Liste des règles AWS Config gérées par type de déclencheur

• acmpca-certificate-authority-tagged

• acm-certificate-rsa-check

• active-mq-supported-version

• alb-desync-mode-check

• alb-http-drop-invalid-activé par en-tête

• alb-internal-scheme-check

• alb-listener-tagged

• étiqueté en laboratoire

• alb-waf-enabled

• amplify-app-branch-auto-activation de la suppression

• amplify-app-description

• amplify-app-no-environment-variables

• amplify-app-tagged

• amplify-branch-description

• amplify-branch-performance-mode-activé

• amplify-branch-tagged

• description des étapes en 2 étapes d'apigatewayv2

• apigateway-stage-access-logs-activé

• apigateway-stage-description

• api-gwv2- access-logs-enabled

• api-gwv2- -compatible avec les métriques stage-default-route-detailed

• api-gw-associated-with-guerre

• api-gw-cache-enabledet crypté

• api-gw-endpoint-type-vérifier

• api-gw-execution-logging-activé

• api-gw-rest-api-étiqueté

• api-gw-ssl-enabled

• api-gw-stage-tagged

• api-gw-xray-enabled

• appconfig-application-description

• appconfig-application-tagged

• appconfig-configuration-profile-tagged

• appconfig-configuration-profile-validators-non vide

• appconfig-deployment-strategy-description

• appconfig-deployment-strategy-minimum-final-bake-time

• appconfig-deployment-strategy-replicate-to-ssm

• appconfig-deployment-strategy-tagged

• appconfig-environment-description

• appconfig-environment-tagged

• appconfig-extension-association-tagged

• appconfig-freeform-profile-config-rangement

• appconfig-hosted-configuration-version-description

• appflow-flow-tagged

• appflow-flow-trigger-type-vérifier

• appintegrations-event-integration-description

• appintegrations-event-integration-tagged

• appmesh-gateway-route-tagged

• appmesh-mesh-deny-tcp-transfert

• appmesh-mesh-tagged

• appmesh-route-tagged

• appmesh-virtual-gateway-backend-defaults-tls

• appmesh-virtual-gateway-logging-file-path-exists

• appmesh-virtual-gateway-tagged

• appmesh-virtual-node-backend-defaults-tls-on

• appmesh-virtual-node-cloud-map-ip-pref-check

• appmesh-virtual-node-dns-ip-pref-check

• appmesh-virtual-node-logging-file-path-exists

• appmesh-virtual-node-tagged

• appmesh-virtual-router-tagged

• appmesh-virtual-service-tagged

• approved-amis-by-id

• approved-amis-by-tag

• apprunner-service-in-vpc

• apprunner-service-ip-address-vérification de type

• apprunner-service-max-unhealthy-seuil

• apprunner-service-no-public-accès

• apprunner-service-observability-enabled

• apprunner-service-tagged

• apprunner-vpc-connector-tagged

• appstream-fleet-in-vpc

• appsync-authorization-check

• appsync-cache-ct-encryption-au repos

• appsync-cache-ct-encryption-en transit

• appsync-graphql-api-xray-activé

• appsync-logging-enabled

• aps-rule-groups-namespace-étiqueté

• athena-data-catalog-description

• athena-prepared-statement-description

• athena-workgroup-description

• athena-workgroup-encrypted-at-repos

• athena-workgroup-enforce-workgroup-configuration

• athena-workgroup-engine-version-mise à niveau automatique

• athena-workgroup-logging-enabled

• auditmanager-assessment-tagged

• aurora-global-database-encryption-au repos

• aurora-mysql-backtracking-enabled

• autoscaling-capacity-rebalancing

• autoscaling-group-elb-healthcheck-obligatoire

• autoscaling-launchconfig-requires-imdsv2

• autoscaling-launch-config-hop-limite

• autoscaling-launch-config-public-IP désactivé

• autoscaling-launch-template

• autoscaling-multiple-az

• autoscaling-multiple-instance-types

• backup-plan-min-frequency-and-min-retention-check

• backup-recovery-point-encrypted

• backup-recovery-point-manual-suppression désactivée

• backup-recovery-point-minimum-contrôle de rétention

• batch-compute-environment-enabled

• batch-compute-environment-managed

• batch-compute-environment-tagged

• batch-job-queue-enabled

• batch-job-queue-tagged

• batch-managed-compute-environment-using-launch-template

• batch-managed-compute-env-allocation-strategy-check

• batch-managed-compute-env-compute-resources-tagged

• batch-managed-spot-compute-environment-max-bid

• batch-scheduling-policy-tagged

• beanstalk-enhanced-health-reporting-activé

• cassandra-keyspace-tagged

• clb-desync-mode-check

• clb-multiple-az

• cloudformation-stack-notification-check

• cloudformation-termination-protection-check

• cloudfront-accesslogs-enabled

• cloudfront-associated-with-waf

• cloudfront-custom-ssl-certificate

• cloudfront-default-root-object-configuré

• cloudfront-no-deprecated-ssl-protocoles

• cloudfront-origin-access-identity-activé

• cloudfront-origin-failover-enabled

• cloudfront-origin-lambda-url-compatible avec oac

• cloudfront-s3- origin-access-control-enabled

• cloudfront-security-policy-check

• cloudfront-sni-enabled

• cloudfront-ssl-policy-check

• cloudfront-traffic-to-origin-crypté

• cloudfront-viewer-policy-https

• cloudwatch-alarm-action-check

• cloudwatch-alarm-action-enabled-vérifier

• cloudwatch-alarm-settings-check

• cloudwatch-metric-stream-tagged

• codebuild-project-artifact-encryption

• codebuild-project-environment-privileged-vérifier

• codebuild-project-envvar-awscred-vérifier

• codebuild-project-logging-enabled

• codebuild-project-sChiffré à 3 journaux

• codebuild-project-source-repo-vérification de l'URL

• codebuild-report-group-encrypted-au repos

• codebuild-report-group-tagged

• codedeploy-auto-rollback-monitor-activé

• codedeploy-deployment-group-auto- compatible avec le rollback

• codedeploy-deployment-group-outdated-mise à jour des instances

• codedeploy-ec2- minimum-healthy-hosts-configured

• codedeploy-lambda-allatonce-traffic-shift-disabled

• codeguruprofiler-profiling-group-tagged

• codegurureviewer-repository-association-tagged

• codepipeline-deployment-count-check

• codepipeline-region-fanout-check

• cognito-identity-pool-unauthenticated-connexions

• cognito-identity-pool-unauth-contrôle d'accès

• cognito-userpool-cust-auth-threat-full-check

• cognito-user-pool-advanced-activé par la sécurité

• cognito-user-pool-deletion-activé par la protection

• cognito-user-pool-mfa-activé

• cognito-user-pool-password-vérification des politiques

• cognito-user-pool-tagged

• connect-instance-logging-enabled

• customerprofiles-domain-tagged

• customerprofiles-object-type-allow-création de profil

• customerprofiles-object-type-tagged

• custom-eventbus-policy-attached

• datasync-location-object-storage-en utilisant https

• datasync-task-data-verification-activé

• datasync-task-logging-enabled

• datasync-task-tagged

• db-instance-backup-enabled

• desired-instance-tenancy

• desired-instance-type

• dms-auto-minor-version-vérification de mise à niveau

• dms-endpoint-ssl-configured

• dms-endpoint-tagged

• dms-mongo-db-authentication-activé

• dms-neptune-iam-authorization-activé

• dms-redis-tls-enabled

• dms-replication-instance-multiactivé par -az

• dms-replication-task-sourcedb-journalisation

• dms-replication-task-tagged

• dms-replication-task-targetdb-journalisation

• docdb-cluster-audit-logging-activé

• docdb-cluster-backup-retention-vérifier

• docdb-cluster-deletion-protection-activé

• docdb-cluster-encrypted

• docdb-cluster-snapshot-public-interdit

• dynamodb-pitr-enabled

• dynamodb-table-deletion-protection-activé

• dynamodb-table-encrypted-kms

• dynamodb-table-encryption-enabled

• ebs-optimized-instance

• ebs-snapshot-block-public-accès

• ec2- capacity-reservation-tagged

• ec2- carrier-gateway-tagged

• compatible avec ec2 client-vpn-connection-log

• ec2- client-vpn-endpoint-tagged

• ec2- dhcp-options-tagged

• compatible avec ec2 enis-source-destination-check

• étiqueté ec2 fleet

• ec2-imdsv2-check

• ec2- instance-detailed-monitoring-enabled

• ec2- instance-managed-by-ssm

• ec2- instance-multiple-eni-check

• ec2- instance-no-public-ip

• ec2- instance-profile-attached

• crypté par ec2 launch-templates-ebs-volume

• ec2- 2-check launch-template-imdsv

• ec2- -désactivé launch-template-public-ip

• ec2- launch-template-tagged

• ec2- managedinstance-applications-blacklisted

• ec2- managedinstance-applications-required

• ec2- -check managedinstance-association-compliance-status

• ec2- managedinstance-inventory-blacklisted

• ec2- -check managedinstance-patch-compliance-status

• ec2- managedinstance-platform-check

• étiqueté ec2- -analysis network-insights-access-scope

• étiqueté ec2 network-insights-access-scope

• ec2- network-insights-analysis-tagged

• ec2- network-insights-path-tagged

• ec2- no-amazon-key-pair

• ec2- paravirtual-instance-check

• ec2- prefix-list-tagged

• ec2- -eni security-group-attached-to

• ec2- - spot-fleet-request-ct encryption-at-rest

• ec2- token-hop-limit-check

• ec2- traffic-mirror-filter-description

• ec2- traffic-mirror-filter-tagged

• ec2- traffic-mirror-session-description

• ec2- traffic-mirror-session-tagged

• ec2- traffic-mirror-target-description

• ec2- traffic-mirror-target-tagged

• ec2- -attach-disabled transit-gateway-auto-vpc

• étiqueté ec2 transit-gateway-multicast-domain

• ec2- volume-inuse-check

• ec2- vpn-connection-logging-enabled

• ec2- vpn-connection-tagged

• ecr-private-lifecycle-policy-configuré

• ecr-private-tag-immutability-activé

• ecr-repository-cmk-encryption-activé

• ecr-repository-tagged

• ecs-awsvpc-networking-enabled

• ecs-capacity-provider-tagged

• ecs-containers-nonprivileged

• ecs-containers-readonly-access

• ecs-container-insights-enabled

• ecs-fargate-latest-platform-version

• ecs-no-environment-secrets

• ecs-task-definition-efs-activé pour le chiffrement

• ecs-task-definition-log-configuration

• ecs-task-definition-memory-limite stricte

• ecs-task-definition-network-mode-not-host

• ecs-task-definition-nonroot-utilisateur

• ecs-task-definition-pid-vérification du mode

• ecs-task-definition-user-for-host-mode-check

• efs-access-point-enforce-répertoire racine

• efs-access-point-enforce-identité de l'utilisateur

• efs-automatic-backups-enabled

• efs-filesystem-ct-encrypted

• efs-file-system-tagged

• eip-attached

• eks-addon-tagged

• eks-cluster-log-enabled

• eks-cluster-oldest-supported-version

• eks-cluster-supported-version

• eks-fargate-profile-tagged

• elasticbeanstalk-application-description

• elasticbeanstalk-application-version-description

• elasticbeanstalk-environment-description

• elasticsearch-logs-to-cloudwatch

• elasticsearch-node-to-node-vérification du chiffrement

• elastic-beanstalk-logs-to- montre cloud

• elastic-beanstalk-managed-updates-activé

• elbv2- listener-encryption-in-transit

• elbv2-multiple-az

• elbv2- -check predefined-security-policy-ssl

• elb-acm-certificate-required

• elb-cross-zone-load-activé pour l'équilibrage

• elb-custom-security-policy-vérification SSL

• elb-deletion-protection-enabled

• elb-internal-scheme-check

• elb-logging-enabled

• elb-predefined-security-policy-vérification SSL

• étiqueté elb

• elb-tls-https-listeners-uniquement

• emr-security-configuration-encryption-repos

• emr-security-configuration-encryption-transit

• encrypted-volumes

• evidently-launch-description

• evidently-launch-tagged

• evidently-project-description

• evidently-project-tagged

• evidently-segment-description

• evidently-segment-tagged

• fis-experiment-template-log-la configuration existe

• fis-experiment-template-tagged

• fms-shield-resource-policy-vérifier

• fms-webacl-resource-policy-vérifier

• fms-webacl-rulegroup-association-vérifier

• frauddetector-entity-type-tagged

• frauddetector-label-tagged

• frauddetector-outcome-tagged

• frauddetector-variable-tagged

• glb-listener-tagged

• étiqueté glb

• global-endpoint-event-replication-activé

• glue-job-logging-enabled

• glue-ml-transform-encrypted-au repos

• glue-ml-transform-tagged

• glue-spark-job-supported-version

• iam-customer-policy-blocked-kms-actions

• iam-group-has-users-vérifier

• iam-inline-policy-blocked-kms-actions

• iam-no-inline-policy-vérifier

• iam-oidc-provider-tagged

• iam-policy-blacklisted-check

• iam-policy-no-statements-with-admin-access

• iam-policy-no-statements-with-full-access

• iam-role-managed-policy-vérifier

• iam-saml-provider-tagged

• iam-server-certificate-tagged

• iam-user-group-membership-vérifier

• iam-user-no-policies-vérifier

• instances-in-vpc

• internet-gateway-authorized-vpc-uniquement

• iotdevicedefender-custom-metric-tagged

• iotevents-alarm-model-tagged

• iotevents-detector-model-tagged

• iotevents-input-tagged

• iotsitewise-asset-model-tagged

• iotsitewise-dashboard-tagged

• iotsitewise-gateway-tagged

• iotsitewise-portal-tagged

• iotsitewise-project-tagged

• iottwinmaker-component-type-tagged

• iottwinmaker-entity-tagged

• iottwinmaker-scene-tagged

• iottwinmaker-sync-job-tagged

• iottwinmaker-workspace-tagged

• iotwireless-fuota-task-tagged

• iotwireless-multicast-group-tagged

• iotwireless-service-profile-tagged

• iot-authorizer-token-signing-activé

• iot-job-template-tagged

• iot-provisioning-template-description

• iot-provisioning-template-jitp

• iot-provisioning-template-tagged

• iot-scheduled-audit-tagged

• ivs-channel-playback-authorization-activé

• ivs-channel-tagged

• ivs-playback-key-pair-étiqueté

• ivs-recording-configuration-tagged

• kinesis-stream-backup-retention-vérifier

• kinesis-stream-encrypted

• kinesis-video-stream-minimum-conservation des données

• kms-key-policy-no-accès public

• kms-key-tagged

• lambda-concurrency-check

• lambda-dlq-check

• lambda-function-description

• lambda-function-public-access-interdit

• lambda-function-settings-check

• lambda-function-xray-enabled

• lambda-inside-vpc

• lambda-vpc-multi-az-vérifier

• lightsail-bucket-allow-public-remplacements désactivés

• lightsail-bucket-tagged

• lightsail-certificate-tagged

• lightsail-disk-tagged

• mq-active-broker-ldap-authentification

• mq-active-deployment-mode

• mq-active-single-instance-broker-storage-type-efs

• mq-auto-minor-version-activé pour la mise à niveau

• mq-broker-general-logging-activé

• mq-cloudwatch-audit-log-activé

• mq-rabbit-deployment-mode

• msk-cluster-public-access-handicapé

• msk-cluster-tagged

• msk-connect-connector-logging-activé

• msk-enhanced-monitoring-enabled

• msk-in-cluster-node-require-tls

• msk-unrestricted-access-check

• nacl-no-unrestricted-ssh-rdp

• neptune-cluster-backup-retention-vérifier

• neptune-cluster-cloudwatch-log-compatible avec l'exportation

• neptune-cluster-copy-tags-to-snapshot-enabled

• neptune-cluster-deletion-protection-activé

• neptune-cluster-encrypted

• neptune-cluster-iam-database-authentification

• neptune-cluster-multi-az-activé

• neptune-cluster-snapshot-encrypted

• neptune-cluster-snapshot-public-interdit

• netfw-deletion-protection-enabled

• netfw-multi-az-enabled

• netfw-policy-default-action-paquets de fragments

• netfw-policy-default-action-paquets complets

• netfw-policy-rule-group-associé

• netfw-stateless-rule-group-non vide

• netfw-subnet-change-protection-activé

• nlb-cross-zone-load-activé pour l'équilibrage

• nlb-internal-scheme-check

• nlb-listener-tagged

• étiqueté nlb

• opensearch-access-control-enabled

• opensearch-audit-logging-enabled

• opensearch-data-node-fault-tolérance

• opensearch-encrypted-at-rest

• opensearch-https-required

• opensearch-in-vpc-only

• opensearch-logs-to-cloudwatch

• opensearch-node-to-node-vérification du chiffrement

• opensearch-primary-node-fault-tolérance

• opensearch-update-check

• rabbit-mq-supported-version

• rds-aurora-mysql-audit-activé pour la journalisation

• rds-aurora-postgresql-logsvers Cloudwatch

• rds-automatic-minor-version-activé pour la mise à niveau

• rds-cluster-auto-minor-version-upgrade-enable

• rds-cluster-default-admin-vérifier

• rds-cluster-deletion-protection-activé

• rds-cluster-encrypted-at-repos

• rds-cluster-iam-authentication-activé

• rds-cluster-multi-az-activé

• rds-db-security-group-non autorisé

• rds-enhanced-monitoring-enabled

• rds-event-subscription-tagged

• rds-instance-default-admin-vérifier

• rds-instance-deletion-protection-activé

• rds-instance-iam-authentication-activé

• rds-instance-public-access-vérifier

• rds-logging-enabled

• rds-multi-az-support

• rds-mysql-cluster-copy-tags-to-snapshot-check

• rds-option-group-tagged

• rds-pgsql-cluster-copy-tags-to-snapshot-check

• rds-postgresql-logs-to- montre cloud

• rds-snapshots-public-prohibited

• rds-snapshot-encrypted

• rds-sql-server-logsvers Cloudwatch

• rds-storage-encrypted

• redshift-audit-logging-enabled

• redshift-backup-enabled

• redshift-cluster-configuration-check

• redshift-cluster-kms-enabled

• redshift-cluster-maintenancesettings-check

• redshift-cluster-multi-az-activé

• redshift-cluster-parameter-group-étiqueté

• redshift-cluster-public-access-vérifier

• redshift-cluster-subnet-group-multi-az

• redshift-default-admin-check

• redshift-default-db-name-vérifier

• redshift-enhanced-vpc-routing-activé

• redshift-require-tls-ssl

• required-tags

• itinéraire 53- health-check-tagged

• itinéraire 53- hosted-zone-tagged

• itinéraire 53- query-logging-enabled

• route 53- - étiqueté resolver-firewall-domain-list

• étiquette route 53- -association-taguée resolver-firewall-rule-group

• route 53- - étiqueté resolver-firewall-rule-group

• itinéraire 53- resolver-resolver-rule-tagged

• rum-app-monitor-cloudwatch-activé pour les journaux

• rum-app-monitor-tagged

• s3 express-dir-bucket-lifecycle - vérification des règles

• s3 access-point-in-vpc - uniquement

• blocs s3 access-point-public-access -

• blocs s3 account-level-public-access -

• s3- bucket-acl-prohibited

• s3- bucket-blacklisted-actions-prohibited

• compatible avec bucket-cross-region-replication s3

• s3- bucket-default-lock-enabled

• s3- bucket-level-public-access -interdit

• s3- bucket-logging-enabled

• s3- bucket-mfa-delete-enabled

• s3- bucket-policy-grantee-check

• s3- bucket-policy-not-more -permissif

• s3- bucket-replication-enabled

• compatible avec bucket-server-side-encryption s3

• s3- bucket-ssl-requests-only

• étiqueté avec un seau S3

• s3- bucket-versioning-enabled

• s3- default-encryption-kms

• s3- event-notifications-enabled

• s3- lifecycle-policy-check

• s3- version-lifecycle-policy-check

• sagemaker-app-image-config-étiqueté

• sagemaker-domain-in-vpc

• sagemaker-domain-tagged

• sagemaker-feature-group-tagged

• sagemaker-image-description

• sagemaker-image-tagged

• sagemaker-model-in-vpc

• sagemaker-model-isolation-enabled

• sagemaker-notebook-instance-inside-vpc

• sagemaker-notebook-instance-root-contrôle d'accès

• secretsmanager-rotation-enabled-check

• secretsmanager-scheduled-rotation-success-vérifier

• secretsmanager-using-cmk

• service-catalog-portfolio-tagged

• service-catalog-shared-within-organisation

• ses-sending-tls-required

• sns-encrypted-kms

• sns-topic-message-delivery-activé pour les notifications

• sns-topic-no-public-accès

• sqs-queue-dlq-check

• sqs-queue-no-public-accès

• sqs-queue-policy-full-contrôle d'accès

• ssm-document-tagged

• stepfunctions-state-machine-tagged

• step-functions-state-machine-activé pour la journalisation

• subnet-auto-assign-public-IP désactivé

• transfer-agreement-description

• transfer-agreement-tagged

• transfer-certificate-description

• transfer-certificate-tagged

• transfer-connector-logging-enabled

• transfer-connector-tagged

• transfer-profile-tagged

• transfer-workflow-description

• transfer-workflow-tagged

• vpc-default-security-group-fermé

• vpc-network-acl-unused-vérifier

• vpc-peering-dns-resolution-vérifier

• vpc-vpn-2-tunnels-up

• wafv2- rulegroup-logging-enabled

• wafv2- rulegroup-not-empty

• wafv2- webacl-not-empty

• waf-global-rulegroup-not-vide

• waf-global-rule-not-vide

• waf-global-webacl-not-vide

• waf-regional-rulegroup-not-vide

• waf-regional-rule-not-vide

• waf-regional-webacl-not-vide

• workspaces-connection-alias-tagged

• workspaces-root-volume-encryption-activé

• workspaces-user-volume-encryption-activé

• workspaces-workspace-tagged

• access-keys-rotated

• account-part-of-organizations

• acm-pca-root-ca-handicapé

• alb-http-to-https-vérification de redirection

• api-gwv2- authorization-type-configured

• appsync-associated-with-waf

• appsync-cache-encryption-at-repos

• aurora-last-backup-recovery-point créé

• aurora-meets-restore-time-cible

• aurora-mysql-cluster-audit-journalisation

• aurora-resources-in-logically-air-gapped-vault

• aurora-resources-protected-by-plan de sauvegarde

• cloudfront-s3- origin-non-existent-bucket

• cloudtrail-all-read-s3- data-event-check

• cloudtrail-all-write-s3- data-event-check

• CloudTrail-S3- bucket-access-logging

• CloudTrail-S3- bucket-public-access-prohibited

• cloudtrail-s3-dataevents-enabled

• cloudtrail-security-trail-enabled

• cloudwatch-alarm-resource-check

• cloudwatch-log-group-encrypted

• cloud-trail-cloud-watch-activé pour les journaux

• cloud-trail-enabled

• cloud-trail-encryption-enabled

• cloud-trail-log-file-activé pour la validation

• cmk-backing-key-rotation-activé

• custom-schema-registry-policy-attaché

• cw-loggroup-retention-period-vérifier

• dax-encryption-enabled

• dax-tls-endpoint-encryption

• dms-replication-not-public

• docdb-cluster-encrypted-in-transit

• dynamodb-autoscaling-enabled

• dynamodb-in-backup-plan

• dynamodb-last-backup-recovery-point créé

• dynamodb-meets-restore-time-cible

• dynamodb-resources-protected-by-plan de sauvegarde

• dynamodb-throughput-limit-check

• ebs-in-backup-plan

• ebs-last-backup-recovery-point créé

• ebs-meets-restore-time-cible

• ebs-resources-in-logically-air-gapped-vault

• ebs-resources-protected-by-plan de sauvegarde

• ebs-snapshot-public-restorable-vérifier

• ec2- -all client-vpn-not-authorize

• ec2- ebs-encryption-by-default

• ec2- créé last-backup-recovery-point

• ec2- meets-restore-time-target

• ec2- -gapped-vault resources-in-logically-air

• plan ec2 resources-protected-by-backup

• ec2- -eni-périodique security-group-attached-to

• ec2-stopped-instance

• ecr-private-image-scanning-activé

• efs-encrypted-check

• efs-in-backup-plan

• efs-last-backup-recovery-point créé

• efs-meets-restore-time-cible

• efs-mount-target-public-accessible

• efs-resources-in-logically-air-gapped-vault

• efs-resources-protected-by-plan de sauvegarde

• eks-cluster-logging-enabled

• eks-cluster-secrets-encrypted

• eks-endpoint-no-public-accès

• eks-secrets-encrypted

• elasticache-automatic-backup-check-activé

• elasticache-auto-minor-version-vérification de mise à niveau

• elasticache-rbac-auth-enabled

• elasticache-redis-cluster-automatic-vérification des sauvegardes

• elasticache-repl-grp-auto-compatible avec le basculement

• elasticache-repl-grp-encrypted-au repos

• elasticache-repl-grp-encrypted-en transit

• elasticache-repl-grp-redis-auth activé

• elasticache-subnet-group-check

• elasticache-supported-engine-version

• elasticsearch-encrypted-at-rest

• elasticsearch-in-vpc-only

• elbv2- acm-certificate-required

• emr-block-public-access

• emr-kerberos-enabled

• emr-master-no-public-IP

• event-data-store-cmk-activé pour le chiffrement

• fsx-last-backup-recovery-point créé

• fsx-lustre-copy-tagsà des sauvegardes

• fsx-meets-restore-time-cible

• fsx-ontap-deployment-type-vérifier

• fsx-openzfs-copy-tags-activé

• fsx-openzfs-deployment-type-vérifier

• fsx-resources-protected-by-plan de sauvegarde

• fsx-windows-audit-log-configuré

• fsx-windows-deployment-type-vérifier

• guardduty-ec2- protection-runtime-enabled

• guardduty-ecs-protection-runtime-activé

• guardduty-eks-protection-audit-activé

• guardduty-eks-protection-runtime-activé

• guardduty-enabled-centralized

• guardduty-lambda-protection-enabled

• guardduty-malware-protection-enabled

• guardduty-non-archived-findings

• guardduty-rds-protection-enabled

• guardduty-runtime-monitoring-enabled

• protection guardduty-s3 activée

• iam-external-access-analyzer-activé

• iam-password-policy

• iam-policy-in-use

• iam-root-access-key-vérifier

• iam-server-certificate-expiration-vérifier

• iam-user-mfa-enabled

• iam-user-unused-credentials-vérifier

• compatible avec inspector-ec2-scan

• inspector-ecr-scan-enabled

• inspector-lambda-code-scan-activé

• inspector-lambda-standard-scan-activé

• kinesis-firehose-delivery-stream-crypté

• kms-cmk-not-scheduled-pour suppression

• macie-auto-sensitive-data-découvre-check

• macie-status-check

• mariadb-publish-logs-to-journaux de surveillance du cloud

• mfa-enabled-for-iam-accès à la console

• mq-automatic-minor-version-activé pour la mise à niveau

• mq-cloudwatch-audit-logging-activé

• mq-no-public-access

• multi-region-cloud-trail-activé

• netfw-logging-enabled

• nlb-logging-enabled

• rds-instance-subnet-igw-vérifier

• rds-in-backup-plan

• rds-last-backup-recovery-point créé

• rds-mariadb-instance-encrypted-en transit

• rds-meets-restore-time-cible

• rds-mysql-instance-encrypted-en transit

• rds-postgres-instance-encrypted-en transit

• rds-proxy-tls-encryption

• rds-resources-protected-by-plan de sauvegarde

• rds-sqlserver-encrypted-in-transit

• redshift-serverless-default-admin-vérifier

• redshift-serverless-default-db-vérification du nom

• redshift-serverless-namespace-cmk-cryptage

• redshift-serverless-publish-logsvers Cloudwatch

• redshift-serverless-workgroup-encrypted-en transit

• redshift-serverless-workgroup-no-accès public

• redshift-serverless-workgroup-routes-dans le VPC

• redshift-unrestricted-port-access

• root-account-hardware-mfa-activé

• root-account-mfa-enabled

• s3- account-level-public-access -blocs-périodique

• s3- last-backup-recovery-point -créé

• s3- meets-restore-time-target

• s3- resources-in-logically-air -gapped-vault

• plan resources-protected-by-backup s3

• sagemaker-endpoint-configuration-kms-configuré par clé

• sagemaker-endpoint-config-prod-nombre d'instances

• sagemaker-notebook-instance-kms-configuré par clé

• sagemaker-notebook-instance-platform-version

• sagemaker-notebook-no-direct-accès à Internet

• secretsmanager-secret-periodic-rotation

• secretsmanager-secret-unused

• securityhub-enabled

• security-account-information-provided

• service-vpc-endpoint-enabled

• ses-malware-scanning-enabled

• shield-advanced-enabled-autorenew

• shield-drt-access

• ssm-automation-block-public-partage

• ssm-automation-logging-enabled

• ssm-document-not-public

• storagegateway-last-backup-recovery-point créé

• storagegateway-resources-in-logically-air-gapped-vault

• storagegateway-resources-protected-by-plan de sauvegarde

• transfer-family-server-no-ftp

• virtualmachine-last-backup-recovery-point créé

• virtualmachine-resources-in-logically-air-gapped-vault

• virtualmachine-resources-protected-by-plan de sauvegarde

• vpc-endpoint-enabled

• vpc-flow-logs-enabled

• vpc-sg-port-restriction-vérifier

• wafv2-logging-enabled

• waf-classic-logging-enabled

• acm-certificate-expiration-check

• cloudformation-stack-drift-detection-vérifier

• ec2- -ami instance-launched-with-allowed

• incoming-ssh-disabled

• no-unrestricted-route-to-igw

• restricted-incoming-traffic

• s3- bucket-public-read-prohibited

• s3- bucket-public-write-prohibited

• vpc-sg-open-only-to-authorized-ports