authorizer-token-signing-enabled
iot-job-template-tagged
iot-provisioning-template-description
iot-provisioning-template-jitp
iot-provisioning-template-tagged
iot-scheduled-audit-tagged
ivs-channel-playback-authorization-enabled
ivs-channel-tagged
ivs-playback-key-pair-tagged
ivs-recording-configuration-tagged
kendra: indexada
canal de señalización de vídeo de kinesis etiquetado
kinesis, etiquetado en streaming
kinesis-stream-backup-retention-check
kinesis-stream-encrypted
kinesis-video-stream-minimum-data-retention
kms-key-policy-no-public-access
kms-key-tagged
lambda-concurrency-check
lambda-dlq-check
comprobación del nivel de registro de la aplicación lambda
lambda-function-description
lambda-función-log-format-json
lambda-function-public-access-prohibited
lambda-function-settings-check
comprobación del nivel de registro del sistema de funciones lambda
lambda-function-xray-enabled
lambda-inside-vpc
lambda-vpc-multi-az-check
lightsail-bucket-allow-public-overrides-disabled
lightsail-bucket está habilitado para el control de versiones de objetos
con etiqueta LightSail-Bucket-Tagged
etiquetado con certificado de vela ligera
LightSail-Disk-Tagged
paquete multimedia, configuración de embalaje, etiquetado
configuración de reproducción personalizada y etiquetada
memorydb-subnetgroup-tagged
mq-active-broker-ldap-authentication
mq-active-deployment-mode
mq-active-single-instance-broker-storage-type-efs
mq-auto-minor-version-upgrade-enabled
mq-broker-general-logging-enabled
mq-cloudwatch-audit-log-enabled
mq-rabbit-deployment-mode
msk-cluster-public-access-disabled
msk-cluster-tagged
msk-connect-connector-logging-enabled
msk-enhanced-monitoring-enabled
msk-in-cluster-node-require-tls
msk-unrestricted-access-check
nacl-no-unrestricted-ssh-rdp
neptune-cluster-backup-retention-check
neptune-cluster-cloudwatch-log-export-enabled
neptune-cluster-copy-tags-to-snapshot-enabled
neptune-cluster-deletion-protection-enabled
neptune-cluster-encrypted
neptune-cluster-iam-database-authentication
neptune-cluster-multi-az-enabled
neptune-cluster-snapshot-encrypted
neptune-cluster-snapshot-iam-database-auth-enabled
neptune-cluster-snapshot-public-prohibited
netfw-deletion-protection-enabled
netfw-multi-az-enabled
netfw-policy-default-action-fragment-packets
netfw-policy-default-action-full-packets
netfw-policy-rule-group-associated
netfw-stateless-rule-group-not-empty
netfw-subnet-change-protection-enabled
nlb-cross-zone-load-balancing-enabled
nlb-internal-scheme-check
nlb-listener-tagged
nlb-tagged
descripción de opensearchserverless-collection-
opensearch server, sin recopilación, réplicas en espera habilitadas
opensearch-access-control-enabled
opensearch-audit-logging-enabled
opensearch-data-node-fault-tolerance
opensearch-encrypted-at-rest
opensearch-https-required
opensearch-in-vpc-only
opensearch-logs-to-cloudwatch
opensearch-node-to-node-encryption-check
opensearch-primary-node-fault-tolerance
opensearch-update-check
paquete panorama-etiquetado
rabbit-mq-supported-version
rds-aurora-mysql-audit-logging-enabled
rds-aurora-postgresql-logs-to-cloudwatch
rds-automatic-minor-version-upgrade-enabled
rds-cluster-auto-minor-version-upgrade-enable
rds-cluster-backup-retention-check
rds-cluster-default-admin-check
rds-cluster-deletion-protection-enabled
rds-cluster-encrypted-at-rest
rds-cluster-iam-authentication-enabled
rds-cluster-multi-az-enabled
rds-db-security-group-not-allowed
rds-enhanced-monitoring-enabled
rds-event-subscription-tagged
versión compatible con rds-global-cluster-aurora-mysql-
rds-instance-default-admin-check
rds-instance-deletion-protection-enabled
rds-instance-iam-authentication-enabled
rds-instance-public-access-check
rds-logging-enabled
rds-multi-az-support
rds-mysql-cluster-copy-tags-to-snapshot-check
rds-option-group-tagged
rds-pgsql-cluster-copy-tags-to-snapshot-check
rds-postgresql-logs-to-cloudwatch
rds-snapshots-public-prohibited
rds-snapshot-encrypted
rds-sql-server-logs-to-cloudwatch
rds-storage-encrypted
redshift-audit-logging-enabled
redshift-backup-enabled
redshift-cluster-configuration-check
redshift-cluster-kms-enabled
redshift-cluster-maintenancesettings-check
redshift-cluster-multi-az-enabled
redshift-cluster-parameter-group-tagged
redshift-cluster-public-access-check
redshift-cluster-subnet-group-multi-az
redshift-default-admin-check
redshift-default-db-name-check
redshift-enhanced-vpc-routing-enabled
redshift-require-tls-ssl
required-tags
resiliencehub-app-tagged
resiliencehub-etiquetado con política de resiliencia
route53-health-check-tagged
route53-hosted-zone-tagged
route53-query-logging-enabled
route53 - recovery-control-cluster-tagged
route53: lista para la recuperación, etiquetada con celdas
route53: lista para la recuperación, lista para la recuperación, etiquetada
route53: lista para la recuperación, lista para la recuperación, etiquetada con un grupo
route53-recovery-readiness-resource-set-tagged
route53-resolver-firewall-domain-list-tagged
route53-resolver-firewall-rule-group-association-tagged
route53-resolver-firewall-rule-group-tagged
route53-resolver-resolver-endpoint-tagged
route53-resolver-resolver-rule-tagged
rum-app-monitor-cloudwatch-logs-enabled
rum-app-monitor-tagged
s3express-dir-bucket-lifecycle-rules-check
s3-access-point-in-vpc-only
s3-access-point-public-access-blocks
s3-account-level-public-access-blocks
s3-bucket-acl-prohibited
s3-bucket-blacklisted-actions-prohibited
s3-bucket-cross-region-replication-enabled
s3-bucket-default-lock-enabled
s3-bucket-level-public-access-prohibited
s3-bucket-logging-enabled
s3-bucket-mfa-delete-enabled
s3-bucket-policy-grantee-check
s3-bucket-policy-not-more-permissive
s3-bucket-replication-enabled
s3-bucket-server-side-encryption-enabled
s3-bucket-ssl-requests-only
s3-bucket-tagged
s3-bucket-versioning-enabled
s3-default-encryption-kms
s3-directory-bucket, ciclo de vida, política, regla, verificación
s3-event-notifications-enabled
s3-lifecycle-policy-check
s3-version-lifecycle-policy-check
sagemaker-app-image-config-tagged
sagemaker-data-quality-job-encrypt-in-transit
sagemaker-dato-quality-job-isolation
sagemaker-domain-in-vpc
sagemaker-domain-tagged
descripción del grupo de funciones de sagemaker
sagemaker-featuregroup-encryption-at-rest
sagemaker-featuregroup-online-store-encryption
sagemaker-feature-group-tagged
sagemaker-image-description
sagemaker-image-tagged
sagemaker-inferenceexperiment-tagged
sagemaker-model-bias-job-encrypt-in-transit
sagemaker-model-bias-job-isolation
sagemaker-model-explicability-job-encrypt-in-transit
sagemaker-model-in-vpc
sagemaker-model-isolation-enabled
sagemaker-model-multicontenedor-private-registry
se requiere el registro privado del modelo sagemaker-model-private
sagemaker-model-quality-job-encrypt-in-transit
sagemaker-monitorización-planificación-aislamiento
sagemaker-notebook-instance-inside-vpc
sagemaker-notebook-instance-root-access-check
secretsmanager-rotation-enabled-check
secretsmanager-scheduled-rotation-success-check
secretsmanager-using-cmk
service-catalog-portfolio-tagged
service-catalog-shared-within-organization
ses-sending-tls-required
signer-signingprofile-tagged
sns-encrypted-kms
sns-topic-message-delivery-notification-enabled
sns-topic-no-public-access
sqs-queue-dlq-check
sqs-queue-no-public-access
sqs-queue-policy-full-access-check
ssm-document-tagged
stepfunctions-state-machine-tagged
step-functions-state-machine-logging-enabled
subnet-auto-assign-public-ip-disabled
transfer-agreement-description
transfer-agreement-tagged
transfer-certificate-description
transfer-certificate-tagged
conector de transferencia como 2: verificación del algoritmo de cifrado
transfer-connector-as2-mdn-signing-algoritm-check
conector de transferencia as2: comprobación del algoritmo de firma
transfer-connector-logging-enabled
transfer-connector-tagged
transfer-profile-tagged
transfer-workflow-description
transfer-workflow-tagged
vpc-default-security-group-closed
vpc-network-acl-unused-check
vpc-peering-dns-resolution-check
vpc-vpn-2-tunnels-up
wafv2-rulegroup-logging-enabled
wafv2-rulegroup-not-empty
wafv2-webacl-not-empty
waf-global-rulegroup-not-empty
waf-global-rule-not-empty
waf-global-webacl-not-empty
waf-regional-rulegroup-not-empty
waf-regional-rule-not-empty
waf-regional-webacl-not-empty
workspaces-connection-alias-tagged
workspaces-root-volume-encryption-enabled
workspaces-user-volume-encryption-enabled
workspaces-workspace-tagged

Periódico

Las reglas periódicas son reglas que se AWS Config evalúan periódicamente con la frecuencia que usted especifique; por ejemplo, cada 24 horas.

access-keys-rotated
account-part-of-organizations
acm-pca-root-ca-disabled
alb-http-to-https-redirection-check
api-gwv2-authorization-type-configured
appsync-associated-with-waf
appsync-cache-encryption-at-rest
aurora-last-backup-recovery-point-created
aurora-meets-restore-time-target
aurora-mysql-cluster-audit-logging
aurora-resources-in-logically-air-gapped-vault
aurora-resources-protected-by-backup-plan
cloudfront-s3-origin-non-existent-bucket
cloudtrail-all-read-s3-data-event-check
cloudtrail-all-write-s3-data-event-check
cloudtrail-s3-bucket-access-logging
cloudtrail-s3-bucket-public-access-prohibited
cloudtrail-s3-dataevents-enabled
cloudtrail-security-trail-enabled
cloudwatch-alarm-resource-check
cloudwatch-log-group-encrypted
cloud-trail-cloud-watch-logs-enabled
cloud-trail-enabled
cloud-trail-encryption-enabled
cloud-trail-log-file-validation-enabled
cmk-backing-key-rotation-enabled
custom-schema-registry-policy-attached
cw-loggroup-retention-period-check
dax-encryption-enabled
dax-tls-endpoint-encryption
dms-replication-not-public
docdb-cluster-encrypted-in-transit
dynamodb-autoscaling-enabled
dynamodb-in-backup-plan
dynamodb-last-backup-recovery-point-created
dynamodb-meets-restore-time-target
dynamodb-resources-protected-by-backup-plan
dynamodb-throughput-limit-check
ebs-in-backup-plan
ebs-last-backup-recovery-point-created
ebs-meets-restore-time-target
ebs-resources-in-logically-air-gapped-vault
ebs-resources-protected-by-backup-plan
ebs-snapshot-public-restorable-check
ec2-client-vpn-not-authorize-all
ec2-ebs-encryption-by-default
ec2-last-backup-recovery-point-created
ec2-meets-restore-time-target
ec2-resources-in-logically-air-gapped-vault
ec2-resources-protected-by-backup-plan
ec2-security-group-attached-to-eni-periodic
ec2-stopped-instance
ecr-private-image-scanning-enabled
efs-encrypted-check
efs-in-backup-plan
efs-last-backup-recovery-point-created
efs-meets-restore-time-target
efs-mount-target-public-accessible
efs-resources-in-logically-air-gapped-vault
efs-resources-protected-by-backup-plan
eks-cluster-logging-enabled
eks-cluster-secrets-encrypted
eks-endpoint-no-public-access
eks-secrets-encrypted
elasticache-automatic-backup-check-enabled
elasticache-auto-minor-version-upgrade-check
elasticache-rbac-auth-enabled
elasticache-redis-cluster-automatic-backup-check
elasticache-repl-grp-auto-failover-enabled
elasticache-repl-grp-encrypted-at-rest
elasticache-repl-grp-encrypted-in-transit
elasticache-repl-grp-redis-auth-enabled
elasticache-subnet-group-check
elasticache-supported-engine-version
elasticsearch-encrypted-at-rest
elasticsearch-in-vpc-only
elbv2-acm-certificate-required
emr-block-public-access
emr-kerberos-enabled
emr-master-no-public-ip
event-data-store-cmk-encryption-enabled
fsx-last-backup-recovery-point-created
fsx-lustre-copy-tags-to-backups
fsx-meets-restore-time-target
fsx-ontap-deployment-type-check
fsx-openzfs-copy-tags-enabled
fsx-openzfs-deployment-type-check
fsx-resources-protected-by-backup-plan
fsx-windows-audit-log-configured
fsx-windows-deployment-type-check
guardduty-ec2-protection-runtime-enabled
guardduty-ecs-protection-runtime-enabled
guardduty-eks-protection-audit-enabled
guardduty-eks-protection-runtime-enabled
guardduty-enabled-centralized
guardduty-lambda-protection-enabled
guardduty-malware-protection-enabled
guardduty-non-archived-findings
guardduty-rds-protection-enabled
guardduty-runtime-monitoring-enabled
guardduty-s3-protection-enabled
iam-external-access-analyzer-enabled
iam-password-policy
iam-policy-in-use
iam-root-access-key-check
iam-server-certificate-expiration-check
iam-user-mfa-enabled
iam-user-unused-credentials-check
inspector-ec2-scan-enabled
inspector-ecr-scan-enabled
inspector-lambda-code-scan-enabled
inspector-lambda-standard-scan-enabled
kinesis-firehose-delivery-stream-encrypted
kms-cmk-not-scheduled-for-deletion
macie-auto-sensitive-data-discovery-check
macie-status-check
mariadb-publish-logs-to-cloudwatch-logs
mfa-enabled-for-iam-console-access
mq-automatic-minor-version-upgrade-enabled
mq-cloudwatch-audit-logging-enabled
mq-no-public-access
multi-region-cloud-trail-enabled
netfw-logging-enabled
nlb-logging-enabled
rds-instance-subnet-igw-check
rds-in-backup-plan
rds-last-backup-recovery-point-created
rds-mariadb-instance-encrypted-in-transit
rds-meets-restore-time-target
rds-mysql-instance-encrypted-in-transit
rds-postgres-instance-encrypted-in-transit
rds-proxy-tls-encryption
rds-resources-protected-by-backup-plan
rds-sqlserver-encrypted-in-transit
redshift-serverless-default-admin-check
redshift-serverless-default-db-name-check
redshift-serverless-namespace-cmk-encryption
redshift-serverless-publish-logs-to-cloudwatch
redshift-serverless-workgroup-encrypted-in-transit
redshift-serverless-workgroup-no-public-access
redshift-serverless-workgroup-routes-within-vpc
redshift-unrestricted-port-access
root-account-hardware-mfa-enabled
root-account-mfa-enabled
s3-account-level-public-access-blocks-periodic
s3-last-backup-recovery-point-created
s3-meets-restore-time-target
s3-resources-in-logically-air-gapped-vault
s3-resources-protected-by-backup-plan
sagemaker-endpoint-configuration-kms-key-configured
sagemaker-endpoint-config-prod-instance-count
sagemaker-notebook-instance-kms-key-configured
sagemaker-notebook-instance-platform-version
sagemaker-notebook-no-direct-internet-access
secretsmanager-secret-periodic-rotation
secretsmanager-secret-unused
securityhub-enabled
security-account-information-provided
service-vpc-endpoint-enabled
ses-malware-scanning-enabled
shield-advanced-enabled-autorenew
shield-drt-access
ssm-automation-block-public-sharing
ssm-automation-logging-enabled
ssm-document-not-public
storagegateway-last-backup-recovery-point-created
storagegateway-resources-in-logically-air-gapped-vault
storagegateway-resources-protected-by-backup-plan
transfer-family-server-no-ftp
virtualmachine-last-backup-recovery-point-created
virtualmachine-resources-in-logically-air-gapped-vault
virtualmachine-resources-protected-by-backup-plan
vpc-endpoint-enabled
vpc-flow-logs-enabled
vpc-sg-port-restriction-check
wafv2-logging-enabled
waf-classic-logging-enabled

Híbrido

Las reglas híbridas son reglas que se AWS Config evalúan tanto en respuesta a los cambios de configuración como de forma periódica.

acm-certificate-expiration-check
cloudformation-stack-drift-detection-check
ec2-instance-launched-with-allowed-ami
incoming-ssh-disabled
no-unrestricted-route-to-igw
restricted-incoming-traffic
s3-bucket-public-read-prohibited
s3-bucket-public-write-prohibited
vpc-sg-open-only-to-authorized-ports

Aviso JavaScript está desactivado o no está disponible en su navegador.

Para utilizar la documentación de AWS, debe estar habilitado JavaScript. Para obtener más información, consulte las páginas de ayuda de su navegador.

Convenciones del documento

Lista de reglas administradas por modo de evaluación

Lista de reglas administradas por disponibilidad regional

¿Le ha servido de ayuda esta página? - Sí

Gracias por hacernos saber que estamos haciendo un buen trabajo.

Si tiene un momento, díganos qué es lo que le ha gustado para que podamos seguir trabajando en esa línea.

¿Le ha servido de ayuda esta página? - No

Gracias por informarnos de que debemos trabajar en esta página. Lamentamos haberle defraudado.

Si tiene un momento, díganos cómo podemos mejorar la documentación.