Class: AWSCDK::Config::ManagedRuleIdentifiers

Inherits:
Jsii::Object
  • Object
show all
Defined in:
config/managed_rule_identifiers.rb

Overview

Managed rules that are supported by AWS Config.

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(*args) ⇒ ManagedRuleIdentifiers

Returns a new instance of ManagedRuleIdentifiers.

Raises:

  • (NoMethodError)


10
11
12
# File 'config/managed_rule_identifiers.rb', line 10

def initialize(*args)
  raise NoMethodError, "aws-cdk-lib.aws_config.ManagedRuleIdentifiers does not have a visible constructor; use the provided factory methods"
end

Class Method Details

.ACCESS_KEYS_ROTATEDString

Checks whether the active access keys are rotated within the number of days specified in maxAccessKeyAge.



23
24
25
# File 'config/managed_rule_identifiers.rb', line 23

def self.ACCESS_KEYS_ROTATED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ACCESS_KEYS_ROTATED")
end

.ACCOUNT_PART_OF_ORGANIZATIONSString

Checks whether AWS account is part of AWS Organizations.



31
32
33
# File 'config/managed_rule_identifiers.rb', line 31

def self.ACCOUNT_PART_OF_ORGANIZATIONS()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ACCOUNT_PART_OF_ORGANIZATIONS")
end

.ACM_CERTIFICATE_EXPIRATION_CHECKString

Checks whether ACM Certificates in your account are marked for expiration within the specified number of days.



39
40
41
# File 'config/managed_rule_identifiers.rb', line 39

def self.ACM_CERTIFICATE_EXPIRATION_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ACM_CERTIFICATE_EXPIRATION_CHECK")
end

.ALB_DESYNC_MODE_CHECKString

Checks if an Application Load Balancer (ALB) is configured with a user defined desync mitigation mode.



47
48
49
# File 'config/managed_rule_identifiers.rb', line 47

def self.ALB_DESYNC_MODE_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ALB_DESYNC_MODE_CHECK")
end

.ALB_HTTP_DROP_INVALID_HEADER_ENABLEDString

Checks if rule evaluates Application Load Balancers (ALBs) to ensure they are configured to drop http headers.



55
56
57
# File 'config/managed_rule_identifiers.rb', line 55

def self.ALB_HTTP_DROP_INVALID_HEADER_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ALB_HTTP_DROP_INVALID_HEADER_ENABLED")
end

.ALB_HTTP_TO_HTTPS_REDIRECTION_CHECKString

Checks whether HTTP to HTTPS redirection is configured on all HTTP listeners of Application Load Balancer.



63
64
65
# File 'config/managed_rule_identifiers.rb', line 63

def self.ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK")
end

.ALB_WAF_ENABLEDString

Checks if Web Application Firewall (WAF) is enabled on Application Load Balancers (ALBs).



71
72
73
# File 'config/managed_rule_identifiers.rb', line 71

def self.ALB_WAF_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ALB_WAF_ENABLED")
end

.API_GW_ASSOCIATED_WITH_WAFString

Checks if an Amazon API Gateway API stage is using an AWS WAF Web ACL.



79
80
81
# File 'config/managed_rule_identifiers.rb', line 79

def self.API_GW_ASSOCIATED_WITH_WAF()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "API_GW_ASSOCIATED_WITH_WAF")
end

.API_GW_CACHE_ENABLED_AND_ENCRYPTEDString

Checks that all methods in Amazon API Gateway stages have caching enabled and encrypted.



87
88
89
# File 'config/managed_rule_identifiers.rb', line 87

def self.API_GW_CACHE_ENABLED_AND_ENCRYPTED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "API_GW_CACHE_ENABLED_AND_ENCRYPTED")
end

.API_GW_ENDPOINT_TYPE_CHECKString

Checks that Amazon API Gateway APIs are of the type specified in the rule parameter endpointConfigurationType.



95
96
97
# File 'config/managed_rule_identifiers.rb', line 95

def self.API_GW_ENDPOINT_TYPE_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "API_GW_ENDPOINT_TYPE_CHECK")
end

.API_GW_EXECUTION_LOGGING_ENABLEDString

Checks that all methods in Amazon API Gateway stage has logging enabled.



103
104
105
# File 'config/managed_rule_identifiers.rb', line 103

def self.API_GW_EXECUTION_LOGGING_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "API_GW_EXECUTION_LOGGING_ENABLED")
end

.API_GW_SSL_ENABLEDString

Checks if a REST API stage uses an Secure Sockets Layer (SSL) certificate.



111
112
113
# File 'config/managed_rule_identifiers.rb', line 111

def self.API_GW_SSL_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "API_GW_SSL_ENABLED")
end

.API_GW_XRAY_ENABLEDString

Checks if AWS X-Ray tracing is enabled on Amazon API Gateway REST APIs.



119
120
121
# File 'config/managed_rule_identifiers.rb', line 119

def self.API_GW_XRAY_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "API_GW_XRAY_ENABLED")
end

.API_GWV2_ACCESS_LOGS_ENABLEDString

Checks if Amazon API Gateway V2 stages have access logging enabled.



127
128
129
# File 'config/managed_rule_identifiers.rb', line 127

def self.API_GWV2_ACCESS_LOGS_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "API_GWV2_ACCESS_LOGS_ENABLED")
end

.API_GWV2_AUTHORIZATION_TYPE_CONFIGUREDString

Checks if Amazon API Gatewayv2 API routes have an authorization type set.



135
136
137
# File 'config/managed_rule_identifiers.rb', line 135

def self.API_GWV2_AUTHORIZATION_TYPE_CONFIGURED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "API_GWV2_AUTHORIZATION_TYPE_CONFIGURED")
end

.APPROVED_AMIS_BY_IDString

Checks whether running instances are using specified AMIs.



143
144
145
# File 'config/managed_rule_identifiers.rb', line 143

def self.APPROVED_AMIS_BY_ID()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "APPROVED_AMIS_BY_ID")
end

.APPROVED_AMIS_BY_TAGString

Checks whether running instances are using specified AMIs.



151
152
153
# File 'config/managed_rule_identifiers.rb', line 151

def self.APPROVED_AMIS_BY_TAG()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "APPROVED_AMIS_BY_TAG")
end

.AURORA_LAST_BACKUP_RECOVERY_POINT_CREATEDString

Checks if a recovery point was created for Amazon Aurora DB clusters.



159
160
161
# File 'config/managed_rule_identifiers.rb', line 159

def self.AURORA_LAST_BACKUP_RECOVERY_POINT_CREATED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "AURORA_LAST_BACKUP_RECOVERY_POINT_CREATED")
end

.AURORA_MYSQL_BACKTRACKING_ENABLEDString

Checks if an Amazon Aurora MySQL cluster has backtracking enabled.



167
168
169
# File 'config/managed_rule_identifiers.rb', line 167

def self.AURORA_MYSQL_BACKTRACKING_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "AURORA_MYSQL_BACKTRACKING_ENABLED")
end

.AURORA_RESOURCES_PROTECTED_BY_BACKUP_PLANString

Checks if Amazon Aurora DB clusters are protected by a backup plan.



175
176
177
# File 'config/managed_rule_identifiers.rb', line 175

def self.AURORA_RESOURCES_PROTECTED_BY_BACKUP_PLAN()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "AURORA_RESOURCES_PROTECTED_BY_BACKUP_PLAN")
end

.AUTOSCALING_CAPACITY_REBALANCINGString

Checks if Capacity Rebalancing is enabled for Amazon EC2 Auto Scaling groups that use multiple instance types.



183
184
185
# File 'config/managed_rule_identifiers.rb', line 183

def self.AUTOSCALING_CAPACITY_REBALANCING()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "AUTOSCALING_CAPACITY_REBALANCING")
end

.AUTOSCALING_GROUP_ELB_HEALTHCHECK_REQUIREDString

Checks whether your Auto Scaling groups that are associated with a load balancer are using Elastic Load Balancing health checks.



191
192
193
# File 'config/managed_rule_identifiers.rb', line 191

def self.AUTOSCALING_GROUP_ELB_HEALTHCHECK_REQUIRED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "AUTOSCALING_GROUP_ELB_HEALTHCHECK_REQUIRED")
end

.AUTOSCALING_LAUNCH_CONFIG_HOP_LIMITString

Checks the number of network hops that the metadata token can travel.



199
200
201
# File 'config/managed_rule_identifiers.rb', line 199

def self.AUTOSCALING_LAUNCH_CONFIG_HOP_LIMIT()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "AUTOSCALING_LAUNCH_CONFIG_HOP_LIMIT")
end

.AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLEDString

Checks if Amazon EC2 Auto Scaling groups have public IP addresses enabled through Launch Configurations.



207
208
209
# File 'config/managed_rule_identifiers.rb', line 207

def self.AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED")
end

.AUTOSCALING_LAUNCH_TEMPLATEString

Checks if an Amazon Elastic Compute Cloud (EC2) Auto Scaling group is created from an EC2 launch template.



215
216
217
# File 'config/managed_rule_identifiers.rb', line 215

def self.AUTOSCALING_LAUNCH_TEMPLATE()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "AUTOSCALING_LAUNCH_TEMPLATE")
end

.AUTOSCALING_LAUNCHCONFIG_REQUIRES_IMDSV2String

Checks whether only IMDSv2 is enabled.



223
224
225
# File 'config/managed_rule_identifiers.rb', line 223

def self.AUTOSCALING_LAUNCHCONFIG_REQUIRES_IMDSV2()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "AUTOSCALING_LAUNCHCONFIG_REQUIRES_IMDSV2")
end

.AUTOSCALING_MULTIPLE_AZString

Checks if the Auto Scaling group spans multiple Availability Zones.



231
232
233
# File 'config/managed_rule_identifiers.rb', line 231

def self.AUTOSCALING_MULTIPLE_AZ()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "AUTOSCALING_MULTIPLE_AZ")
end

.AUTOSCALING_MULTIPLE_INSTANCE_TYPESString

Checks if an Amazon Elastic Compute Cloud (Amazon EC2) Auto Scaling group uses multiple instance types.



239
240
241
# File 'config/managed_rule_identifiers.rb', line 239

def self.AUTOSCALING_MULTIPLE_INSTANCE_TYPES()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "AUTOSCALING_MULTIPLE_INSTANCE_TYPES")
end

.BACKUP_PLAN_MIN_FREQUENCY_AND_MIN_RETENTION_CHECKString

Checks if a backup plan has a backup rule that satisfies the required frequency and retention period.



247
248
249
# File 'config/managed_rule_identifiers.rb', line 247

def self.BACKUP_PLAN_MIN_FREQUENCY_AND_MIN_RETENTION_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "BACKUP_PLAN_MIN_FREQUENCY_AND_MIN_RETENTION_CHECK")
end

.BACKUP_RECOVERY_POINT_ENCRYPTEDString

Checks if a recovery point is encrypted.



255
256
257
# File 'config/managed_rule_identifiers.rb', line 255

def self.BACKUP_RECOVERY_POINT_ENCRYPTED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "BACKUP_RECOVERY_POINT_ENCRYPTED")
end

.BACKUP_RECOVERY_POINT_MANUAL_DELETION_DISABLEDString

Checks if a backup vault has an attached resource-based policy which prevents deletion of recovery points.



263
264
265
# File 'config/managed_rule_identifiers.rb', line 263

def self.BACKUP_RECOVERY_POINT_MANUAL_DELETION_DISABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "BACKUP_RECOVERY_POINT_MANUAL_DELETION_DISABLED")
end

.BACKUP_RECOVERY_POINT_MINIMUM_RETENTION_CHECKString

Checks if a recovery point expires no earlier than after the specified period.



271
272
273
# File 'config/managed_rule_identifiers.rb', line 271

def self.BACKUP_RECOVERY_POINT_MINIMUM_RETENTION_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "BACKUP_RECOVERY_POINT_MINIMUM_RETENTION_CHECK")
end

.BEANSTALK_ENHANCED_HEALTH_REPORTING_ENABLEDString

Checks if an AWS Elastic Beanstalk environment is configured for enhanced health reporting.



279
280
281
# File 'config/managed_rule_identifiers.rb', line 279

def self.BEANSTALK_ENHANCED_HEALTH_REPORTING_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "BEANSTALK_ENHANCED_HEALTH_REPORTING_ENABLED")
end

.CLB_DESYNC_MODE_CHECKString

Checks if Classic Load Balancers (CLB) are configured with a user defined Desync mitigation mode.



287
288
289
# File 'config/managed_rule_identifiers.rb', line 287

def self.CLB_DESYNC_MODE_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLB_DESYNC_MODE_CHECK")
end

.CLB_MULTIPLE_AZString

Checks if a Classic Load Balancer spans multiple Availability Zones (AZs).



295
296
297
# File 'config/managed_rule_identifiers.rb', line 295

def self.CLB_MULTIPLE_AZ()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLB_MULTIPLE_AZ")
end

.CLOUD_TRAIL_CLOUD_WATCH_LOGS_ENABLEDString

Checks whether AWS CloudTrail trails are configured to send logs to Amazon CloudWatch Logs.



303
304
305
# File 'config/managed_rule_identifiers.rb', line 303

def self.CLOUD_TRAIL_CLOUD_WATCH_LOGS_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUD_TRAIL_CLOUD_WATCH_LOGS_ENABLED")
end

.CLOUD_TRAIL_ENABLEDString

Checks whether AWS CloudTrail is enabled in your AWS account.



311
312
313
# File 'config/managed_rule_identifiers.rb', line 311

def self.CLOUD_TRAIL_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUD_TRAIL_ENABLED")
end

.CLOUD_TRAIL_ENCRYPTION_ENABLEDString

Checks whether AWS CloudTrail is configured to use the server side encryption (SSE) AWS Key Management Service (AWS KMS) customer master key (CMK) encryption.



319
320
321
# File 'config/managed_rule_identifiers.rb', line 319

def self.CLOUD_TRAIL_ENCRYPTION_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUD_TRAIL_ENCRYPTION_ENABLED")
end

.CLOUD_TRAIL_LOG_FILE_VALIDATION_ENABLEDString

Checks whether AWS CloudTrail creates a signed digest file with logs.



327
328
329
# File 'config/managed_rule_identifiers.rb', line 327

def self.CLOUD_TRAIL_LOG_FILE_VALIDATION_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUD_TRAIL_LOG_FILE_VALIDATION_ENABLED")
end

.CLOUDFORMATION_STACK_DRIFT_DETECTION_CHECKString

Checks whether an AWS CloudFormation stack's actual configuration differs, or has drifted, from its expected configuration.



335
336
337
# File 'config/managed_rule_identifiers.rb', line 335

def self.CLOUDFORMATION_STACK_DRIFT_DETECTION_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUDFORMATION_STACK_DRIFT_DETECTION_CHECK")
end

.CLOUDFORMATION_STACK_NOTIFICATION_CHECKString

Checks whether your CloudFormation stacks are sending event notifications to an SNS topic.



343
344
345
# File 'config/managed_rule_identifiers.rb', line 343

def self.CLOUDFORMATION_STACK_NOTIFICATION_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUDFORMATION_STACK_NOTIFICATION_CHECK")
end

.CLOUDFRONT_ACCESSLOGS_ENABLEDString

Checks if Amazon CloudFront distributions are configured to capture information from Amazon Simple Storage Service (Amazon S3) server access logs.



351
352
353
# File 'config/managed_rule_identifiers.rb', line 351

def self.CLOUDFRONT_ACCESSLOGS_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUDFRONT_ACCESSLOGS_ENABLED")
end

.CLOUDFRONT_ASSOCIATED_WITH_WAFString

Checks if Amazon CloudFront distributions are associated with either WAF or WAFv2 web access control lists (ACLs).



359
360
361
# File 'config/managed_rule_identifiers.rb', line 359

def self.CLOUDFRONT_ASSOCIATED_WITH_WAF()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUDFRONT_ASSOCIATED_WITH_WAF")
end

.CLOUDFRONT_CUSTOM_SSL_CERTIFICATEString

Checks if the certificate associated with an Amazon CloudFront distribution is the default Secure Sockets Layer (SSL) certificate.



367
368
369
# File 'config/managed_rule_identifiers.rb', line 367

def self.CLOUDFRONT_CUSTOM_SSL_CERTIFICATE()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUDFRONT_CUSTOM_SSL_CERTIFICATE")
end

.CLOUDFRONT_DEFAULT_ROOT_OBJECT_CONFIGUREDString

Checks if an Amazon CloudFront distribution is configured to return a specific object that is the default root object.



375
376
377
# File 'config/managed_rule_identifiers.rb', line 375

def self.CLOUDFRONT_DEFAULT_ROOT_OBJECT_CONFIGURED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUDFRONT_DEFAULT_ROOT_OBJECT_CONFIGURED")
end

.CLOUDFRONT_NO_DEPRECATED_SSL_PROTOCOLSString

Checks if CloudFront distributions are using deprecated SSL protocols for HTTPS communication between CloudFront edge locations and custom origins.



383
384
385
# File 'config/managed_rule_identifiers.rb', line 383

def self.CLOUDFRONT_NO_DEPRECATED_SSL_PROTOCOLS()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUDFRONT_NO_DEPRECATED_SSL_PROTOCOLS")
end

.CLOUDFRONT_ORIGIN_ACCESS_IDENTITY_ENABLEDString

Checks that Amazon CloudFront distribution with Amazon S3 Origin type has Origin Access Identity (OAI) configured.



391
392
393
# File 'config/managed_rule_identifiers.rb', line 391

def self.CLOUDFRONT_ORIGIN_ACCESS_IDENTITY_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUDFRONT_ORIGIN_ACCESS_IDENTITY_ENABLED")
end

.CLOUDFRONT_ORIGIN_FAILOVER_ENABLEDString

Checks whether an origin group is configured for the distribution of at least 2 origins in the origin group for Amazon CloudFront.



399
400
401
# File 'config/managed_rule_identifiers.rb', line 399

def self.CLOUDFRONT_ORIGIN_FAILOVER_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUDFRONT_ORIGIN_FAILOVER_ENABLED")
end

.CLOUDFRONT_SECURITY_POLICY_CHECKString

Checks if Amazon CloudFront distributions are using a minimum security policy and cipher suite of TLSv1.2 or greater for viewer connections.



407
408
409
# File 'config/managed_rule_identifiers.rb', line 407

def self.CLOUDFRONT_SECURITY_POLICY_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUDFRONT_SECURITY_POLICY_CHECK")
end

.CLOUDFRONT_SNI_ENABLEDString

Checks if Amazon CloudFront distributions are using a custom SSL certificate and are configured to use SNI to serve HTTPS requests.



415
416
417
# File 'config/managed_rule_identifiers.rb', line 415

def self.CLOUDFRONT_SNI_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUDFRONT_SNI_ENABLED")
end

.CLOUDFRONT_TRAFFIC_TO_ORIGIN_ENCRYPTEDString

Checks if Amazon CloudFront distributions are encrypting traffic to custom origins.



423
424
425
# File 'config/managed_rule_identifiers.rb', line 423

def self.CLOUDFRONT_TRAFFIC_TO_ORIGIN_ENCRYPTED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUDFRONT_TRAFFIC_TO_ORIGIN_ENCRYPTED")
end

.CLOUDFRONT_VIEWER_POLICY_HTTPSString

Checks whether your Amazon CloudFront distributions use HTTPS (directly or via a redirection).



431
432
433
# File 'config/managed_rule_identifiers.rb', line 431

def self.CLOUDFRONT_VIEWER_POLICY_HTTPS()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUDFRONT_VIEWER_POLICY_HTTPS")
end

.CLOUDTRAIL_MULTI_REGION_ENABLEDString

Checks that there is at least one multi-region AWS CloudTrail.



439
440
441
# File 'config/managed_rule_identifiers.rb', line 439

def self.CLOUDTRAIL_MULTI_REGION_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUDTRAIL_MULTI_REGION_ENABLED")
end

.CLOUDTRAIL_S3_DATAEVENTS_ENABLEDString

Checks whether at least one AWS CloudTrail trail is logging Amazon S3 data events for all S3 buckets.



447
448
449
# File 'config/managed_rule_identifiers.rb', line 447

def self.CLOUDTRAIL_S3_DATAEVENTS_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUDTRAIL_S3_DATAEVENTS_ENABLED")
end

.CLOUDTRAIL_SECURITY_TRAIL_ENABLEDString

Checks that there is at least one AWS CloudTrail trail defined with security best practices.



455
456
457
# File 'config/managed_rule_identifiers.rb', line 455

def self.CLOUDTRAIL_SECURITY_TRAIL_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUDTRAIL_SECURITY_TRAIL_ENABLED")
end

.CLOUDWATCH_ALARM_ACTION_CHECKString

Checks whether CloudWatch alarms have at least one alarm action, one INSUFFICIENT_DATA action, or one OK action enabled.



463
464
465
# File 'config/managed_rule_identifiers.rb', line 463

def self.CLOUDWATCH_ALARM_ACTION_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUDWATCH_ALARM_ACTION_CHECK")
end

.CLOUDWATCH_ALARM_ACTION_ENABLED_CHECKString

Checks if Amazon CloudWatch alarms actions are in enabled state.



471
472
473
# File 'config/managed_rule_identifiers.rb', line 471

def self.CLOUDWATCH_ALARM_ACTION_ENABLED_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUDWATCH_ALARM_ACTION_ENABLED_CHECK")
end

.CLOUDWATCH_ALARM_RESOURCE_CHECKString

Checks whether the specified resource type has a CloudWatch alarm for the specified metric.



479
480
481
# File 'config/managed_rule_identifiers.rb', line 479

def self.CLOUDWATCH_ALARM_RESOURCE_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUDWATCH_ALARM_RESOURCE_CHECK")
end

.CLOUDWATCH_ALARM_SETTINGS_CHECKString

Checks whether CloudWatch alarms with the given metric name have the specified settings.



487
488
489
# File 'config/managed_rule_identifiers.rb', line 487

def self.CLOUDWATCH_ALARM_SETTINGS_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUDWATCH_ALARM_SETTINGS_CHECK")
end

.CLOUDWATCH_LOG_GROUP_ENCRYPTEDString

Checks whether a log group in Amazon CloudWatch Logs is encrypted with a AWS Key Management Service (KMS) managed Customer Master Keys (CMK).



495
496
497
# File 'config/managed_rule_identifiers.rb', line 495

def self.CLOUDWATCH_LOG_GROUP_ENCRYPTED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUDWATCH_LOG_GROUP_ENCRYPTED")
end

.CMK_BACKING_KEY_ROTATION_ENABLEDString

Checks that key rotation is enabled for each key and matches to the key ID of the customer created customer master key (CMK).



503
504
505
# File 'config/managed_rule_identifiers.rb', line 503

def self.CMK_BACKING_KEY_ROTATION_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CMK_BACKING_KEY_ROTATION_ENABLED")
end

.CODEBUILD_PROJECT_ARTIFACT_ENCRYPTIONString

Checks if an AWS CodeBuild project has encryption enabled for all of its artifacts.



511
512
513
# File 'config/managed_rule_identifiers.rb', line 511

def self.CODEBUILD_PROJECT_ARTIFACT_ENCRYPTION()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CODEBUILD_PROJECT_ARTIFACT_ENCRYPTION")
end

.CODEBUILD_PROJECT_ENVIRONMENT_PRIVILEGED_CHECKString

Checks if an AWS CodeBuild project environment has privileged mode enabled.



519
520
521
# File 'config/managed_rule_identifiers.rb', line 519

def self.CODEBUILD_PROJECT_ENVIRONMENT_PRIVILEGED_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CODEBUILD_PROJECT_ENVIRONMENT_PRIVILEGED_CHECK")
end

.CODEBUILD_PROJECT_ENVVAR_AWSCRED_CHECKString

Checks whether the project contains environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY.



527
528
529
# File 'config/managed_rule_identifiers.rb', line 527

def self.CODEBUILD_PROJECT_ENVVAR_AWSCRED_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CODEBUILD_PROJECT_ENVVAR_AWSCRED_CHECK")
end

.CODEBUILD_PROJECT_LOGGING_ENABLEDString

Checks if an AWS CodeBuild project environment has at least one log option enabled.



535
536
537
# File 'config/managed_rule_identifiers.rb', line 535

def self.CODEBUILD_PROJECT_LOGGING_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CODEBUILD_PROJECT_LOGGING_ENABLED")
end

.CODEBUILD_PROJECT_S3_LOGS_ENCRYPTEDString

Checks if a AWS CodeBuild project configured with Amazon S3 Logs has encryption enabled for its logs.



543
544
545
# File 'config/managed_rule_identifiers.rb', line 543

def self.CODEBUILD_PROJECT_S3_LOGS_ENCRYPTED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CODEBUILD_PROJECT_S3_LOGS_ENCRYPTED")
end

.CODEBUILD_PROJECT_SOURCE_REPO_URL_CHECKString

Checks whether the GitHub or Bitbucket source repository URL contains either personal access tokens or user name and password.



551
552
553
# File 'config/managed_rule_identifiers.rb', line 551

def self.CODEBUILD_PROJECT_SOURCE_REPO_URL_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CODEBUILD_PROJECT_SOURCE_REPO_URL_CHECK")
end

.CODEDEPLOY_AUTO_ROLLBACK_MONITOR_ENABLEDString

Checks if the deployment group is configured with automatic deployment rollback and deployment monitoring with alarms attached.



559
560
561
# File 'config/managed_rule_identifiers.rb', line 559

def self.CODEDEPLOY_AUTO_ROLLBACK_MONITOR_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CODEDEPLOY_AUTO_ROLLBACK_MONITOR_ENABLED")
end

.CODEDEPLOY_EC2_MINIMUM_HEALTHY_HOSTS_CONFIGUREDString

Checks if the deployment group for EC2/On-Premises Compute Platform is configured with a minimum healthy hosts fleet percentage or host count greater than or equal to the input threshold.



567
568
569
# File 'config/managed_rule_identifiers.rb', line 567

def self.CODEDEPLOY_EC2_MINIMUM_HEALTHY_HOSTS_CONFIGURED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CODEDEPLOY_EC2_MINIMUM_HEALTHY_HOSTS_CONFIGURED")
end

.CODEDEPLOY_LAMBDA_ALLATONCE_TRAFFIC_SHIFT_DISABLEDString

Checks if the deployment group for Lambda Compute Platform is not using the default deployment configuration.



575
576
577
# File 'config/managed_rule_identifiers.rb', line 575

def self.CODEDEPLOY_LAMBDA_ALLATONCE_TRAFFIC_SHIFT_DISABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CODEDEPLOY_LAMBDA_ALLATONCE_TRAFFIC_SHIFT_DISABLED")
end

.CODEPIPELINE_DEPLOYMENT_COUNT_CHECKString

Checks whether the first deployment stage of the AWS CodePipeline performs more than one deployment.



583
584
585
# File 'config/managed_rule_identifiers.rb', line 583

def self.CODEPIPELINE_DEPLOYMENT_COUNT_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CODEPIPELINE_DEPLOYMENT_COUNT_CHECK")
end

.CODEPIPELINE_REGION_FANOUT_CHECKString

Checks whether each stage in the AWS CodePipeline deploys to more than N times the number of the regions the AWS CodePipeline has deployed in all the previous combined stages, where N is the region fanout number.



591
592
593
# File 'config/managed_rule_identifiers.rb', line 591

def self.CODEPIPELINE_REGION_FANOUT_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CODEPIPELINE_REGION_FANOUT_CHECK")
end

.CW_LOGGROUP_RETENTION_PERIOD_CHECKString

Checks whether Amazon CloudWatch LogGroup retention period is set to specific number of days.



599
600
601
# File 'config/managed_rule_identifiers.rb', line 599

def self.CW_LOGGROUP_RETENTION_PERIOD_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CW_LOGGROUP_RETENTION_PERIOD_CHECK")
end

.DAX_ENCRYPTION_ENABLEDString

Checks that DynamoDB Accelerator (DAX) clusters are encrypted.



607
608
609
# File 'config/managed_rule_identifiers.rb', line 607

def self.DAX_ENCRYPTION_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "DAX_ENCRYPTION_ENABLED")
end

.DMS_REPLICATION_NOT_PUBLICString

Checks whether AWS Database Migration Service replication instances are public.



615
616
617
# File 'config/managed_rule_identifiers.rb', line 615

def self.DMS_REPLICATION_NOT_PUBLIC()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "DMS_REPLICATION_NOT_PUBLIC")
end

.DYNAMODB_AUTOSCALING_ENABLEDString

Checks whether Auto Scaling or On-Demand is enabled on your DynamoDB tables and/or global secondary indexes.



623
624
625
# File 'config/managed_rule_identifiers.rb', line 623

def self.DYNAMODB_AUTOSCALING_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "DYNAMODB_AUTOSCALING_ENABLED")
end

.DYNAMODB_IN_BACKUP_PLANString

Checks whether Amazon DynamoDB table is present in AWS Backup plans.



631
632
633
# File 'config/managed_rule_identifiers.rb', line 631

def self.DYNAMODB_IN_BACKUP_PLAN()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "DYNAMODB_IN_BACKUP_PLAN")
end

.DYNAMODB_LAST_BACKUP_RECOVERY_POINT_CREATEDString

Checks if a recovery point was created for Amazon DynamoDB Tables within the specified period.



639
640
641
# File 'config/managed_rule_identifiers.rb', line 639

def self.DYNAMODB_LAST_BACKUP_RECOVERY_POINT_CREATED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "DYNAMODB_LAST_BACKUP_RECOVERY_POINT_CREATED")
end

.DYNAMODB_PITR_ENABLEDString

Checks that point in time recovery (PITR) is enabled for Amazon DynamoDB tables.



647
648
649
# File 'config/managed_rule_identifiers.rb', line 647

def self.DYNAMODB_PITR_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "DYNAMODB_PITR_ENABLED")
end

.DYNAMODB_RESOURCES_PROTECTED_BY_BACKUP_PLANString

Checks if Amazon DynamoDB tables are protected by a backup plan.



655
656
657
# File 'config/managed_rule_identifiers.rb', line 655

def self.DYNAMODB_RESOURCES_PROTECTED_BY_BACKUP_PLAN()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "DYNAMODB_RESOURCES_PROTECTED_BY_BACKUP_PLAN")
end

.DYNAMODB_TABLE_ENCRYPTED_KMSString

Checks whether Amazon DynamoDB table is encrypted with AWS Key Management Service (KMS).



663
664
665
# File 'config/managed_rule_identifiers.rb', line 663

def self.DYNAMODB_TABLE_ENCRYPTED_KMS()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "DYNAMODB_TABLE_ENCRYPTED_KMS")
end

.DYNAMODB_TABLE_ENCRYPTION_ENABLEDString

Checks whether the Amazon DynamoDB tables are encrypted and checks their status.



671
672
673
# File 'config/managed_rule_identifiers.rb', line 671

def self.DYNAMODB_TABLE_ENCRYPTION_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "DYNAMODB_TABLE_ENCRYPTION_ENABLED")
end

.DYNAMODB_THROUGHPUT_LIMIT_CHECKString

Checks whether provisioned DynamoDB throughput is approaching the maximum limit for your account.



679
680
681
# File 'config/managed_rule_identifiers.rb', line 679

def self.DYNAMODB_THROUGHPUT_LIMIT_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "DYNAMODB_THROUGHPUT_LIMIT_CHECK")
end

.EBS_ENCRYPTED_VOLUMESString

Checks whether the EBS volumes that are in an attached state are encrypted.



687
688
689
# File 'config/managed_rule_identifiers.rb', line 687

def self.EBS_ENCRYPTED_VOLUMES()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EBS_ENCRYPTED_VOLUMES")
end

.EBS_IN_BACKUP_PLANString

Checks if Amazon Elastic Block Store (Amazon EBS) volumes are added in backup plans of AWS Backup.



695
696
697
# File 'config/managed_rule_identifiers.rb', line 695

def self.EBS_IN_BACKUP_PLAN()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EBS_IN_BACKUP_PLAN")
end

.EBS_OPTIMIZED_INSTANCEString

Checks whether EBS optimization is enabled for your EC2 instances that can be EBS-optimized.



703
704
705
# File 'config/managed_rule_identifiers.rb', line 703

def self.EBS_OPTIMIZED_INSTANCE()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EBS_OPTIMIZED_INSTANCE")
end

.EBS_RESOURCES_PROTECTED_BY_BACKUP_PLANString

Checks if Amazon Elastic Block Store (Amazon EBS) volumes are protected by a backup plan.



711
712
713
# File 'config/managed_rule_identifiers.rb', line 711

def self.EBS_RESOURCES_PROTECTED_BY_BACKUP_PLAN()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EBS_RESOURCES_PROTECTED_BY_BACKUP_PLAN")
end

.EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECKString

Checks whether Amazon Elastic Block Store snapshots are not publicly restorable.



719
720
721
# File 'config/managed_rule_identifiers.rb', line 719

def self.EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK")
end

.EC2_DESIRED_INSTANCE_TENANCYString

Checks instances for specified tenancy.



727
728
729
# File 'config/managed_rule_identifiers.rb', line 727

def self.EC2_DESIRED_INSTANCE_TENANCY()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_DESIRED_INSTANCE_TENANCY")
end

.EC2_DESIRED_INSTANCE_TYPEString

Checks whether your EC2 instances are of the specified instance types.



735
736
737
# File 'config/managed_rule_identifiers.rb', line 735

def self.EC2_DESIRED_INSTANCE_TYPE()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_DESIRED_INSTANCE_TYPE")
end

.EC2_EBS_ENCRYPTION_BY_DEFAULTString

Check that Amazon Elastic Block Store (EBS) encryption is enabled by default.



743
744
745
# File 'config/managed_rule_identifiers.rb', line 743

def self.EC2_EBS_ENCRYPTION_BY_DEFAULT()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_EBS_ENCRYPTION_BY_DEFAULT")
end

.EC2_IMDSV2_CHECKString

Checks whether your Amazon Elastic Compute Cloud (Amazon EC2) instance metadata version is configured with Instance Metadata Service Version 2 (IMDSv2).



751
752
753
# File 'config/managed_rule_identifiers.rb', line 751

def self.EC2_IMDSV2_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_IMDSV2_CHECK")
end

.EC2_INSTANCE_DETAILED_MONITORING_ENABLEDString

Checks whether detailed monitoring is enabled for EC2 instances.



759
760
761
# File 'config/managed_rule_identifiers.rb', line 759

def self.EC2_INSTANCE_DETAILED_MONITORING_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_INSTANCE_DETAILED_MONITORING_ENABLED")
end

.EC2_INSTANCE_MANAGED_BY_SSMString

Checks whether the Amazon EC2 instances in your account are managed by AWS Systems Manager.



767
768
769
# File 'config/managed_rule_identifiers.rb', line 767

def self.EC2_INSTANCE_MANAGED_BY_SSM()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_INSTANCE_MANAGED_BY_SSM")
end

.EC2_INSTANCE_MULTIPLE_ENI_CHECKString

Checks if Amazon Elastic Compute Cloud (Amazon EC2) uses multiple ENIs (Elastic Network Interfaces) or Elastic Fabric Adapters (EFAs).



775
776
777
# File 'config/managed_rule_identifiers.rb', line 775

def self.EC2_INSTANCE_MULTIPLE_ENI_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_INSTANCE_MULTIPLE_ENI_CHECK")
end

.EC2_INSTANCE_NO_PUBLIC_IPString

Checks whether Amazon Elastic Compute Cloud (Amazon EC2) instances have a public IP association.



783
784
785
# File 'config/managed_rule_identifiers.rb', line 783

def self.EC2_INSTANCE_NO_PUBLIC_IP()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_INSTANCE_NO_PUBLIC_IP")
end

.EC2_INSTANCE_PROFILE_ATTACHEDString

Checks if an Amazon Elastic Compute Cloud (Amazon EC2) instance has an Identity and Access Management (IAM) profile attached to it.

This rule is NON_COMPLIANT if no IAM profile is attached to the Amazon EC2 instance.



794
795
796
# File 'config/managed_rule_identifiers.rb', line 794

def self.EC2_INSTANCE_PROFILE_ATTACHED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_INSTANCE_PROFILE_ATTACHED")
end

.EC2_INSTANCES_IN_VPCString

Checks whether your EC2 instances belong to a virtual private cloud (VPC).



802
803
804
# File 'config/managed_rule_identifiers.rb', line 802

def self.EC2_INSTANCES_IN_VPC()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_INSTANCES_IN_VPC")
end

.EC2_LAST_BACKUP_RECOVERY_POINT_CREATEDString

Checks if a recovery point was created for Amazon Elastic Compute Cloud (Amazon EC2) instances.



810
811
812
# File 'config/managed_rule_identifiers.rb', line 810

def self.EC2_LAST_BACKUP_RECOVERY_POINT_CREATED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_LAST_BACKUP_RECOVERY_POINT_CREATED")
end

.EC2_MANAGED_INSTANCE_APPLICATIONS_BLOCKEDString

Checks that none of the specified applications are installed on the instance.



818
819
820
# File 'config/managed_rule_identifiers.rb', line 818

def self.EC2_MANAGED_INSTANCE_APPLICATIONS_BLOCKED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_MANAGED_INSTANCE_APPLICATIONS_BLOCKED")
end

.EC2_MANAGED_INSTANCE_APPLICATIONS_REQUIREDString

Checks whether all of the specified applications are installed on the instance.



826
827
828
# File 'config/managed_rule_identifiers.rb', line 826

def self.EC2_MANAGED_INSTANCE_APPLICATIONS_REQUIRED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_MANAGED_INSTANCE_APPLICATIONS_REQUIRED")
end

.EC2_MANAGED_INSTANCE_ASSOCIATION_COMPLIANCE_STATUS_CHECKString

Checks whether the compliance status of AWS Systems Manager association compliance is COMPLIANT or NON_COMPLIANT after the association execution on the instance.



834
835
836
# File 'config/managed_rule_identifiers.rb', line 834

def self.EC2_MANAGED_INSTANCE_ASSOCIATION_COMPLIANCE_STATUS_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_MANAGED_INSTANCE_ASSOCIATION_COMPLIANCE_STATUS_CHECK")
end

.EC2_MANAGED_INSTANCE_INVENTORY_BLOCKEDString

Checks whether instances managed by AWS Systems Manager are configured to collect blocked inventory types.



842
843
844
# File 'config/managed_rule_identifiers.rb', line 842

def self.EC2_MANAGED_INSTANCE_INVENTORY_BLOCKED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_MANAGED_INSTANCE_INVENTORY_BLOCKED")
end

.EC2_MANAGED_INSTANCE_PATCH_COMPLIANCE_STATUS_CHECKString

Checks whether the compliance status of the Amazon EC2 Systems Manager patch compliance is COMPLIANT or NON_COMPLIANT after the patch installation on the instance.



850
851
852
# File 'config/managed_rule_identifiers.rb', line 850

def self.EC2_MANAGED_INSTANCE_PATCH_COMPLIANCE_STATUS_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_MANAGED_INSTANCE_PATCH_COMPLIANCE_STATUS_CHECK")
end

.EC2_MANAGED_INSTANCE_PLATFORM_CHECKString

Checks whether EC2 managed instances have the desired configurations.



858
859
860
# File 'config/managed_rule_identifiers.rb', line 858

def self.EC2_MANAGED_INSTANCE_PLATFORM_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_MANAGED_INSTANCE_PLATFORM_CHECK")
end

.EC2_NO_AMAZON_KEY_PAIRString

Checks if running Amazon Elastic Compute Cloud (EC2) instances are launched using amazon key pairs.



866
867
868
# File 'config/managed_rule_identifiers.rb', line 866

def self.EC2_NO_AMAZON_KEY_PAIR()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_NO_AMAZON_KEY_PAIR")
end

.EC2_PARAVIRTUAL_INSTANCE_CHECKString

Checks if the virtualization type of an EC2 instance is paravirtual.



874
875
876
# File 'config/managed_rule_identifiers.rb', line 874

def self.EC2_PARAVIRTUAL_INSTANCE_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_PARAVIRTUAL_INSTANCE_CHECK")
end

.EC2_RESOURCES_PROTECTED_BY_BACKUP_PLANString

Checks if Amazon Elastic Compute Cloud (Amazon EC2) instances are protected by a backup plan.



882
883
884
# File 'config/managed_rule_identifiers.rb', line 882

def self.EC2_RESOURCES_PROTECTED_BY_BACKUP_PLAN()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_RESOURCES_PROTECTED_BY_BACKUP_PLAN")
end

.EC2_SECURITY_GROUP_ATTACHED_TO_ENIString

Checks that security groups are attached to Amazon Elastic Compute Cloud (Amazon EC2) instances or to an elastic network interface.



890
891
892
# File 'config/managed_rule_identifiers.rb', line 890

def self.EC2_SECURITY_GROUP_ATTACHED_TO_ENI()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_SECURITY_GROUP_ATTACHED_TO_ENI")
end

.EC2_SECURITY_GROUP_ATTACHED_TO_ENI_PERIODICString

Checks if non-default security groups are attached to Elastic network interfaces (ENIs).



898
899
900
# File 'config/managed_rule_identifiers.rb', line 898

def self.EC2_SECURITY_GROUP_ATTACHED_TO_ENI_PERIODIC()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_SECURITY_GROUP_ATTACHED_TO_ENI_PERIODIC")
end

.EC2_SECURITY_GROUPS_INCOMING_SSH_DISABLEDString

Checks whether the incoming SSH traffic for the security groups is accessible.



906
907
908
# File 'config/managed_rule_identifiers.rb', line 906

def self.EC2_SECURITY_GROUPS_INCOMING_SSH_DISABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_SECURITY_GROUPS_INCOMING_SSH_DISABLED")
end

.EC2_SECURITY_GROUPS_RESTRICTED_INCOMING_TRAFFICString

Checks whether the security groups in use do not allow unrestricted incoming TCP traffic to the specified ports.



914
915
916
# File 'config/managed_rule_identifiers.rb', line 914

def self.EC2_SECURITY_GROUPS_RESTRICTED_INCOMING_TRAFFIC()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_SECURITY_GROUPS_RESTRICTED_INCOMING_TRAFFIC")
end

.EC2_STOPPED_INSTANCEString

Checks whether there are instances stopped for more than the allowed number of days.



922
923
924
# File 'config/managed_rule_identifiers.rb', line 922

def self.EC2_STOPPED_INSTANCE()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_STOPPED_INSTANCE")
end

.EC2_TOKEN_HOP_LIMIT_CHECKString

Checks if an Amazon Elastic Compute Cloud (EC2) instance metadata has a specified token hop limit that is below the desired limit.



930
931
932
# File 'config/managed_rule_identifiers.rb', line 930

def self.EC2_TOKEN_HOP_LIMIT_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_TOKEN_HOP_LIMIT_CHECK")
end

.EC2_TRANSIT_GATEWAY_AUTO_VPC_ATTACH_DISABLEDString

Checks if Amazon Elastic Compute Cloud (Amazon EC2) Transit Gateways have 'AutoAcceptSharedAttachments' enabled.



938
939
940
# File 'config/managed_rule_identifiers.rb', line 938

def self.EC2_TRANSIT_GATEWAY_AUTO_VPC_ATTACH_DISABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_TRANSIT_GATEWAY_AUTO_VPC_ATTACH_DISABLED")
end

.EC2_VOLUME_IECS_TASK_DEFINITION_USER_FOR_HOST_MODE_CHECKNUSE_CHECKString

Checks if an Amazon Elastic Container Service (Amazon ECS) task definition with host networking mode has 'privileged' or 'user' container definitions.



946
947
948
# File 'config/managed_rule_identifiers.rb', line 946

def self.EC2_VOLUME_IECS_TASK_DEFINITION_USER_FOR_HOST_MODE_CHECKNUSE_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_VOLUME_IECS_TASK_DEFINITION_USER_FOR_HOST_MODE_CHECKNUSE_CHECK")
end

.EC2_VOLUME_INUSE_CHECKString

Checks whether EBS volumes are attached to EC2 instances.



954
955
956
# File 'config/managed_rule_identifiers.rb', line 954

def self.EC2_VOLUME_INUSE_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_VOLUME_INUSE_CHECK")
end

.ECR_PRIVATE_IMAGE_SCANNING_ENABLEDString

Checks if a private Amazon Elastic Container Registry (ECR) repository has image scanning enabled.



962
963
964
# File 'config/managed_rule_identifiers.rb', line 962

def self.ECR_PRIVATE_IMAGE_SCANNING_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ECR_PRIVATE_IMAGE_SCANNING_ENABLED")
end

.ECR_PRIVATE_LIFECYCLE_POLICY_CONFIGUREDString

Checks if a private Amazon Elastic Container Registry (ECR) repository has at least one lifecycle policy configured.



970
971
972
# File 'config/managed_rule_identifiers.rb', line 970

def self.ECR_PRIVATE_LIFECYCLE_POLICY_CONFIGURED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ECR_PRIVATE_LIFECYCLE_POLICY_CONFIGURED")
end

.ECR_PRIVATE_TAG_IMMUTABILITY_ENABLEDString

Checks if a private Amazon Elastic Container Registry (ECR) repository has tag immutability enabled.



978
979
980
# File 'config/managed_rule_identifiers.rb', line 978

def self.ECR_PRIVATE_TAG_IMMUTABILITY_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ECR_PRIVATE_TAG_IMMUTABILITY_ENABLED")
end

.ECS_AWSVPC_NETWORKING_ENABLEDString

Checks if the networking mode for active ECSTaskDefinitions is set to ‘awsvpc’.



986
987
988
# File 'config/managed_rule_identifiers.rb', line 986

def self.ECS_AWSVPC_NETWORKING_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ECS_AWSVPC_NETWORKING_ENABLED")
end

.ECS_CONTAINER_INSIGHTS_ENABLEDString

Checks if Amazon Elastic Container Service clusters have container insights enabled.



994
995
996
# File 'config/managed_rule_identifiers.rb', line 994

def self.ECS_CONTAINER_INSIGHTS_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ECS_CONTAINER_INSIGHTS_ENABLED")
end

.ECS_CONTAINERS_NONPRIVILEGEDString

Checks if the privileged parameter in the container definition of ECSTaskDefinitions is set to ‘true’.



1002
1003
1004
# File 'config/managed_rule_identifiers.rb', line 1002

def self.ECS_CONTAINERS_NONPRIVILEGED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ECS_CONTAINERS_NONPRIVILEGED")
end

.ECS_CONTAINERS_READONLY_ACCESSString

Checks if Amazon Elastic Container Service (Amazon ECS) Containers only have read-only access to its root filesystems.



1010
1011
1012
# File 'config/managed_rule_identifiers.rb', line 1010

def self.ECS_CONTAINERS_READONLY_ACCESS()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ECS_CONTAINERS_READONLY_ACCESS")
end

.ECS_FARGATE_LATEST_PLATFORM_VERSIONString

Checks if Amazon Elastic Container Service (ECS) Fargate Services is running on the latest Fargate platform version.



1018
1019
1020
# File 'config/managed_rule_identifiers.rb', line 1018

def self.ECS_FARGATE_LATEST_PLATFORM_VERSION()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ECS_FARGATE_LATEST_PLATFORM_VERSION")
end

.ECS_NO_ENVIRONMENT_SECRETSString

Checks if secrets are passed as container environment variables.



1026
1027
1028
# File 'config/managed_rule_identifiers.rb', line 1026

def self.ECS_NO_ENVIRONMENT_SECRETS()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ECS_NO_ENVIRONMENT_SECRETS")
end

.ECS_TASK_DEFINITION_LOG_CONFIGURATIONString

Checks if logConfiguration is set on active ECS Task Definitions.



1034
1035
1036
# File 'config/managed_rule_identifiers.rb', line 1034

def self.ECS_TASK_DEFINITION_LOG_CONFIGURATION()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ECS_TASK_DEFINITION_LOG_CONFIGURATION")
end

.ECS_TASK_DEFINITION_MEMORY_HARD_LIMITString

Checks if Amazon Elastic Container Service (ECS) task definitions have a set memory limit for its container definitions.



1042
1043
1044
# File 'config/managed_rule_identifiers.rb', line 1042

def self.ECS_TASK_DEFINITION_MEMORY_HARD_LIMIT()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ECS_TASK_DEFINITION_MEMORY_HARD_LIMIT")
end

.ECS_TASK_DEFINITION_NONROOT_USERString

Checks if ECSTaskDefinitions specify a user for Amazon Elastic Container Service (Amazon ECS) EC2 launch type containers to run on.



1050
1051
1052
# File 'config/managed_rule_identifiers.rb', line 1050

def self.ECS_TASK_DEFINITION_NONROOT_USER()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ECS_TASK_DEFINITION_NONROOT_USER")
end

.ECS_TASK_DEFINITION_PID_MODE_CHECKString

Checks if ECSTaskDefinitions are configured to share a host’s process namespace with its Amazon Elastic Container Service (Amazon ECS) containers.



1058
1059
1060
# File 'config/managed_rule_identifiers.rb', line 1058

def self.ECS_TASK_DEFINITION_PID_MODE_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ECS_TASK_DEFINITION_PID_MODE_CHECK")
end

.EFS_ACCESS_POINT_ENFORCE_ROOT_DIRECTORYString

Checks if Amazon Elastic File System (Amazon EFS) access points are configured to enforce a root directory.



1066
1067
1068
# File 'config/managed_rule_identifiers.rb', line 1066

def self.EFS_ACCESS_POINT_ENFORCE_ROOT_DIRECTORY()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EFS_ACCESS_POINT_ENFORCE_ROOT_DIRECTORY")
end

.EFS_ACCESS_POINT_ENFORCE_USER_IDENTITYString

Checks if Amazon Elastic File System (Amazon EFS) access points are configured to enforce a user identity.



1074
1075
1076
# File 'config/managed_rule_identifiers.rb', line 1074

def self.EFS_ACCESS_POINT_ENFORCE_USER_IDENTITY()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EFS_ACCESS_POINT_ENFORCE_USER_IDENTITY")
end

.EFS_ENCRYPTED_CHECKString

hecks whether Amazon Elastic File System (Amazon EFS) is configured to encrypt the file data using AWS Key Management Service (AWS KMS).



1082
1083
1084
# File 'config/managed_rule_identifiers.rb', line 1082

def self.EFS_ENCRYPTED_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EFS_ENCRYPTED_CHECK")
end

.EFS_IN_BACKUP_PLANString

Checks whether Amazon Elastic File System (Amazon EFS) file systems are added in the backup plans of AWS Backup.



1090
1091
1092
# File 'config/managed_rule_identifiers.rb', line 1090

def self.EFS_IN_BACKUP_PLAN()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EFS_IN_BACKUP_PLAN")
end

.EFS_LAST_BACKUP_RECOVERY_POINT_CREATEDString

Checks if a recovery point was created for Amazon Elastic File System (Amazon EFS) File Systems.



1098
1099
1100
# File 'config/managed_rule_identifiers.rb', line 1098

def self.EFS_LAST_BACKUP_RECOVERY_POINT_CREATED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EFS_LAST_BACKUP_RECOVERY_POINT_CREATED")
end

.EFS_RESOURCES_PROTECTED_BY_BACKUP_PLANString

Checks if Amazon Elastic File System (Amazon EFS) File Systems are protected by a backup plan.



1106
1107
1108
# File 'config/managed_rule_identifiers.rb', line 1106

def self.EFS_RESOURCES_PROTECTED_BY_BACKUP_PLAN()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EFS_RESOURCES_PROTECTED_BY_BACKUP_PLAN")
end

.EIP_ATTACHEDString

Checks whether all Elastic IP addresses that are allocated to a VPC are attached to EC2 instances or in-use elastic network interfaces (ENIs).



1114
1115
1116
# File 'config/managed_rule_identifiers.rb', line 1114

def self.EIP_ATTACHED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EIP_ATTACHED")
end

.EKS_CLUSTER_OLDEST_SUPPORTED_VERSIONString

Checks if an Amazon Elastic Kubernetes Service (EKS) cluster is running the oldest supported version.



1122
1123
1124
# File 'config/managed_rule_identifiers.rb', line 1122

def self.EKS_CLUSTER_OLDEST_SUPPORTED_VERSION()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EKS_CLUSTER_OLDEST_SUPPORTED_VERSION")
end

.EKS_CLUSTER_SUPPORTED_VERSIONString

Checks if an Amazon Elastic Kubernetes Service (EKS) cluster is running a supported Kubernetes version.



1130
1131
1132
# File 'config/managed_rule_identifiers.rb', line 1130

def self.EKS_CLUSTER_SUPPORTED_VERSION()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EKS_CLUSTER_SUPPORTED_VERSION")
end

.EKS_ENDPOINT_NO_PUBLIC_ACCESSString

Checks whether Amazon Elastic Kubernetes Service (Amazon EKS) endpoint is not publicly accessible.



1138
1139
1140
# File 'config/managed_rule_identifiers.rb', line 1138

def self.EKS_ENDPOINT_NO_PUBLIC_ACCESS()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EKS_ENDPOINT_NO_PUBLIC_ACCESS")
end

.EKS_SECRETS_ENCRYPTEDString

Checks whether Amazon Elastic Kubernetes Service clusters are configured to have Kubernetes secrets encrypted using AWS Key Management Service (KMS) keys.



1146
1147
1148
# File 'config/managed_rule_identifiers.rb', line 1146

def self.EKS_SECRETS_ENCRYPTED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EKS_SECRETS_ENCRYPTED")
end

.ELASTIC_BEANSTALK_MANAGED_UPDATES_ENABLEDString

Checks if managed platform updates in an AWS Elastic Beanstalk environment is enabled.



1154
1155
1156
# File 'config/managed_rule_identifiers.rb', line 1154

def self.ELASTIC_BEANSTALK_MANAGED_UPDATES_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ELASTIC_BEANSTALK_MANAGED_UPDATES_ENABLED")
end

.ELASTICACHE_REDIS_CLUSTER_AUTOMATIC_BACKUP_CHECKString

Check if the Amazon ElastiCache Redis clusters have automatic backup turned on.



1162
1163
1164
# File 'config/managed_rule_identifiers.rb', line 1162

def self.ELASTICACHE_REDIS_CLUSTER_AUTOMATIC_BACKUP_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ELASTICACHE_REDIS_CLUSTER_AUTOMATIC_BACKUP_CHECK")
end

.ELASTICSEARCH_ENCRYPTED_AT_RESTString

Checks whether Amazon Elasticsearch Service (Amazon ES) domains have encryption at rest configuration enabled.



1170
1171
1172
# File 'config/managed_rule_identifiers.rb', line 1170

def self.ELASTICSEARCH_ENCRYPTED_AT_REST()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ELASTICSEARCH_ENCRYPTED_AT_REST")
end

.ELASTICSEARCH_IN_VPC_ONLYString

Checks whether Amazon Elasticsearch Service (Amazon ES) domains are in Amazon Virtual Private Cloud (Amazon VPC).



1178
1179
1180
# File 'config/managed_rule_identifiers.rb', line 1178

def self.ELASTICSEARCH_IN_VPC_ONLY()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ELASTICSEARCH_IN_VPC_ONLY")
end

.ELASTICSEARCH_NODE_TO_NODE_ENCRYPTION_CHECKString

Check that Amazon ElasticSearch Service nodes are encrypted end to end.



1186
1187
1188
# File 'config/managed_rule_identifiers.rb', line 1186

def self.ELASTICSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ELASTICSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK")
end

.ELB_ACM_CERTIFICATE_REQUIREDString

Checks whether the Classic Load Balancers use SSL certificates provided by AWS Certificate Manager.



1194
1195
1196
# File 'config/managed_rule_identifiers.rb', line 1194

def self.ELB_ACM_CERTIFICATE_REQUIRED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ELB_ACM_CERTIFICATE_REQUIRED")
end

.ELB_CROSS_ZONE_LOAD_BALANCING_ENABLEDString

Checks if cross-zone load balancing is enabled for the Classic Load Balancers (CLBs).



1202
1203
1204
# File 'config/managed_rule_identifiers.rb', line 1202

def self.ELB_CROSS_ZONE_LOAD_BALANCING_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ELB_CROSS_ZONE_LOAD_BALANCING_ENABLED")
end

.ELB_CUSTOM_SECURITY_POLICY_SSL_CHECKString

Checks whether your Classic Load Balancer SSL listeners are using a custom policy.



1210
1211
1212
# File 'config/managed_rule_identifiers.rb', line 1210

def self.ELB_CUSTOM_SECURITY_POLICY_SSL_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ELB_CUSTOM_SECURITY_POLICY_SSL_CHECK")
end

.ELB_DELETION_PROTECTION_ENABLEDString

Checks whether Elastic Load Balancing has deletion protection enabled.



1218
1219
1220
# File 'config/managed_rule_identifiers.rb', line 1218

def self.ELB_DELETION_PROTECTION_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ELB_DELETION_PROTECTION_ENABLED")
end

.ELB_LOGGING_ENABLEDString

Checks whether the Application Load Balancer and the Classic Load Balancer have logging enabled.



1226
1227
1228
# File 'config/managed_rule_identifiers.rb', line 1226

def self.ELB_LOGGING_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ELB_LOGGING_ENABLED")
end

.ELB_PREDEFINED_SECURITY_POLICY_SSL_CHECKString

Checks whether your Classic Load Balancer SSL listeners are using a predefined policy.



1234
1235
1236
# File 'config/managed_rule_identifiers.rb', line 1234

def self.ELB_PREDEFINED_SECURITY_POLICY_SSL_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ELB_PREDEFINED_SECURITY_POLICY_SSL_CHECK")
end

.ELB_TLS_HTTPS_LISTENERS_ONLYString

Checks whether your Classic Load Balancer is configured with SSL or HTTPS listeners.



1242
1243
1244
# File 'config/managed_rule_identifiers.rb', line 1242

def self.ELB_TLS_HTTPS_LISTENERS_ONLY()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ELB_TLS_HTTPS_LISTENERS_ONLY")
end

.ELBV2_ACM_CERTIFICATE_REQUIREDString

Checks if Application Load Balancers and Network Load Balancers have listeners that are configured to use certificates from AWS Certificate Manager (ACM).



1250
1251
1252
# File 'config/managed_rule_identifiers.rb', line 1250

def self.ELBV2_ACM_CERTIFICATE_REQUIRED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ELBV2_ACM_CERTIFICATE_REQUIRED")
end

.ELBV2_MULTIPLE_AZString

Checks if an Elastic Load Balancer V2 (Application, Network, or Gateway Load Balancer) has registered instances from multiple Availability Zones (AZ's).



1258
1259
1260
# File 'config/managed_rule_identifiers.rb', line 1258

def self.ELBV2_MULTIPLE_AZ()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ELBV2_MULTIPLE_AZ")
end

.EMR_KERBEROS_ENABLEDString

Checks that Amazon EMR clusters have Kerberos enabled.



1266
1267
1268
# File 'config/managed_rule_identifiers.rb', line 1266

def self.EMR_KERBEROS_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EMR_KERBEROS_ENABLED")
end

.EMR_MASTER_NO_PUBLIC_IPString

Checks whether Amazon Elastic MapReduce (EMR) clusters' master nodes have public IPs.



1274
1275
1276
# File 'config/managed_rule_identifiers.rb', line 1274

def self.EMR_MASTER_NO_PUBLIC_IP()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EMR_MASTER_NO_PUBLIC_IP")
end

.FMS_SECURITY_GROUP_AUDIT_POLICY_CHECKString

Deprecated.

Inactive managed rule

Checks whether the security groups associated inScope resources are compliant with the master security groups at each rule level based on allowSecurityGroup and denySecurityGroup flag.



1283
1284
1285
# File 'config/managed_rule_identifiers.rb', line 1283

def self.FMS_SECURITY_GROUP_AUDIT_POLICY_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "FMS_SECURITY_GROUP_AUDIT_POLICY_CHECK")
end

.FMS_SECURITY_GROUP_CONTENT_CHECKString

Deprecated.

Inactive managed rule

Checks whether AWS Firewall Manager created security groups content is the same as the master security groups.



1292
1293
1294
# File 'config/managed_rule_identifiers.rb', line 1292

def self.FMS_SECURITY_GROUP_CONTENT_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "FMS_SECURITY_GROUP_CONTENT_CHECK")
end

.FMS_SECURITY_GROUP_RESOURCE_ASSOCIATION_CHECKString

Deprecated.

Inactive managed rule

Checks whether Amazon EC2 or an elastic network interface is associated with AWS Firewall Manager security groups.



1301
1302
1303
# File 'config/managed_rule_identifiers.rb', line 1301

def self.FMS_SECURITY_GROUP_RESOURCE_ASSOCIATION_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "FMS_SECURITY_GROUP_RESOURCE_ASSOCIATION_CHECK")
end

.FMS_SHIELD_RESOURCE_POLICY_CHECKString

Checks whether an Application Load Balancer, Amazon CloudFront distributions, Elastic Load Balancer or Elastic IP has AWS Shield protection.



1309
1310
1311
# File 'config/managed_rule_identifiers.rb', line 1309

def self.FMS_SHIELD_RESOURCE_POLICY_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "FMS_SHIELD_RESOURCE_POLICY_CHECK")
end

.FMS_WEBACL_RESOURCE_POLICY_CHECKString

Checks whether the web ACL is associated with an Application Load Balancer, API Gateway stage, or Amazon CloudFront distributions.



1317
1318
1319
# File 'config/managed_rule_identifiers.rb', line 1317

def self.FMS_WEBACL_RESOURCE_POLICY_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "FMS_WEBACL_RESOURCE_POLICY_CHECK")
end

.FMS_WEBACL_RULEGROUP_ASSOCIATION_CHECKString

Checks that the rule groups associate with the web ACL at the correct priority.

The correct priority is decided by the rank of the rule groups in the ruleGroups parameter.



1327
1328
1329
# File 'config/managed_rule_identifiers.rb', line 1327

def self.FMS_WEBACL_RULEGROUP_ASSOCIATION_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "FMS_WEBACL_RULEGROUP_ASSOCIATION_CHECK")
end

.FSX_LAST_BACKUP_RECOVERY_POINT_CREATEDString

Checks if a recovery point was created for Amazon FSx File Systems.



1335
1336
1337
# File 'config/managed_rule_identifiers.rb', line 1335

def self.FSX_LAST_BACKUP_RECOVERY_POINT_CREATED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "FSX_LAST_BACKUP_RECOVERY_POINT_CREATED")
end

.FSX_RESOURCES_PROTECTED_BY_BACKUP_PLANString

Checks if Amazon FSx File Systems are protected by a backup plan.



1343
1344
1345
# File 'config/managed_rule_identifiers.rb', line 1343

def self.FSX_RESOURCES_PROTECTED_BY_BACKUP_PLAN()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "FSX_RESOURCES_PROTECTED_BY_BACKUP_PLAN")
end

.GUARDDUTY_ENABLED_CENTRALIZEDString

Checks whether Amazon GuardDuty is enabled in your AWS account and region.

If you provide an AWS account for centralization, the rule evaluates the Amazon GuardDuty results in the centralized account.



1354
1355
1356
# File 'config/managed_rule_identifiers.rb', line 1354

def self.GUARDDUTY_ENABLED_CENTRALIZED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "GUARDDUTY_ENABLED_CENTRALIZED")
end

.GUARDDUTY_NON_ARCHIVED_FINDINGSString

Checks whether the Amazon GuardDuty has findings that are non archived.



1362
1363
1364
# File 'config/managed_rule_identifiers.rb', line 1362

def self.GUARDDUTY_NON_ARCHIVED_FINDINGS()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "GUARDDUTY_NON_ARCHIVED_FINDINGS")
end

.IAM_CUSTOMER_POLICY_BLOCKED_KMS_ACTIONSString

Checks that the managed AWS Identity and Access Management policies that you create do not allow blocked actions on all AWS AWS KMS keys.



1370
1371
1372
# File 'config/managed_rule_identifiers.rb', line 1370

def self.IAM_CUSTOMER_POLICY_BLOCKED_KMS_ACTIONS()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "IAM_CUSTOMER_POLICY_BLOCKED_KMS_ACTIONS")
end

.IAM_GROUP_HAS_USERS_CHECKString

Checks whether IAM groups have at least one IAM user.



1378
1379
1380
# File 'config/managed_rule_identifiers.rb', line 1378

def self.IAM_GROUP_HAS_USERS_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "IAM_GROUP_HAS_USERS_CHECK")
end

.IAM_INLINE_POLICY_BLOCKED_KMS_ACTIONSString

Checks that the inline policies attached to your AWS Identity and Access Management users, roles, and groups do not allow blocked actions on all AWS Key Management Service keys.



1386
1387
1388
# File 'config/managed_rule_identifiers.rb', line 1386

def self.IAM_INLINE_POLICY_BLOCKED_KMS_ACTIONS()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "IAM_INLINE_POLICY_BLOCKED_KMS_ACTIONS")
end

.IAM_NO_INLINE_POLICY_CHECKString

Checks that inline policy feature is not in use.



1394
1395
1396
# File 'config/managed_rule_identifiers.rb', line 1394

def self.IAM_NO_INLINE_POLICY_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "IAM_NO_INLINE_POLICY_CHECK")
end

.IAM_PASSWORD_POLICYString

Checks whether the account password policy for IAM users meets the specified requirements indicated in the parameters.



1402
1403
1404
# File 'config/managed_rule_identifiers.rb', line 1402

def self.IAM_PASSWORD_POLICY()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "IAM_PASSWORD_POLICY")
end

.IAM_POLICY_BLOCKED_CHECKString

Checks whether for each IAM resource, a policy ARN in the input parameter is attached to the IAM resource.



1410
1411
1412
# File 'config/managed_rule_identifiers.rb', line 1410

def self.IAM_POLICY_BLOCKED_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "IAM_POLICY_BLOCKED_CHECK")
end

.IAM_POLICY_IN_USEString

Checks whether the IAM policy ARN is attached to an IAM user, or an IAM group with one or more IAM users, or an IAM role with one or more trusted entity.



1418
1419
1420
# File 'config/managed_rule_identifiers.rb', line 1418

def self.IAM_POLICY_IN_USE()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "IAM_POLICY_IN_USE")
end

.IAM_POLICY_NO_STATEMENTS_WITH_ADMIN_ACCESSString

Checks the IAM policies that you create for Allow statements that grant permissions to all actions on all resources.



1426
1427
1428
# File 'config/managed_rule_identifiers.rb', line 1426

def self.IAM_POLICY_NO_STATEMENTS_WITH_ADMIN_ACCESS()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "IAM_POLICY_NO_STATEMENTS_WITH_ADMIN_ACCESS")
end

.IAM_POLICY_NO_STATEMENTS_WITH_FULL_ACCESSString

Checks if AWS Identity and Access Management (IAM) policies that you create grant permissions to all actions on individual AWS resources.



1434
1435
1436
# File 'config/managed_rule_identifiers.rb', line 1434

def self.IAM_POLICY_NO_STATEMENTS_WITH_FULL_ACCESS()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "IAM_POLICY_NO_STATEMENTS_WITH_FULL_ACCESS")
end

.IAM_ROLE_MANAGED_POLICY_CHECKString

Checks that AWS Identity and Access Management (IAM) policies in a list of policies are attached to all AWS roles.



1442
1443
1444
# File 'config/managed_rule_identifiers.rb', line 1442

def self.IAM_ROLE_MANAGED_POLICY_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "IAM_ROLE_MANAGED_POLICY_CHECK")
end

.IAM_ROOT_ACCESS_KEY_CHECKString

Checks whether the root user access key is available.



1450
1451
1452
# File 'config/managed_rule_identifiers.rb', line 1450

def self.IAM_ROOT_ACCESS_KEY_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "IAM_ROOT_ACCESS_KEY_CHECK")
end

.IAM_USER_GROUP_MEMBERSHIP_CHECKString

Checks whether IAM users are members of at least one IAM group.



1458
1459
1460
# File 'config/managed_rule_identifiers.rb', line 1458

def self.IAM_USER_GROUP_MEMBERSHIP_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "IAM_USER_GROUP_MEMBERSHIP_CHECK")
end

.IAM_USER_MFA_ENABLEDString

Checks whether the AWS Identity and Access Management users have multi-factor authentication (MFA) enabled.



1466
1467
1468
# File 'config/managed_rule_identifiers.rb', line 1466

def self.IAM_USER_MFA_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "IAM_USER_MFA_ENABLED")
end

.IAM_USER_NO_POLICIES_CHECKString

Checks that none of your IAM users have policies attached.

IAM users must inherit permissions from IAM groups or roles.



1476
1477
1478
# File 'config/managed_rule_identifiers.rb', line 1476

def self.IAM_USER_NO_POLICIES_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "IAM_USER_NO_POLICIES_CHECK")
end

.IAM_USER_UNUSED_CREDENTIALS_CHECKString

Checks whether your AWS Identity and Access Management (IAM) users have passwords or active access keys that have not been used within the specified number of days you provided.



1484
1485
1486
# File 'config/managed_rule_identifiers.rb', line 1484

def self.IAM_USER_UNUSED_CREDENTIALS_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "IAM_USER_UNUSED_CREDENTIALS_CHECK")
end

.INTERNET_GATEWAY_AUTHORIZED_VPC_ONLYString

Checks that Internet gateways (IGWs) are only attached to an authorized Amazon Virtual Private Cloud (VPCs).



1492
1493
1494
# File 'config/managed_rule_identifiers.rb', line 1492

def self.INTERNET_GATEWAY_AUTHORIZED_VPC_ONLY()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "INTERNET_GATEWAY_AUTHORIZED_VPC_ONLY")
end

.jsii_overridable_methodsObject



14
15
16
17
# File 'config/managed_rule_identifiers.rb', line 14

def self.jsii_overridable_methods
  {
  }
end

.KINESIS_STREAM_ENCRYPTEDString

Checks if Amazon Kinesis streams are encrypted at rest with server-side encryption.



1500
1501
1502
# File 'config/managed_rule_identifiers.rb', line 1500

def self.KINESIS_STREAM_ENCRYPTED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "KINESIS_STREAM_ENCRYPTED")
end

.KMS_CMK_NOT_SCHEDULED_FOR_DELETIONString

Checks whether customer master keys (CMKs) are not scheduled for deletion in AWS Key Management Service (KMS).



1508
1509
1510
# File 'config/managed_rule_identifiers.rb', line 1508

def self.KMS_CMK_NOT_SCHEDULED_FOR_DELETION()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "KMS_CMK_NOT_SCHEDULED_FOR_DELETION")
end

.LAMBDA_CONCURRENCY_CHECKString

Checks whether the AWS Lambda function is configured with function-level concurrent execution limit.



1516
1517
1518
# File 'config/managed_rule_identifiers.rb', line 1516

def self.LAMBDA_CONCURRENCY_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "LAMBDA_CONCURRENCY_CHECK")
end

.LAMBDA_DLQ_CHECKString

Checks whether an AWS Lambda function is configured with a dead-letter queue.



1524
1525
1526
# File 'config/managed_rule_identifiers.rb', line 1524

def self.LAMBDA_DLQ_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "LAMBDA_DLQ_CHECK")
end

.LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITEDString

Checks whether the AWS Lambda function policy attached to the Lambda resource prohibits public access.



1532
1533
1534
# File 'config/managed_rule_identifiers.rb', line 1532

def self.LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED")
end

.LAMBDA_FUNCTION_SETTINGS_CHECKString

Checks that the lambda function settings for runtime, role, timeout, and memory size match the expected values.



1540
1541
1542
# File 'config/managed_rule_identifiers.rb', line 1540

def self.LAMBDA_FUNCTION_SETTINGS_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "LAMBDA_FUNCTION_SETTINGS_CHECK")
end

.LAMBDA_INSIDE_VPCString

Checks whether an AWS Lambda function is in an Amazon Virtual Private Cloud.



1548
1549
1550
# File 'config/managed_rule_identifiers.rb', line 1548

def self.LAMBDA_INSIDE_VPC()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "LAMBDA_INSIDE_VPC")
end

.LAMBDA_VPC_MULTI_AZ_CHECKString

Checks if Lambda has more than 1 availability zone associated.



1556
1557
1558
# File 'config/managed_rule_identifiers.rb', line 1556

def self.LAMBDA_VPC_MULTI_AZ_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "LAMBDA_VPC_MULTI_AZ_CHECK")
end

.MFA_ENABLED_FOR_IAM_CONSOLE_ACCESSString

Checks whether AWS Multi-Factor Authentication (MFA) is enabled for all IAM users that use a console password.



1564
1565
1566
# File 'config/managed_rule_identifiers.rb', line 1564

def self.MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS")
end

.NACL_NO_UNRESTRICTED_SSH_RDPString

Checks if default ports for SSH/RDP ingress traffic for network access control lists (NACLs) is unrestricted.



1572
1573
1574
# File 'config/managed_rule_identifiers.rb', line 1572

def self.NACL_NO_UNRESTRICTED_SSH_RDP()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "NACL_NO_UNRESTRICTED_SSH_RDP")
end

.NETFW_POLICY_DEFAULT_ACTION_FRAGMENT_PACKETSString

Checks if an AWS Network Firewall policy is configured with a user defined stateless default action for fragmented packets.



1580
1581
1582
# File 'config/managed_rule_identifiers.rb', line 1580

def self.NETFW_POLICY_DEFAULT_ACTION_FRAGMENT_PACKETS()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "NETFW_POLICY_DEFAULT_ACTION_FRAGMENT_PACKETS")
end

.NETFW_POLICY_DEFAULT_ACTION_FULL_PACKETSString

Checks if an AWS Network Firewall policy is configured with a user defined default stateless action for full packets.



1588
1589
1590
# File 'config/managed_rule_identifiers.rb', line 1588

def self.NETFW_POLICY_DEFAULT_ACTION_FULL_PACKETS()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "NETFW_POLICY_DEFAULT_ACTION_FULL_PACKETS")
end

.NETFW_POLICY_RULE_GROUP_ASSOCIATEDString

Check AWS Network Firewall policy is associated with stateful OR stateless rule groups.



1596
1597
1598
# File 'config/managed_rule_identifiers.rb', line 1596

def self.NETFW_POLICY_RULE_GROUP_ASSOCIATED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "NETFW_POLICY_RULE_GROUP_ASSOCIATED")
end

.NETFW_STATELESS_RULE_GROUP_NOT_EMPTYString

Checks if a Stateless Network Firewall Rule Group contains rules.



1604
1605
1606
# File 'config/managed_rule_identifiers.rb', line 1604

def self.NETFW_STATELESS_RULE_GROUP_NOT_EMPTY()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "NETFW_STATELESS_RULE_GROUP_NOT_EMPTY")
end

.NLB_CROSS_ZONE_LOAD_BALANCING_ENABLEDString

Checks if cross-zone load balancing is enabled on Network Load Balancers (NLBs).



1612
1613
1614
# File 'config/managed_rule_identifiers.rb', line 1612

def self.NLB_CROSS_ZONE_LOAD_BALANCING_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "NLB_CROSS_ZONE_LOAD_BALANCING_ENABLED")
end

.OPENSEARCH_ACCESS_CONTROL_ENABLEDString

Checks if Amazon OpenSearch Service domains have fine-grained access control enabled.



1620
1621
1622
# File 'config/managed_rule_identifiers.rb', line 1620

def self.OPENSEARCH_ACCESS_CONTROL_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "OPENSEARCH_ACCESS_CONTROL_ENABLED")
end

.OPENSEARCH_AUDIT_LOGGING_ENABLEDString

Checks if Amazon OpenSearch Service domains have audit logging enabled.



1628
1629
1630
# File 'config/managed_rule_identifiers.rb', line 1628

def self.OPENSEARCH_AUDIT_LOGGING_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "OPENSEARCH_AUDIT_LOGGING_ENABLED")
end

.OPENSEARCH_DATA_NODE_FAULT_TOLERANCEString

Checks if Amazon OpenSearch Service domains are configured with at least three data nodes and zoneAwarenessEnabled is true.



1636
1637
1638
# File 'config/managed_rule_identifiers.rb', line 1636

def self.OPENSEARCH_DATA_NODE_FAULT_TOLERANCE()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "OPENSEARCH_DATA_NODE_FAULT_TOLERANCE")
end

.OPENSEARCH_ENCRYPTED_AT_RESTString

Checks if Amazon OpenSearch Service domains have encryption at rest configuration enabled.



1644
1645
1646
# File 'config/managed_rule_identifiers.rb', line 1644

def self.OPENSEARCH_ENCRYPTED_AT_REST()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "OPENSEARCH_ENCRYPTED_AT_REST")
end

.OPENSEARCH_HTTPS_REQUIREDString

Checks whether connections to OpenSearch domains are using HTTPS.



1652
1653
1654
# File 'config/managed_rule_identifiers.rb', line 1652

def self.OPENSEARCH_HTTPS_REQUIRED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "OPENSEARCH_HTTPS_REQUIRED")
end

.OPENSEARCH_IN_VPC_ONLYString

Checks if Amazon OpenSearch Service domains are in an Amazon Virtual Private Cloud (VPC).



1660
1661
1662
# File 'config/managed_rule_identifiers.rb', line 1660

def self.OPENSEARCH_IN_VPC_ONLY()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "OPENSEARCH_IN_VPC_ONLY")
end

.OPENSEARCH_LOGS_TO_CLOUDWATCHString

Checks if Amazon OpenSearch Service domains are configured to send logs to Amazon CloudWatch Logs.



1668
1669
1670
# File 'config/managed_rule_identifiers.rb', line 1668

def self.OPENSEARCH_LOGS_TO_CLOUDWATCH()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "OPENSEARCH_LOGS_TO_CLOUDWATCH")
end

.OPENSEARCH_NODE_TO_NODE_ENCRYPTION_CHECKString

Check if Amazon OpenSearch Service nodes are encrypted end to end.



1676
1677
1678
# File 'config/managed_rule_identifiers.rb', line 1676

def self.OPENSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "OPENSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK")
end

.RDS_AUTOMATIC_MINOR_VERSION_UPGRADE_ENABLEDString

Checks if Amazon Relational Database Service (RDS) database instances are configured for automatic minor version upgrades.



1684
1685
1686
# File 'config/managed_rule_identifiers.rb', line 1684

def self.RDS_AUTOMATIC_MINOR_VERSION_UPGRADE_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "RDS_AUTOMATIC_MINOR_VERSION_UPGRADE_ENABLED")
end

.RDS_CLUSTER_DEFAULT_ADMIN_CHECKString

Checks if an Amazon Relational Database Service (Amazon RDS) database cluster has changed the admin username from its default value.



1692
1693
1694
# File 'config/managed_rule_identifiers.rb', line 1692

def self.RDS_CLUSTER_DEFAULT_ADMIN_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "RDS_CLUSTER_DEFAULT_ADMIN_CHECK")
end

.RDS_CLUSTER_DELETION_PROTECTION_ENABLEDString

Checks if an Amazon Relational Database Service (Amazon RDS) cluster has deletion protection enabled.



1700
1701
1702
# File 'config/managed_rule_identifiers.rb', line 1700

def self.RDS_CLUSTER_DELETION_PROTECTION_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "RDS_CLUSTER_DELETION_PROTECTION_ENABLED")
end

.RDS_CLUSTER_IAM_AUTHENTICATION_ENABLEDString

Checks if an Amazon RDS Cluster has AWS Identity and Access Management (IAM) authentication enabled.



1708
1709
1710
# File 'config/managed_rule_identifiers.rb', line 1708

def self.RDS_CLUSTER_IAM_AUTHENTICATION_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "RDS_CLUSTER_IAM_AUTHENTICATION_ENABLED")
end

.RDS_CLUSTER_MULTI_AZ_ENABLEDString

Checks if Multi-AZ replication is enabled on Amazon Aurora and Hermes clusters managed by Amazon Relational Database Service (Amazon RDS).



1716
1717
1718
# File 'config/managed_rule_identifiers.rb', line 1716

def self.RDS_CLUSTER_MULTI_AZ_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "RDS_CLUSTER_MULTI_AZ_ENABLED")
end

.RDS_DB_INSTANCE_BACKUP_ENABLEDString

Checks whether RDS DB instances have backups enabled.



1724
1725
1726
# File 'config/managed_rule_identifiers.rb', line 1724

def self.RDS_DB_INSTANCE_BACKUP_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "RDS_DB_INSTANCE_BACKUP_ENABLED")
end

.RDS_DB_SECURITY_GROUP_NOT_ALLOWEDString

Checks if there are any Amazon Relational Database Service (RDS) DB security groups that are not the default DB security group.



1732
1733
1734
# File 'config/managed_rule_identifiers.rb', line 1732

def self.RDS_DB_SECURITY_GROUP_NOT_ALLOWED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "RDS_DB_SECURITY_GROUP_NOT_ALLOWED")
end

.RDS_ENHANCED_MONITORING_ENABLEDString

Checks whether enhanced monitoring is enabled for Amazon Relational Database Service (Amazon RDS) instances.



1740
1741
1742
# File 'config/managed_rule_identifiers.rb', line 1740

def self.RDS_ENHANCED_MONITORING_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "RDS_ENHANCED_MONITORING_ENABLED")
end

.RDS_IN_BACKUP_PLANString

Checks whether Amazon RDS database is present in back plans of AWS Backup.



1748
1749
1750
# File 'config/managed_rule_identifiers.rb', line 1748

def self.RDS_IN_BACKUP_PLAN()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "RDS_IN_BACKUP_PLAN")
end

.RDS_INSTANCE_DEFAULT_ADMIN_CHECKString

Checks if an Amazon Relational Database Service (Amazon RDS) database has changed the admin username from its default value.



1756
1757
1758
# File 'config/managed_rule_identifiers.rb', line 1756

def self.RDS_INSTANCE_DEFAULT_ADMIN_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "RDS_INSTANCE_DEFAULT_ADMIN_CHECK")
end

.RDS_INSTANCE_DELETION_PROTECTION_ENABLEDString

Checks if an Amazon Relational Database Service (Amazon RDS) instance has deletion protection enabled.



1764
1765
1766
# File 'config/managed_rule_identifiers.rb', line 1764

def self.RDS_INSTANCE_DELETION_PROTECTION_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "RDS_INSTANCE_DELETION_PROTECTION_ENABLED")
end

.RDS_INSTANCE_IAM_AUTHENTICATION_ENABLEDString

Checks if an Amazon RDS instance has AWS Identity and Access Management (IAM) authentication enabled.



1772
1773
1774
# File 'config/managed_rule_identifiers.rb', line 1772

def self.RDS_INSTANCE_IAM_AUTHENTICATION_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "RDS_INSTANCE_IAM_AUTHENTICATION_ENABLED")
end

.RDS_INSTANCE_PUBLIC_ACCESS_CHECKString

Check whether the Amazon Relational Database Service instances are not publicly accessible.



1780
1781
1782
# File 'config/managed_rule_identifiers.rb', line 1780

def self.RDS_INSTANCE_PUBLIC_ACCESS_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "RDS_INSTANCE_PUBLIC_ACCESS_CHECK")
end

.RDS_LAST_BACKUP_RECOVERY_POINT_CREATEDString

Checks if a recovery point was created for Amazon Relational Database Service (Amazon RDS).



1788
1789
1790
# File 'config/managed_rule_identifiers.rb', line 1788

def self.RDS_LAST_BACKUP_RECOVERY_POINT_CREATED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "RDS_LAST_BACKUP_RECOVERY_POINT_CREATED")
end

.RDS_LOGGING_ENABLEDString

Checks that respective logs of Amazon Relational Database Service (Amazon RDS) are enabled.



1796
1797
1798
# File 'config/managed_rule_identifiers.rb', line 1796

def self.RDS_LOGGING_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "RDS_LOGGING_ENABLED")
end

.RDS_MULTI_AZ_SUPPORTString

Checks whether high availability is enabled for your RDS DB instances.



1804
1805
1806
# File 'config/managed_rule_identifiers.rb', line 1804

def self.RDS_MULTI_AZ_SUPPORT()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "RDS_MULTI_AZ_SUPPORT")
end

.RDS_RESOURCES_PROTECTED_BY_BACKUP_PLANString

Checks if Amazon Relational Database Service (Amazon RDS) instances are protected by a backup plan.



1812
1813
1814
# File 'config/managed_rule_identifiers.rb', line 1812

def self.RDS_RESOURCES_PROTECTED_BY_BACKUP_PLAN()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "RDS_RESOURCES_PROTECTED_BY_BACKUP_PLAN")
end

.RDS_SNAPSHOT_ENCRYPTEDString

Checks whether Amazon Relational Database Service (Amazon RDS) DB snapshots are encrypted.



1820
1821
1822
# File 'config/managed_rule_identifiers.rb', line 1820

def self.RDS_SNAPSHOT_ENCRYPTED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "RDS_SNAPSHOT_ENCRYPTED")
end

.RDS_SNAPSHOTS_PUBLIC_PROHIBITEDString

Checks if Amazon Relational Database Service (Amazon RDS) snapshots are public.



1828
1829
1830
# File 'config/managed_rule_identifiers.rb', line 1828

def self.RDS_SNAPSHOTS_PUBLIC_PROHIBITED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "RDS_SNAPSHOTS_PUBLIC_PROHIBITED")
end

.RDS_STORAGE_ENCRYPTEDString

Checks whether storage encryption is enabled for your RDS DB instances.



1836
1837
1838
# File 'config/managed_rule_identifiers.rb', line 1836

def self.RDS_STORAGE_ENCRYPTED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "RDS_STORAGE_ENCRYPTED")
end

.REDSHIFT_AUDIT_LOGGING_ENABLEDString

Checks if Amazon Redshift clusters are logging audits to a specific bucket.



1844
1845
1846
# File 'config/managed_rule_identifiers.rb', line 1844

def self.REDSHIFT_AUDIT_LOGGING_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "REDSHIFT_AUDIT_LOGGING_ENABLED")
end

.REDSHIFT_BACKUP_ENABLEDString

Checks that Amazon Redshift automated snapshots are enabled for clusters.



1852
1853
1854
# File 'config/managed_rule_identifiers.rb', line 1852

def self.REDSHIFT_BACKUP_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "REDSHIFT_BACKUP_ENABLED")
end

.REDSHIFT_CLUSTER_CONFIGURATION_CHECKString

Checks whether Amazon Redshift clusters have the specified settings.



1860
1861
1862
# File 'config/managed_rule_identifiers.rb', line 1860

def self.REDSHIFT_CLUSTER_CONFIGURATION_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "REDSHIFT_CLUSTER_CONFIGURATION_CHECK")
end

.REDSHIFT_CLUSTER_KMS_ENABLEDString

Checks if Amazon Redshift clusters are using a specified AWS Key Management Service (AWS KMS) key for encryption.



1868
1869
1870
# File 'config/managed_rule_identifiers.rb', line 1868

def self.REDSHIFT_CLUSTER_KMS_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "REDSHIFT_CLUSTER_KMS_ENABLED")
end

.REDSHIFT_CLUSTER_MAINTENANCE_SETTINGS_CHECKString

Checks whether Amazon Redshift clusters have the specified maintenance settings.



1876
1877
1878
# File 'config/managed_rule_identifiers.rb', line 1876

def self.REDSHIFT_CLUSTER_MAINTENANCE_SETTINGS_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "REDSHIFT_CLUSTER_MAINTENANCE_SETTINGS_CHECK")
end

.REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECKString

Checks whether Amazon Redshift clusters are not publicly accessible.



1884
1885
1886
# File 'config/managed_rule_identifiers.rb', line 1884

def self.REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK")
end

.REDSHIFT_DEFAULT_ADMIN_CHECKString

Checks if an Amazon Redshift cluster has changed the admin username from its default value.



1892
1893
1894
# File 'config/managed_rule_identifiers.rb', line 1892

def self.REDSHIFT_DEFAULT_ADMIN_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "REDSHIFT_DEFAULT_ADMIN_CHECK")
end

.REDSHIFT_DEFAULT_DB_NAME_CHECKString

Checks if a Redshift cluster has changed its database name from the default value.



1900
1901
1902
# File 'config/managed_rule_identifiers.rb', line 1900

def self.REDSHIFT_DEFAULT_DB_NAME_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "REDSHIFT_DEFAULT_DB_NAME_CHECK")
end

.REDSHIFT_ENHANCED_VPC_ROUTING_ENABLEDString

Checks if Amazon Redshift cluster has 'enhancedVpcRouting' enabled.



1908
1909
1910
# File 'config/managed_rule_identifiers.rb', line 1908

def self.REDSHIFT_ENHANCED_VPC_ROUTING_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "REDSHIFT_ENHANCED_VPC_ROUTING_ENABLED")
end

.REDSHIFT_REQUIRE_TLS_SSLString

Checks whether Amazon Redshift clusters require TLS/SSL encryption to connect to SQL clients.



1916
1917
1918
# File 'config/managed_rule_identifiers.rb', line 1916

def self.REDSHIFT_REQUIRE_TLS_SSL()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "REDSHIFT_REQUIRE_TLS_SSL")
end

.REQUIRED_TAGSString

Checks whether your resources have the tags that you specify.

For example, you can check whether your Amazon EC2 instances have the CostCenter tag.



1926
1927
1928
# File 'config/managed_rule_identifiers.rb', line 1926

def self.REQUIRED_TAGS()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "REQUIRED_TAGS")
end

.ROOT_ACCOUNT_HARDWARE_MFA_ENABLEDString

Checks whether your AWS account is enabled to use multi-factor authentication (MFA) hardware device to sign in with root credentials.



1934
1935
1936
# File 'config/managed_rule_identifiers.rb', line 1934

def self.ROOT_ACCOUNT_HARDWARE_MFA_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ROOT_ACCOUNT_HARDWARE_MFA_ENABLED")
end

.ROOT_ACCOUNT_MFA_ENABLEDString

Checks whether users of your AWS account require a multi-factor authentication (MFA) device to sign in with root credentials.



1942
1943
1944
# File 'config/managed_rule_identifiers.rb', line 1942

def self.ROOT_ACCOUNT_MFA_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ROOT_ACCOUNT_MFA_ENABLED")
end

.S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKSString

Checks whether the required public access block settings are configured from account level.



1950
1951
1952
# File 'config/managed_rule_identifiers.rb', line 1950

def self.S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS")
end

.S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODICString

Checks if the required public access block settings are configured from account level.



1958
1959
1960
# File 'config/managed_rule_identifiers.rb', line 1958

def self.S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC")
end

.S3_BUCKET_ACL_PROHIBITEDString

Checks if Amazon Simple Storage Service (Amazon S3) Buckets allow user permissions through access control lists (ACLs).



1966
1967
1968
# File 'config/managed_rule_identifiers.rb', line 1966

def self.S3_BUCKET_ACL_PROHIBITED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "S3_BUCKET_ACL_PROHIBITED")
end

.S3_BUCKET_BLOCKED_ACTIONS_PROHIBITEDString

Checks if the Amazon Simple Storage Service bucket policy does not allow blacklisted bucket-level and object-level actions on resources in the bucket for principals from other AWS accounts.



1974
1975
1976
# File 'config/managed_rule_identifiers.rb', line 1974

def self.S3_BUCKET_BLOCKED_ACTIONS_PROHIBITED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "S3_BUCKET_BLOCKED_ACTIONS_PROHIBITED")
end

.S3_BUCKET_DEFAULT_LOCK_ENABLEDString

Checks whether Amazon Simple Storage Service (Amazon S3) bucket has lock enabled, by default.



1982
1983
1984
# File 'config/managed_rule_identifiers.rb', line 1982

def self.S3_BUCKET_DEFAULT_LOCK_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "S3_BUCKET_DEFAULT_LOCK_ENABLED")
end

.S3_BUCKET_LEVEL_PUBLIC_ACCESS_PROHIBITEDString

Checks if Amazon Simple Storage Service (Amazon S3) buckets are publicly accessible.



1990
1991
1992
# File 'config/managed_rule_identifiers.rb', line 1990

def self.S3_BUCKET_LEVEL_PUBLIC_ACCESS_PROHIBITED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "S3_BUCKET_LEVEL_PUBLIC_ACCESS_PROHIBITED")
end

.S3_BUCKET_LOGGING_ENABLEDString

Checks whether logging is enabled for your S3 buckets.



1998
1999
2000
# File 'config/managed_rule_identifiers.rb', line 1998

def self.S3_BUCKET_LOGGING_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "S3_BUCKET_LOGGING_ENABLED")
end

.S3_BUCKET_POLICY_GRANTEE_CHECKString

Checks that the access granted by the Amazon S3 bucket is restricted by any of the AWS principals, federated users, service principals, IP addresses, or VPCs that you provide.



2006
2007
2008
# File 'config/managed_rule_identifiers.rb', line 2006

def self.S3_BUCKET_POLICY_GRANTEE_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "S3_BUCKET_POLICY_GRANTEE_CHECK")
end

.S3_BUCKET_POLICY_NOT_MORE_PERMISSIVEString

Checks if your Amazon Simple Storage Service bucket policies do not allow other inter-account permissions than the control Amazon S3 bucket policy that you provide.



2014
2015
2016
# File 'config/managed_rule_identifiers.rb', line 2014

def self.S3_BUCKET_POLICY_NOT_MORE_PERMISSIVE()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "S3_BUCKET_POLICY_NOT_MORE_PERMISSIVE")
end

.S3_BUCKET_PUBLIC_READ_PROHIBITEDString

Checks if your Amazon S3 buckets do not allow public read access.



2022
2023
2024
# File 'config/managed_rule_identifiers.rb', line 2022

def self.S3_BUCKET_PUBLIC_READ_PROHIBITED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "S3_BUCKET_PUBLIC_READ_PROHIBITED")
end

.S3_BUCKET_PUBLIC_WRITE_PROHIBITEDString

Checks that your Amazon S3 buckets do not allow public write access.



2030
2031
2032
# File 'config/managed_rule_identifiers.rb', line 2030

def self.S3_BUCKET_PUBLIC_WRITE_PROHIBITED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "S3_BUCKET_PUBLIC_WRITE_PROHIBITED")
end

.S3_BUCKET_REPLICATION_ENABLEDString

Checks whether S3 buckets have cross-region replication enabled.



2038
2039
2040
# File 'config/managed_rule_identifiers.rb', line 2038

def self.S3_BUCKET_REPLICATION_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "S3_BUCKET_REPLICATION_ENABLED")
end

.S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLEDString

Checks that your Amazon S3 bucket either has Amazon S3 default encryption enabled or that the S3 bucket policy explicitly denies put-object requests without server side encryption that uses AES-256 or AWS Key Management Service.



2046
2047
2048
# File 'config/managed_rule_identifiers.rb', line 2046

def self.S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED")
end

.S3_BUCKET_SSL_REQUESTS_ONLYString

Checks whether S3 buckets have policies that require requests to use Secure Socket Layer (SSL).



2054
2055
2056
# File 'config/managed_rule_identifiers.rb', line 2054

def self.S3_BUCKET_SSL_REQUESTS_ONLY()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "S3_BUCKET_SSL_REQUESTS_ONLY")
end

.S3_BUCKET_VERSIONING_ENABLEDString

Checks whether versioning is enabled for your S3 buckets.



2062
2063
2064
# File 'config/managed_rule_identifiers.rb', line 2062

def self.S3_BUCKET_VERSIONING_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "S3_BUCKET_VERSIONING_ENABLED")
end

.S3_DEFAULT_ENCRYPTION_KMSString

Checks whether the Amazon Simple Storage Service (Amazon S3) buckets are encrypted with AWS Key Management Service (AWS KMS).



2070
2071
2072
# File 'config/managed_rule_identifiers.rb', line 2070

def self.S3_DEFAULT_ENCRYPTION_KMS()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "S3_DEFAULT_ENCRYPTION_KMS")
end

.S3_EVENT_NOTIFICATIONS_ENABLEDString

Checks if Amazon S3 Events Notifications are enabled on an S3 bucket.



2078
2079
2080
# File 'config/managed_rule_identifiers.rb', line 2078

def self.S3_EVENT_NOTIFICATIONS_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "S3_EVENT_NOTIFICATIONS_ENABLED")
end

.S3_LAST_BACKUP_RECOVERY_POINT_CREATEDString

Checks if a recovery point was created for Amazon Simple Storage Service (Amazon S3).



2086
2087
2088
# File 'config/managed_rule_identifiers.rb', line 2086

def self.S3_LAST_BACKUP_RECOVERY_POINT_CREATED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "S3_LAST_BACKUP_RECOVERY_POINT_CREATED")
end

.S3_LIFECYCLE_POLICY_CHECKString

Checks if a lifecycle rule is configured for an Amazon Simple Storage Service (Amazon S3) bucket.



2094
2095
2096
# File 'config/managed_rule_identifiers.rb', line 2094

def self.S3_LIFECYCLE_POLICY_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "S3_LIFECYCLE_POLICY_CHECK")
end

.S3_RESOURCES_PROTECTED_BY_BACKUP_PLANString

Checks if Amazon Simple Storage Service (Amazon S3) buckets are protected by a backup plan.



2102
2103
2104
# File 'config/managed_rule_identifiers.rb', line 2102

def self.S3_RESOURCES_PROTECTED_BY_BACKUP_PLAN()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "S3_RESOURCES_PROTECTED_BY_BACKUP_PLAN")
end

.S3_VERSION_LIFECYCLE_POLICY_CHECKString

Checks if Amazon Simple Storage Service (Amazon S3) version enabled buckets have lifecycle policy configured.



2110
2111
2112
# File 'config/managed_rule_identifiers.rb', line 2110

def self.S3_VERSION_LIFECYCLE_POLICY_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "S3_VERSION_LIFECYCLE_POLICY_CHECK")
end

.SAGEMAKER_ENDPOINT_CONFIGURATION_KMS_KEY_CONFIGUREDString

Checks whether AWS Key Management Service (KMS) key is configured for an Amazon SageMaker endpoint configuration.



2118
2119
2120
# File 'config/managed_rule_identifiers.rb', line 2118

def self.SAGEMAKER_ENDPOINT_CONFIGURATION_KMS_KEY_CONFIGURED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "SAGEMAKER_ENDPOINT_CONFIGURATION_KMS_KEY_CONFIGURED")
end

.SAGEMAKER_NOTEBOOK_INSTANCE_KMS_KEY_CONFIGUREDString

Check whether an AWS Key Management Service (KMS) key is configured for SageMaker notebook instance.



2126
2127
2128
# File 'config/managed_rule_identifiers.rb', line 2126

def self.SAGEMAKER_NOTEBOOK_INSTANCE_KMS_KEY_CONFIGURED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "SAGEMAKER_NOTEBOOK_INSTANCE_KMS_KEY_CONFIGURED")
end

.SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESSString

Checks whether direct internet access is disabled for an Amazon SageMaker notebook instance.



2134
2135
2136
# File 'config/managed_rule_identifiers.rb', line 2134

def self.SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS")
end

.SECRETSMANAGER_ROTATION_ENABLED_CHECKString

Checks whether AWS Secrets Manager secret has rotation enabled.



2142
2143
2144
# File 'config/managed_rule_identifiers.rb', line 2142

def self.SECRETSMANAGER_ROTATION_ENABLED_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "SECRETSMANAGER_ROTATION_ENABLED_CHECK")
end

.SECRETSMANAGER_SCHEDULED_ROTATION_SUCCESS_CHECKString

Checks whether AWS Secrets Manager secret rotation has rotated successfully as per the rotation schedule.



2150
2151
2152
# File 'config/managed_rule_identifiers.rb', line 2150

def self.SECRETSMANAGER_SCHEDULED_ROTATION_SUCCESS_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "SECRETSMANAGER_SCHEDULED_ROTATION_SUCCESS_CHECK")
end

.SECRETSMANAGER_SECRET_PERIODIC_ROTATIONString

Checks if AWS Secrets Manager secrets have been rotated in the past specified number of days.



2158
2159
2160
# File 'config/managed_rule_identifiers.rb', line 2158

def self.SECRETSMANAGER_SECRET_PERIODIC_ROTATION()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "SECRETSMANAGER_SECRET_PERIODIC_ROTATION")
end

.SECRETSMANAGER_SECRET_UNUSEDString

Checks if AWS Secrets Manager secrets have been accessed within a specified number of days.



2166
2167
2168
# File 'config/managed_rule_identifiers.rb', line 2166

def self.SECRETSMANAGER_SECRET_UNUSED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "SECRETSMANAGER_SECRET_UNUSED")
end

.SECRETSMANAGER_USING_CMKString

Checks if all secrets in AWS Secrets Manager are encrypted using the AWS managed key (aws/secretsmanager) or a customer managed key that was created in AWS Key Management Service (AWS KMS).



2174
2175
2176
# File 'config/managed_rule_identifiers.rb', line 2174

def self.SECRETSMANAGER_USING_CMK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "SECRETSMANAGER_USING_CMK")
end

.SECURITYHUB_ENABLEDString

Checks that AWS Security Hub is enabled for an AWS account.



2182
2183
2184
# File 'config/managed_rule_identifiers.rb', line 2182

def self.SECURITYHUB_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "SECURITYHUB_ENABLED")
end

.SERVICE_VPC_ENDPOINT_ENABLEDString

Checks whether Service Endpoint for the service provided in rule parameter is created for each Amazon VPC.



2190
2191
2192
# File 'config/managed_rule_identifiers.rb', line 2190

def self.SERVICE_VPC_ENDPOINT_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "SERVICE_VPC_ENDPOINT_ENABLED")
end

.SHIELD_ADVANCED_ENABLED_AUTO_RENEWString

Checks whether EBS volumes are attached to EC2 instances.



2198
2199
2200
# File 'config/managed_rule_identifiers.rb', line 2198

def self.SHIELD_ADVANCED_ENABLED_AUTO_RENEW()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "SHIELD_ADVANCED_ENABLED_AUTO_RENEW")
end

.SHIELD_DRT_ACCESSString

Verify that DDoS response team (DRT) can access AWS account.



2206
2207
2208
# File 'config/managed_rule_identifiers.rb', line 2206

def self.SHIELD_DRT_ACCESS()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "SHIELD_DRT_ACCESS")
end

.SNS_ENCRYPTED_KMSString

Checks whether Amazon SNS topic is encrypted with AWS Key Management Service (AWS KMS).



2214
2215
2216
# File 'config/managed_rule_identifiers.rb', line 2214

def self.SNS_ENCRYPTED_KMS()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "SNS_ENCRYPTED_KMS")
end

.SNS_TOPIC_MESSAGE_DELIVERY_NOTIFICATION_ENABLEDString

Checks if Amazon Simple Notification Service (SNS) logging is enabled for the delivery status of notification messages sent to a topic for the endpoints.



2222
2223
2224
# File 'config/managed_rule_identifiers.rb', line 2222

def self.SNS_TOPIC_MESSAGE_DELIVERY_NOTIFICATION_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "SNS_TOPIC_MESSAGE_DELIVERY_NOTIFICATION_ENABLED")
end

.SSM_DOCUMENT_NOT_PUBLICString

Checks if AWS Systems Manager documents owned by the account are public.



2230
2231
2232
# File 'config/managed_rule_identifiers.rb', line 2230

def self.SSM_DOCUMENT_NOT_PUBLIC()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "SSM_DOCUMENT_NOT_PUBLIC")
end

.STORAGEGATEWAY_LAST_BACKUP_RECOVERY_POINT_CREATEDString

Checks if a recovery point was created for AWS Storage Gateway volumes.



2238
2239
2240
# File 'config/managed_rule_identifiers.rb', line 2238

def self.STORAGEGATEWAY_LAST_BACKUP_RECOVERY_POINT_CREATED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "STORAGEGATEWAY_LAST_BACKUP_RECOVERY_POINT_CREATED")
end

.SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLEDString

hecks if Amazon Virtual Private Cloud (Amazon VPC) subnets are assigned a public IP address.



2246
2247
2248
# File 'config/managed_rule_identifiers.rb', line 2246

def self.SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED")
end

.VIRTUALMACHINE_LAST_BACKUP_RECOVERY_POINT_CREATEDString

Checks if a recovery point was created for AWS Backup-Gateway VirtualMachines.



2254
2255
2256
# File 'config/managed_rule_identifiers.rb', line 2254

def self.VIRTUALMACHINE_LAST_BACKUP_RECOVERY_POINT_CREATED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "VIRTUALMACHINE_LAST_BACKUP_RECOVERY_POINT_CREATED")
end

.VIRTUALMACHINE_RESOURCES_PROTECTED_BY_BACKUP_PLANString

Checks if AWS Backup-Gateway VirtualMachines are protected by a backup plan.



2262
2263
2264
# File 'config/managed_rule_identifiers.rb', line 2262

def self.VIRTUALMACHINE_RESOURCES_PROTECTED_BY_BACKUP_PLAN()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "VIRTUALMACHINE_RESOURCES_PROTECTED_BY_BACKUP_PLAN")
end

.VPC_DEFAULT_SECURITY_GROUP_CLOSEDString

Checks that the default security group of any Amazon Virtual Private Cloud (VPC) does not allow inbound or outbound traffic.

The rule returns NOT_APPLICABLE if the security group is not default.



2273
2274
2275
# File 'config/managed_rule_identifiers.rb', line 2273

def self.VPC_DEFAULT_SECURITY_GROUP_CLOSED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "VPC_DEFAULT_SECURITY_GROUP_CLOSED")
end

.VPC_FLOW_LOGS_ENABLEDString

Checks whether Amazon Virtual Private Cloud flow logs are found and enabled for Amazon VPC.



2281
2282
2283
# File 'config/managed_rule_identifiers.rb', line 2281

def self.VPC_FLOW_LOGS_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "VPC_FLOW_LOGS_ENABLED")
end

.VPC_NETWORK_ACL_UNUSED_CHECKString

Checks if there are unused network access control lists (network ACLs).



2289
2290
2291
# File 'config/managed_rule_identifiers.rb', line 2289

def self.VPC_NETWORK_ACL_UNUSED_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "VPC_NETWORK_ACL_UNUSED_CHECK")
end

.VPC_PEERING_DNS_RESOLUTION_CHECKString

Checks if DNS resolution from accepter/requester VPC to private IP is enabled.



2297
2298
2299
# File 'config/managed_rule_identifiers.rb', line 2297

def self.VPC_PEERING_DNS_RESOLUTION_CHECK()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "VPC_PEERING_DNS_RESOLUTION_CHECK")
end

.VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTSString

Checks whether the security group with 0.0.0.0/0 of any Amazon Virtual Private Cloud (Amazon VPC) allows only specific inbound TCP or UDP traffic.



2305
2306
2307
# File 'config/managed_rule_identifiers.rb', line 2305

def self.VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS")
end

.VPC_VPN_2_TUNNELS_UPString

Checks that both AWS Virtual Private Network tunnels provided by AWS Site-to-Site VPN are in UP status.



2313
2314
2315
# File 'config/managed_rule_identifiers.rb', line 2313

def self.VPC_VPN_2_TUNNELS_UP()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "VPC_VPN_2_TUNNELS_UP")
end

.WAF_CLASSIC_LOGGING_ENABLEDString

Checks if logging is enabled on AWS Web Application Firewall (WAF) classic global web ACLs.



2321
2322
2323
# File 'config/managed_rule_identifiers.rb', line 2321

def self.WAF_CLASSIC_LOGGING_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "WAF_CLASSIC_LOGGING_ENABLED")
end

.WAF_GLOBAL_RULE_NOT_EMPTYString

Checks if an AWS WAF global rule contains any conditions.



2329
2330
2331
# File 'config/managed_rule_identifiers.rb', line 2329

def self.WAF_GLOBAL_RULE_NOT_EMPTY()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "WAF_GLOBAL_RULE_NOT_EMPTY")
end

.WAF_GLOBAL_RULEGROUP_NOT_EMPTYString

Checks if an AWS WAF Classic rule group contains any rules.



2337
2338
2339
# File 'config/managed_rule_identifiers.rb', line 2337

def self.WAF_GLOBAL_RULEGROUP_NOT_EMPTY()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "WAF_GLOBAL_RULEGROUP_NOT_EMPTY")
end

.WAF_GLOBAL_WEBACL_NOT_EMPTYString

Checks whether a WAF Global Web ACL contains any WAF rules or rule groups.



2345
2346
2347
# File 'config/managed_rule_identifiers.rb', line 2345

def self.WAF_GLOBAL_WEBACL_NOT_EMPTY()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "WAF_GLOBAL_WEBACL_NOT_EMPTY")
end

.WAF_REGIONAL_RULE_NOT_EMPTYString

Checks whether WAF regional rule contains conditions.



2353
2354
2355
# File 'config/managed_rule_identifiers.rb', line 2353

def self.WAF_REGIONAL_RULE_NOT_EMPTY()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "WAF_REGIONAL_RULE_NOT_EMPTY")
end

.WAF_REGIONAL_RULEGROUP_NOT_EMPTYString

Checks if WAF Regional rule groups contain any rules.



2361
2362
2363
# File 'config/managed_rule_identifiers.rb', line 2361

def self.WAF_REGIONAL_RULEGROUP_NOT_EMPTY()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "WAF_REGIONAL_RULEGROUP_NOT_EMPTY")
end

.WAF_REGIONAL_WEBACL_NOT_EMPTYString

Checks if a WAF regional Web ACL contains any WAF rules or rule groups.



2369
2370
2371
# File 'config/managed_rule_identifiers.rb', line 2369

def self.WAF_REGIONAL_WEBACL_NOT_EMPTY()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "WAF_REGIONAL_WEBACL_NOT_EMPTY")
end

.WAFV2_LOGGING_ENABLEDString

Checks whether logging is enabled on AWS Web Application Firewall (WAFV2) regional and global web access control list (ACLs).



2377
2378
2379
# File 'config/managed_rule_identifiers.rb', line 2377

def self.WAFV2_LOGGING_ENABLED()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "WAFV2_LOGGING_ENABLED")
end