Class: AWSCDK::Config::ManagedRuleIdentifiers
- Inherits:
-
Jsii::Object
- Object
- Jsii::Object
- AWSCDK::Config::ManagedRuleIdentifiers
- Defined in:
- config/managed_rule_identifiers.rb
Overview
Managed rules that are supported by AWS Config.
Class Method Summary collapse
-
.ACCESS_KEYS_ROTATED ⇒ String
Checks whether the active access keys are rotated within the number of days specified in maxAccessKeyAge.
-
.ACCOUNT_PART_OF_ORGANIZATIONS ⇒ String
Checks whether AWS account is part of AWS Organizations.
-
.ACM_CERTIFICATE_EXPIRATION_CHECK ⇒ String
Checks whether ACM Certificates in your account are marked for expiration within the specified number of days.
-
.ALB_DESYNC_MODE_CHECK ⇒ String
Checks if an Application Load Balancer (ALB) is configured with a user defined desync mitigation mode.
-
.ALB_HTTP_DROP_INVALID_HEADER_ENABLED ⇒ String
Checks if rule evaluates Application Load Balancers (ALBs) to ensure they are configured to drop http headers.
-
.ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK ⇒ String
Checks whether HTTP to HTTPS redirection is configured on all HTTP listeners of Application Load Balancer.
-
.ALB_WAF_ENABLED ⇒ String
Checks if Web Application Firewall (WAF) is enabled on Application Load Balancers (ALBs).
-
.API_GW_ASSOCIATED_WITH_WAF ⇒ String
Checks if an Amazon API Gateway API stage is using an AWS WAF Web ACL.
-
.API_GW_CACHE_ENABLED_AND_ENCRYPTED ⇒ String
Checks that all methods in Amazon API Gateway stages have caching enabled and encrypted.
-
.API_GW_ENDPOINT_TYPE_CHECK ⇒ String
Checks that Amazon API Gateway APIs are of the type specified in the rule parameter endpointConfigurationType.
-
.API_GW_EXECUTION_LOGGING_ENABLED ⇒ String
Checks that all methods in Amazon API Gateway stage has logging enabled.
-
.API_GW_SSL_ENABLED ⇒ String
Checks if a REST API stage uses an Secure Sockets Layer (SSL) certificate.
-
.API_GW_XRAY_ENABLED ⇒ String
Checks if AWS X-Ray tracing is enabled on Amazon API Gateway REST APIs.
-
.API_GWV2_ACCESS_LOGS_ENABLED ⇒ String
Checks if Amazon API Gateway V2 stages have access logging enabled.
-
.API_GWV2_AUTHORIZATION_TYPE_CONFIGURED ⇒ String
Checks if Amazon API Gatewayv2 API routes have an authorization type set.
-
.APPROVED_AMIS_BY_ID ⇒ String
Checks whether running instances are using specified AMIs.
-
.APPROVED_AMIS_BY_TAG ⇒ String
Checks whether running instances are using specified AMIs.
-
.AURORA_LAST_BACKUP_RECOVERY_POINT_CREATED ⇒ String
Checks if a recovery point was created for Amazon Aurora DB clusters.
-
.AURORA_MYSQL_BACKTRACKING_ENABLED ⇒ String
Checks if an Amazon Aurora MySQL cluster has backtracking enabled.
-
.AURORA_RESOURCES_PROTECTED_BY_BACKUP_PLAN ⇒ String
Checks if Amazon Aurora DB clusters are protected by a backup plan.
-
.AUTOSCALING_CAPACITY_REBALANCING ⇒ String
Checks if Capacity Rebalancing is enabled for Amazon EC2 Auto Scaling groups that use multiple instance types.
-
.AUTOSCALING_GROUP_ELB_HEALTHCHECK_REQUIRED ⇒ String
Checks whether your Auto Scaling groups that are associated with a load balancer are using Elastic Load Balancing health checks.
-
.AUTOSCALING_LAUNCH_CONFIG_HOP_LIMIT ⇒ String
Checks the number of network hops that the metadata token can travel.
-
.AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED ⇒ String
Checks if Amazon EC2 Auto Scaling groups have public IP addresses enabled through Launch Configurations.
-
.AUTOSCALING_LAUNCH_TEMPLATE ⇒ String
Checks if an Amazon Elastic Compute Cloud (EC2) Auto Scaling group is created from an EC2 launch template.
-
.AUTOSCALING_LAUNCHCONFIG_REQUIRES_IMDSV2 ⇒ String
Checks whether only IMDSv2 is enabled.
-
.AUTOSCALING_MULTIPLE_AZ ⇒ String
Checks if the Auto Scaling group spans multiple Availability Zones.
-
.AUTOSCALING_MULTIPLE_INSTANCE_TYPES ⇒ String
Checks if an Amazon Elastic Compute Cloud (Amazon EC2) Auto Scaling group uses multiple instance types.
-
.BACKUP_PLAN_MIN_FREQUENCY_AND_MIN_RETENTION_CHECK ⇒ String
Checks if a backup plan has a backup rule that satisfies the required frequency and retention period.
-
.BACKUP_RECOVERY_POINT_ENCRYPTED ⇒ String
Checks if a recovery point is encrypted.
-
.BACKUP_RECOVERY_POINT_MANUAL_DELETION_DISABLED ⇒ String
Checks if a backup vault has an attached resource-based policy which prevents deletion of recovery points.
-
.BACKUP_RECOVERY_POINT_MINIMUM_RETENTION_CHECK ⇒ String
Checks if a recovery point expires no earlier than after the specified period.
-
.BEANSTALK_ENHANCED_HEALTH_REPORTING_ENABLED ⇒ String
Checks if an AWS Elastic Beanstalk environment is configured for enhanced health reporting.
-
.CLB_DESYNC_MODE_CHECK ⇒ String
Checks if Classic Load Balancers (CLB) are configured with a user defined Desync mitigation mode.
-
.CLB_MULTIPLE_AZ ⇒ String
Checks if a Classic Load Balancer spans multiple Availability Zones (AZs).
-
.CLOUD_TRAIL_CLOUD_WATCH_LOGS_ENABLED ⇒ String
Checks whether AWS CloudTrail trails are configured to send logs to Amazon CloudWatch Logs.
-
.CLOUD_TRAIL_ENABLED ⇒ String
Checks whether AWS CloudTrail is enabled in your AWS account.
-
.CLOUD_TRAIL_ENCRYPTION_ENABLED ⇒ String
Checks whether AWS CloudTrail is configured to use the server side encryption (SSE) AWS Key Management Service (AWS KMS) customer master key (CMK) encryption.
-
.CLOUD_TRAIL_LOG_FILE_VALIDATION_ENABLED ⇒ String
Checks whether AWS CloudTrail creates a signed digest file with logs.
-
.CLOUDFORMATION_STACK_DRIFT_DETECTION_CHECK ⇒ String
Checks whether an AWS CloudFormation stack's actual configuration differs, or has drifted, from its expected configuration.
-
.CLOUDFORMATION_STACK_NOTIFICATION_CHECK ⇒ String
Checks whether your CloudFormation stacks are sending event notifications to an SNS topic.
-
.CLOUDFRONT_ACCESSLOGS_ENABLED ⇒ String
Checks if Amazon CloudFront distributions are configured to capture information from Amazon Simple Storage Service (Amazon S3) server access logs.
-
.CLOUDFRONT_ASSOCIATED_WITH_WAF ⇒ String
Checks if Amazon CloudFront distributions are associated with either WAF or WAFv2 web access control lists (ACLs).
-
.CLOUDFRONT_CUSTOM_SSL_CERTIFICATE ⇒ String
Checks if the certificate associated with an Amazon CloudFront distribution is the default Secure Sockets Layer (SSL) certificate.
-
.CLOUDFRONT_DEFAULT_ROOT_OBJECT_CONFIGURED ⇒ String
Checks if an Amazon CloudFront distribution is configured to return a specific object that is the default root object.
-
.CLOUDFRONT_NO_DEPRECATED_SSL_PROTOCOLS ⇒ String
Checks if CloudFront distributions are using deprecated SSL protocols for HTTPS communication between CloudFront edge locations and custom origins.
-
.CLOUDFRONT_ORIGIN_ACCESS_IDENTITY_ENABLED ⇒ String
Checks that Amazon CloudFront distribution with Amazon S3 Origin type has Origin Access Identity (OAI) configured.
-
.CLOUDFRONT_ORIGIN_FAILOVER_ENABLED ⇒ String
Checks whether an origin group is configured for the distribution of at least 2 origins in the origin group for Amazon CloudFront.
-
.CLOUDFRONT_SECURITY_POLICY_CHECK ⇒ String
Checks if Amazon CloudFront distributions are using a minimum security policy and cipher suite of TLSv1.2 or greater for viewer connections.
-
.CLOUDFRONT_SNI_ENABLED ⇒ String
Checks if Amazon CloudFront distributions are using a custom SSL certificate and are configured to use SNI to serve HTTPS requests.
-
.CLOUDFRONT_TRAFFIC_TO_ORIGIN_ENCRYPTED ⇒ String
Checks if Amazon CloudFront distributions are encrypting traffic to custom origins.
-
.CLOUDFRONT_VIEWER_POLICY_HTTPS ⇒ String
Checks whether your Amazon CloudFront distributions use HTTPS (directly or via a redirection).
-
.CLOUDTRAIL_MULTI_REGION_ENABLED ⇒ String
Checks that there is at least one multi-region AWS CloudTrail.
-
.CLOUDTRAIL_S3_DATAEVENTS_ENABLED ⇒ String
Checks whether at least one AWS CloudTrail trail is logging Amazon S3 data events for all S3 buckets.
-
.CLOUDTRAIL_SECURITY_TRAIL_ENABLED ⇒ String
Checks that there is at least one AWS CloudTrail trail defined with security best practices.
-
.CLOUDWATCH_ALARM_ACTION_CHECK ⇒ String
Checks whether CloudWatch alarms have at least one alarm action, one INSUFFICIENT_DATA action, or one OK action enabled.
-
.CLOUDWATCH_ALARM_ACTION_ENABLED_CHECK ⇒ String
Checks if Amazon CloudWatch alarms actions are in enabled state.
-
.CLOUDWATCH_ALARM_RESOURCE_CHECK ⇒ String
Checks whether the specified resource type has a CloudWatch alarm for the specified metric.
-
.CLOUDWATCH_ALARM_SETTINGS_CHECK ⇒ String
Checks whether CloudWatch alarms with the given metric name have the specified settings.
-
.CLOUDWATCH_LOG_GROUP_ENCRYPTED ⇒ String
Checks whether a log group in Amazon CloudWatch Logs is encrypted with a AWS Key Management Service (KMS) managed Customer Master Keys (CMK).
-
.CMK_BACKING_KEY_ROTATION_ENABLED ⇒ String
Checks that key rotation is enabled for each key and matches to the key ID of the customer created customer master key (CMK).
-
.CODEBUILD_PROJECT_ARTIFACT_ENCRYPTION ⇒ String
Checks if an AWS CodeBuild project has encryption enabled for all of its artifacts.
-
.CODEBUILD_PROJECT_ENVIRONMENT_PRIVILEGED_CHECK ⇒ String
Checks if an AWS CodeBuild project environment has privileged mode enabled.
-
.CODEBUILD_PROJECT_ENVVAR_AWSCRED_CHECK ⇒ String
Checks whether the project contains environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY.
-
.CODEBUILD_PROJECT_LOGGING_ENABLED ⇒ String
Checks if an AWS CodeBuild project environment has at least one log option enabled.
-
.CODEBUILD_PROJECT_S3_LOGS_ENCRYPTED ⇒ String
Checks if a AWS CodeBuild project configured with Amazon S3 Logs has encryption enabled for its logs.
-
.CODEBUILD_PROJECT_SOURCE_REPO_URL_CHECK ⇒ String
Checks whether the GitHub or Bitbucket source repository URL contains either personal access tokens or user name and password.
-
.CODEDEPLOY_AUTO_ROLLBACK_MONITOR_ENABLED ⇒ String
Checks if the deployment group is configured with automatic deployment rollback and deployment monitoring with alarms attached.
-
.CODEDEPLOY_EC2_MINIMUM_HEALTHY_HOSTS_CONFIGURED ⇒ String
Checks if the deployment group for EC2/On-Premises Compute Platform is configured with a minimum healthy hosts fleet percentage or host count greater than or equal to the input threshold.
-
.CODEDEPLOY_LAMBDA_ALLATONCE_TRAFFIC_SHIFT_DISABLED ⇒ String
Checks if the deployment group for Lambda Compute Platform is not using the default deployment configuration.
-
.CODEPIPELINE_DEPLOYMENT_COUNT_CHECK ⇒ String
Checks whether the first deployment stage of the AWS CodePipeline performs more than one deployment.
-
.CODEPIPELINE_REGION_FANOUT_CHECK ⇒ String
Checks whether each stage in the AWS CodePipeline deploys to more than N times the number of the regions the AWS CodePipeline has deployed in all the previous combined stages, where N is the region fanout number.
-
.CW_LOGGROUP_RETENTION_PERIOD_CHECK ⇒ String
Checks whether Amazon CloudWatch LogGroup retention period is set to specific number of days.
-
.DAX_ENCRYPTION_ENABLED ⇒ String
Checks that DynamoDB Accelerator (DAX) clusters are encrypted.
-
.DMS_REPLICATION_NOT_PUBLIC ⇒ String
Checks whether AWS Database Migration Service replication instances are public.
-
.DYNAMODB_AUTOSCALING_ENABLED ⇒ String
Checks whether Auto Scaling or On-Demand is enabled on your DynamoDB tables and/or global secondary indexes.
-
.DYNAMODB_IN_BACKUP_PLAN ⇒ String
Checks whether Amazon DynamoDB table is present in AWS Backup plans.
-
.DYNAMODB_LAST_BACKUP_RECOVERY_POINT_CREATED ⇒ String
Checks if a recovery point was created for Amazon DynamoDB Tables within the specified period.
-
.DYNAMODB_PITR_ENABLED ⇒ String
Checks that point in time recovery (PITR) is enabled for Amazon DynamoDB tables.
-
.DYNAMODB_RESOURCES_PROTECTED_BY_BACKUP_PLAN ⇒ String
Checks if Amazon DynamoDB tables are protected by a backup plan.
-
.DYNAMODB_TABLE_ENCRYPTED_KMS ⇒ String
Checks whether Amazon DynamoDB table is encrypted with AWS Key Management Service (KMS).
-
.DYNAMODB_TABLE_ENCRYPTION_ENABLED ⇒ String
Checks whether the Amazon DynamoDB tables are encrypted and checks their status.
-
.DYNAMODB_THROUGHPUT_LIMIT_CHECK ⇒ String
Checks whether provisioned DynamoDB throughput is approaching the maximum limit for your account.
-
.EBS_ENCRYPTED_VOLUMES ⇒ String
Checks whether the EBS volumes that are in an attached state are encrypted.
-
.EBS_IN_BACKUP_PLAN ⇒ String
Checks if Amazon Elastic Block Store (Amazon EBS) volumes are added in backup plans of AWS Backup.
-
.EBS_OPTIMIZED_INSTANCE ⇒ String
Checks whether EBS optimization is enabled for your EC2 instances that can be EBS-optimized.
-
.EBS_RESOURCES_PROTECTED_BY_BACKUP_PLAN ⇒ String
Checks if Amazon Elastic Block Store (Amazon EBS) volumes are protected by a backup plan.
-
.EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK ⇒ String
Checks whether Amazon Elastic Block Store snapshots are not publicly restorable.
-
.EC2_DESIRED_INSTANCE_TENANCY ⇒ String
Checks instances for specified tenancy.
-
.EC2_DESIRED_INSTANCE_TYPE ⇒ String
Checks whether your EC2 instances are of the specified instance types.
-
.EC2_EBS_ENCRYPTION_BY_DEFAULT ⇒ String
Check that Amazon Elastic Block Store (EBS) encryption is enabled by default.
-
.EC2_IMDSV2_CHECK ⇒ String
Checks whether your Amazon Elastic Compute Cloud (Amazon EC2) instance metadata version is configured with Instance Metadata Service Version 2 (IMDSv2).
-
.EC2_INSTANCE_DETAILED_MONITORING_ENABLED ⇒ String
Checks whether detailed monitoring is enabled for EC2 instances.
-
.EC2_INSTANCE_MANAGED_BY_SSM ⇒ String
Checks whether the Amazon EC2 instances in your account are managed by AWS Systems Manager.
-
.EC2_INSTANCE_MULTIPLE_ENI_CHECK ⇒ String
Checks if Amazon Elastic Compute Cloud (Amazon EC2) uses multiple ENIs (Elastic Network Interfaces) or Elastic Fabric Adapters (EFAs).
-
.EC2_INSTANCE_NO_PUBLIC_IP ⇒ String
Checks whether Amazon Elastic Compute Cloud (Amazon EC2) instances have a public IP association.
-
.EC2_INSTANCE_PROFILE_ATTACHED ⇒ String
Checks if an Amazon Elastic Compute Cloud (Amazon EC2) instance has an Identity and Access Management (IAM) profile attached to it.
-
.EC2_INSTANCES_IN_VPC ⇒ String
Checks whether your EC2 instances belong to a virtual private cloud (VPC).
-
.EC2_LAST_BACKUP_RECOVERY_POINT_CREATED ⇒ String
Checks if a recovery point was created for Amazon Elastic Compute Cloud (Amazon EC2) instances.
-
.EC2_MANAGED_INSTANCE_APPLICATIONS_BLOCKED ⇒ String
Checks that none of the specified applications are installed on the instance.
-
.EC2_MANAGED_INSTANCE_APPLICATIONS_REQUIRED ⇒ String
Checks whether all of the specified applications are installed on the instance.
-
.EC2_MANAGED_INSTANCE_ASSOCIATION_COMPLIANCE_STATUS_CHECK ⇒ String
Checks whether the compliance status of AWS Systems Manager association compliance is COMPLIANT or NON_COMPLIANT after the association execution on the instance.
-
.EC2_MANAGED_INSTANCE_INVENTORY_BLOCKED ⇒ String
Checks whether instances managed by AWS Systems Manager are configured to collect blocked inventory types.
-
.EC2_MANAGED_INSTANCE_PATCH_COMPLIANCE_STATUS_CHECK ⇒ String
Checks whether the compliance status of the Amazon EC2 Systems Manager patch compliance is COMPLIANT or NON_COMPLIANT after the patch installation on the instance.
-
.EC2_MANAGED_INSTANCE_PLATFORM_CHECK ⇒ String
Checks whether EC2 managed instances have the desired configurations.
-
.EC2_NO_AMAZON_KEY_PAIR ⇒ String
Checks if running Amazon Elastic Compute Cloud (EC2) instances are launched using amazon key pairs.
-
.EC2_PARAVIRTUAL_INSTANCE_CHECK ⇒ String
Checks if the virtualization type of an EC2 instance is paravirtual.
-
.EC2_RESOURCES_PROTECTED_BY_BACKUP_PLAN ⇒ String
Checks if Amazon Elastic Compute Cloud (Amazon EC2) instances are protected by a backup plan.
-
.EC2_SECURITY_GROUP_ATTACHED_TO_ENI ⇒ String
Checks that security groups are attached to Amazon Elastic Compute Cloud (Amazon EC2) instances or to an elastic network interface.
-
.EC2_SECURITY_GROUP_ATTACHED_TO_ENI_PERIODIC ⇒ String
Checks if non-default security groups are attached to Elastic network interfaces (ENIs).
-
.EC2_SECURITY_GROUPS_INCOMING_SSH_DISABLED ⇒ String
Checks whether the incoming SSH traffic for the security groups is accessible.
-
.EC2_SECURITY_GROUPS_RESTRICTED_INCOMING_TRAFFIC ⇒ String
Checks whether the security groups in use do not allow unrestricted incoming TCP traffic to the specified ports.
-
.EC2_STOPPED_INSTANCE ⇒ String
Checks whether there are instances stopped for more than the allowed number of days.
-
.EC2_TOKEN_HOP_LIMIT_CHECK ⇒ String
Checks if an Amazon Elastic Compute Cloud (EC2) instance metadata has a specified token hop limit that is below the desired limit.
-
.EC2_TRANSIT_GATEWAY_AUTO_VPC_ATTACH_DISABLED ⇒ String
Checks if Amazon Elastic Compute Cloud (Amazon EC2) Transit Gateways have 'AutoAcceptSharedAttachments' enabled.
-
.EC2_VOLUME_IECS_TASK_DEFINITION_USER_FOR_HOST_MODE_CHECKNUSE_CHECK ⇒ String
Checks if an Amazon Elastic Container Service (Amazon ECS) task definition with host networking mode has 'privileged' or 'user' container definitions.
-
.EC2_VOLUME_INUSE_CHECK ⇒ String
Checks whether EBS volumes are attached to EC2 instances.
-
.ECR_PRIVATE_IMAGE_SCANNING_ENABLED ⇒ String
Checks if a private Amazon Elastic Container Registry (ECR) repository has image scanning enabled.
-
.ECR_PRIVATE_LIFECYCLE_POLICY_CONFIGURED ⇒ String
Checks if a private Amazon Elastic Container Registry (ECR) repository has at least one lifecycle policy configured.
-
.ECR_PRIVATE_TAG_IMMUTABILITY_ENABLED ⇒ String
Checks if a private Amazon Elastic Container Registry (ECR) repository has tag immutability enabled.
-
.ECS_AWSVPC_NETWORKING_ENABLED ⇒ String
Checks if the networking mode for active ECSTaskDefinitions is set to ‘awsvpc’.
-
.ECS_CONTAINER_INSIGHTS_ENABLED ⇒ String
Checks if Amazon Elastic Container Service clusters have container insights enabled.
-
.ECS_CONTAINERS_NONPRIVILEGED ⇒ String
Checks if the privileged parameter in the container definition of ECSTaskDefinitions is set to ‘true’.
-
.ECS_CONTAINERS_READONLY_ACCESS ⇒ String
Checks if Amazon Elastic Container Service (Amazon ECS) Containers only have read-only access to its root filesystems.
-
.ECS_FARGATE_LATEST_PLATFORM_VERSION ⇒ String
Checks if Amazon Elastic Container Service (ECS) Fargate Services is running on the latest Fargate platform version.
-
.ECS_NO_ENVIRONMENT_SECRETS ⇒ String
Checks if secrets are passed as container environment variables.
-
.ECS_TASK_DEFINITION_LOG_CONFIGURATION ⇒ String
Checks if logConfiguration is set on active ECS Task Definitions.
-
.ECS_TASK_DEFINITION_MEMORY_HARD_LIMIT ⇒ String
Checks if Amazon Elastic Container Service (ECS) task definitions have a set memory limit for its container definitions.
-
.ECS_TASK_DEFINITION_NONROOT_USER ⇒ String
Checks if ECSTaskDefinitions specify a user for Amazon Elastic Container Service (Amazon ECS) EC2 launch type containers to run on.
-
.ECS_TASK_DEFINITION_PID_MODE_CHECK ⇒ String
Checks if ECSTaskDefinitions are configured to share a host’s process namespace with its Amazon Elastic Container Service (Amazon ECS) containers.
-
.EFS_ACCESS_POINT_ENFORCE_ROOT_DIRECTORY ⇒ String
Checks if Amazon Elastic File System (Amazon EFS) access points are configured to enforce a root directory.
-
.EFS_ACCESS_POINT_ENFORCE_USER_IDENTITY ⇒ String
Checks if Amazon Elastic File System (Amazon EFS) access points are configured to enforce a user identity.
-
.EFS_ENCRYPTED_CHECK ⇒ String
hecks whether Amazon Elastic File System (Amazon EFS) is configured to encrypt the file data using AWS Key Management Service (AWS KMS).
-
.EFS_IN_BACKUP_PLAN ⇒ String
Checks whether Amazon Elastic File System (Amazon EFS) file systems are added in the backup plans of AWS Backup.
-
.EFS_LAST_BACKUP_RECOVERY_POINT_CREATED ⇒ String
Checks if a recovery point was created for Amazon Elastic File System (Amazon EFS) File Systems.
-
.EFS_RESOURCES_PROTECTED_BY_BACKUP_PLAN ⇒ String
Checks if Amazon Elastic File System (Amazon EFS) File Systems are protected by a backup plan.
-
.EIP_ATTACHED ⇒ String
Checks whether all Elastic IP addresses that are allocated to a VPC are attached to EC2 instances or in-use elastic network interfaces (ENIs).
-
.EKS_CLUSTER_OLDEST_SUPPORTED_VERSION ⇒ String
Checks if an Amazon Elastic Kubernetes Service (EKS) cluster is running the oldest supported version.
-
.EKS_CLUSTER_SUPPORTED_VERSION ⇒ String
Checks if an Amazon Elastic Kubernetes Service (EKS) cluster is running a supported Kubernetes version.
-
.EKS_ENDPOINT_NO_PUBLIC_ACCESS ⇒ String
Checks whether Amazon Elastic Kubernetes Service (Amazon EKS) endpoint is not publicly accessible.
-
.EKS_SECRETS_ENCRYPTED ⇒ String
Checks whether Amazon Elastic Kubernetes Service clusters are configured to have Kubernetes secrets encrypted using AWS Key Management Service (KMS) keys.
-
.ELASTIC_BEANSTALK_MANAGED_UPDATES_ENABLED ⇒ String
Checks if managed platform updates in an AWS Elastic Beanstalk environment is enabled.
-
.ELASTICACHE_REDIS_CLUSTER_AUTOMATIC_BACKUP_CHECK ⇒ String
Check if the Amazon ElastiCache Redis clusters have automatic backup turned on.
-
.ELASTICSEARCH_ENCRYPTED_AT_REST ⇒ String
Checks whether Amazon Elasticsearch Service (Amazon ES) domains have encryption at rest configuration enabled.
-
.ELASTICSEARCH_IN_VPC_ONLY ⇒ String
Checks whether Amazon Elasticsearch Service (Amazon ES) domains are in Amazon Virtual Private Cloud (Amazon VPC).
-
.ELASTICSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK ⇒ String
Check that Amazon ElasticSearch Service nodes are encrypted end to end.
-
.ELB_ACM_CERTIFICATE_REQUIRED ⇒ String
Checks whether the Classic Load Balancers use SSL certificates provided by AWS Certificate Manager.
-
.ELB_CROSS_ZONE_LOAD_BALANCING_ENABLED ⇒ String
Checks if cross-zone load balancing is enabled for the Classic Load Balancers (CLBs).
-
.ELB_CUSTOM_SECURITY_POLICY_SSL_CHECK ⇒ String
Checks whether your Classic Load Balancer SSL listeners are using a custom policy.
-
.ELB_DELETION_PROTECTION_ENABLED ⇒ String
Checks whether Elastic Load Balancing has deletion protection enabled.
-
.ELB_LOGGING_ENABLED ⇒ String
Checks whether the Application Load Balancer and the Classic Load Balancer have logging enabled.
-
.ELB_PREDEFINED_SECURITY_POLICY_SSL_CHECK ⇒ String
Checks whether your Classic Load Balancer SSL listeners are using a predefined policy.
-
.ELB_TLS_HTTPS_LISTENERS_ONLY ⇒ String
Checks whether your Classic Load Balancer is configured with SSL or HTTPS listeners.
-
.ELBV2_ACM_CERTIFICATE_REQUIRED ⇒ String
Checks if Application Load Balancers and Network Load Balancers have listeners that are configured to use certificates from AWS Certificate Manager (ACM).
-
.ELBV2_MULTIPLE_AZ ⇒ String
Checks if an Elastic Load Balancer V2 (Application, Network, or Gateway Load Balancer) has registered instances from multiple Availability Zones (AZ's).
-
.EMR_KERBEROS_ENABLED ⇒ String
Checks that Amazon EMR clusters have Kerberos enabled.
-
.EMR_MASTER_NO_PUBLIC_IP ⇒ String
Checks whether Amazon Elastic MapReduce (EMR) clusters' master nodes have public IPs.
-
.FMS_SECURITY_GROUP_AUDIT_POLICY_CHECK ⇒ String
deprecated
Deprecated.
Inactive managed rule
-
.FMS_SECURITY_GROUP_CONTENT_CHECK ⇒ String
deprecated
Deprecated.
Inactive managed rule
-
.FMS_SECURITY_GROUP_RESOURCE_ASSOCIATION_CHECK ⇒ String
deprecated
Deprecated.
Inactive managed rule
-
.FMS_SHIELD_RESOURCE_POLICY_CHECK ⇒ String
Checks whether an Application Load Balancer, Amazon CloudFront distributions, Elastic Load Balancer or Elastic IP has AWS Shield protection.
-
.FMS_WEBACL_RESOURCE_POLICY_CHECK ⇒ String
Checks whether the web ACL is associated with an Application Load Balancer, API Gateway stage, or Amazon CloudFront distributions.
-
.FMS_WEBACL_RULEGROUP_ASSOCIATION_CHECK ⇒ String
Checks that the rule groups associate with the web ACL at the correct priority.
-
.FSX_LAST_BACKUP_RECOVERY_POINT_CREATED ⇒ String
Checks if a recovery point was created for Amazon FSx File Systems.
-
.FSX_RESOURCES_PROTECTED_BY_BACKUP_PLAN ⇒ String
Checks if Amazon FSx File Systems are protected by a backup plan.
-
.GUARDDUTY_ENABLED_CENTRALIZED ⇒ String
Checks whether Amazon GuardDuty is enabled in your AWS account and region.
-
.GUARDDUTY_NON_ARCHIVED_FINDINGS ⇒ String
Checks whether the Amazon GuardDuty has findings that are non archived.
-
.IAM_CUSTOMER_POLICY_BLOCKED_KMS_ACTIONS ⇒ String
Checks that the managed AWS Identity and Access Management policies that you create do not allow blocked actions on all AWS AWS KMS keys.
-
.IAM_GROUP_HAS_USERS_CHECK ⇒ String
Checks whether IAM groups have at least one IAM user.
-
.IAM_INLINE_POLICY_BLOCKED_KMS_ACTIONS ⇒ String
Checks that the inline policies attached to your AWS Identity and Access Management users, roles, and groups do not allow blocked actions on all AWS Key Management Service keys.
-
.IAM_NO_INLINE_POLICY_CHECK ⇒ String
Checks that inline policy feature is not in use.
-
.IAM_PASSWORD_POLICY ⇒ String
Checks whether the account password policy for IAM users meets the specified requirements indicated in the parameters.
-
.IAM_POLICY_BLOCKED_CHECK ⇒ String
Checks whether for each IAM resource, a policy ARN in the input parameter is attached to the IAM resource.
-
.IAM_POLICY_IN_USE ⇒ String
Checks whether the IAM policy ARN is attached to an IAM user, or an IAM group with one or more IAM users, or an IAM role with one or more trusted entity.
-
.IAM_POLICY_NO_STATEMENTS_WITH_ADMIN_ACCESS ⇒ String
Checks the IAM policies that you create for Allow statements that grant permissions to all actions on all resources.
-
.IAM_POLICY_NO_STATEMENTS_WITH_FULL_ACCESS ⇒ String
Checks if AWS Identity and Access Management (IAM) policies that you create grant permissions to all actions on individual AWS resources.
-
.IAM_ROLE_MANAGED_POLICY_CHECK ⇒ String
Checks that AWS Identity and Access Management (IAM) policies in a list of policies are attached to all AWS roles.
-
.IAM_ROOT_ACCESS_KEY_CHECK ⇒ String
Checks whether the root user access key is available.
-
.IAM_USER_GROUP_MEMBERSHIP_CHECK ⇒ String
Checks whether IAM users are members of at least one IAM group.
-
.IAM_USER_MFA_ENABLED ⇒ String
Checks whether the AWS Identity and Access Management users have multi-factor authentication (MFA) enabled.
-
.IAM_USER_NO_POLICIES_CHECK ⇒ String
Checks that none of your IAM users have policies attached.
-
.IAM_USER_UNUSED_CREDENTIALS_CHECK ⇒ String
Checks whether your AWS Identity and Access Management (IAM) users have passwords or active access keys that have not been used within the specified number of days you provided.
-
.INTERNET_GATEWAY_AUTHORIZED_VPC_ONLY ⇒ String
Checks that Internet gateways (IGWs) are only attached to an authorized Amazon Virtual Private Cloud (VPCs).
- .jsii_overridable_methods ⇒ Object
-
.KINESIS_STREAM_ENCRYPTED ⇒ String
Checks if Amazon Kinesis streams are encrypted at rest with server-side encryption.
-
.KMS_CMK_NOT_SCHEDULED_FOR_DELETION ⇒ String
Checks whether customer master keys (CMKs) are not scheduled for deletion in AWS Key Management Service (KMS).
-
.LAMBDA_CONCURRENCY_CHECK ⇒ String
Checks whether the AWS Lambda function is configured with function-level concurrent execution limit.
-
.LAMBDA_DLQ_CHECK ⇒ String
Checks whether an AWS Lambda function is configured with a dead-letter queue.
-
.LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED ⇒ String
Checks whether the AWS Lambda function policy attached to the Lambda resource prohibits public access.
-
.LAMBDA_FUNCTION_SETTINGS_CHECK ⇒ String
Checks that the lambda function settings for runtime, role, timeout, and memory size match the expected values.
-
.LAMBDA_INSIDE_VPC ⇒ String
Checks whether an AWS Lambda function is in an Amazon Virtual Private Cloud.
-
.LAMBDA_VPC_MULTI_AZ_CHECK ⇒ String
Checks if Lambda has more than 1 availability zone associated.
-
.MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS ⇒ String
Checks whether AWS Multi-Factor Authentication (MFA) is enabled for all IAM users that use a console password.
-
.NACL_NO_UNRESTRICTED_SSH_RDP ⇒ String
Checks if default ports for SSH/RDP ingress traffic for network access control lists (NACLs) is unrestricted.
-
.NETFW_POLICY_DEFAULT_ACTION_FRAGMENT_PACKETS ⇒ String
Checks if an AWS Network Firewall policy is configured with a user defined stateless default action for fragmented packets.
-
.NETFW_POLICY_DEFAULT_ACTION_FULL_PACKETS ⇒ String
Checks if an AWS Network Firewall policy is configured with a user defined default stateless action for full packets.
-
.NETFW_POLICY_RULE_GROUP_ASSOCIATED ⇒ String
Check AWS Network Firewall policy is associated with stateful OR stateless rule groups.
-
.NETFW_STATELESS_RULE_GROUP_NOT_EMPTY ⇒ String
Checks if a Stateless Network Firewall Rule Group contains rules.
-
.NLB_CROSS_ZONE_LOAD_BALANCING_ENABLED ⇒ String
Checks if cross-zone load balancing is enabled on Network Load Balancers (NLBs).
-
.OPENSEARCH_ACCESS_CONTROL_ENABLED ⇒ String
Checks if Amazon OpenSearch Service domains have fine-grained access control enabled.
-
.OPENSEARCH_AUDIT_LOGGING_ENABLED ⇒ String
Checks if Amazon OpenSearch Service domains have audit logging enabled.
-
.OPENSEARCH_DATA_NODE_FAULT_TOLERANCE ⇒ String
Checks if Amazon OpenSearch Service domains are configured with at least three data nodes and zoneAwarenessEnabled is true.
-
.OPENSEARCH_ENCRYPTED_AT_REST ⇒ String
Checks if Amazon OpenSearch Service domains have encryption at rest configuration enabled.
-
.OPENSEARCH_HTTPS_REQUIRED ⇒ String
Checks whether connections to OpenSearch domains are using HTTPS.
-
.OPENSEARCH_IN_VPC_ONLY ⇒ String
Checks if Amazon OpenSearch Service domains are in an Amazon Virtual Private Cloud (VPC).
-
.OPENSEARCH_LOGS_TO_CLOUDWATCH ⇒ String
Checks if Amazon OpenSearch Service domains are configured to send logs to Amazon CloudWatch Logs.
-
.OPENSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK ⇒ String
Check if Amazon OpenSearch Service nodes are encrypted end to end.
-
.RDS_AUTOMATIC_MINOR_VERSION_UPGRADE_ENABLED ⇒ String
Checks if Amazon Relational Database Service (RDS) database instances are configured for automatic minor version upgrades.
-
.RDS_CLUSTER_DEFAULT_ADMIN_CHECK ⇒ String
Checks if an Amazon Relational Database Service (Amazon RDS) database cluster has changed the admin username from its default value.
-
.RDS_CLUSTER_DELETION_PROTECTION_ENABLED ⇒ String
Checks if an Amazon Relational Database Service (Amazon RDS) cluster has deletion protection enabled.
-
.RDS_CLUSTER_IAM_AUTHENTICATION_ENABLED ⇒ String
Checks if an Amazon RDS Cluster has AWS Identity and Access Management (IAM) authentication enabled.
-
.RDS_CLUSTER_MULTI_AZ_ENABLED ⇒ String
Checks if Multi-AZ replication is enabled on Amazon Aurora and Hermes clusters managed by Amazon Relational Database Service (Amazon RDS).
-
.RDS_DB_INSTANCE_BACKUP_ENABLED ⇒ String
Checks whether RDS DB instances have backups enabled.
-
.RDS_DB_SECURITY_GROUP_NOT_ALLOWED ⇒ String
Checks if there are any Amazon Relational Database Service (RDS) DB security groups that are not the default DB security group.
-
.RDS_ENHANCED_MONITORING_ENABLED ⇒ String
Checks whether enhanced monitoring is enabled for Amazon Relational Database Service (Amazon RDS) instances.
-
.RDS_IN_BACKUP_PLAN ⇒ String
Checks whether Amazon RDS database is present in back plans of AWS Backup.
-
.RDS_INSTANCE_DEFAULT_ADMIN_CHECK ⇒ String
Checks if an Amazon Relational Database Service (Amazon RDS) database has changed the admin username from its default value.
-
.RDS_INSTANCE_DELETION_PROTECTION_ENABLED ⇒ String
Checks if an Amazon Relational Database Service (Amazon RDS) instance has deletion protection enabled.
-
.RDS_INSTANCE_IAM_AUTHENTICATION_ENABLED ⇒ String
Checks if an Amazon RDS instance has AWS Identity and Access Management (IAM) authentication enabled.
-
.RDS_INSTANCE_PUBLIC_ACCESS_CHECK ⇒ String
Check whether the Amazon Relational Database Service instances are not publicly accessible.
-
.RDS_LAST_BACKUP_RECOVERY_POINT_CREATED ⇒ String
Checks if a recovery point was created for Amazon Relational Database Service (Amazon RDS).
-
.RDS_LOGGING_ENABLED ⇒ String
Checks that respective logs of Amazon Relational Database Service (Amazon RDS) are enabled.
-
.RDS_MULTI_AZ_SUPPORT ⇒ String
Checks whether high availability is enabled for your RDS DB instances.
-
.RDS_RESOURCES_PROTECTED_BY_BACKUP_PLAN ⇒ String
Checks if Amazon Relational Database Service (Amazon RDS) instances are protected by a backup plan.
-
.RDS_SNAPSHOT_ENCRYPTED ⇒ String
Checks whether Amazon Relational Database Service (Amazon RDS) DB snapshots are encrypted.
-
.RDS_SNAPSHOTS_PUBLIC_PROHIBITED ⇒ String
Checks if Amazon Relational Database Service (Amazon RDS) snapshots are public.
-
.RDS_STORAGE_ENCRYPTED ⇒ String
Checks whether storage encryption is enabled for your RDS DB instances.
-
.REDSHIFT_AUDIT_LOGGING_ENABLED ⇒ String
Checks if Amazon Redshift clusters are logging audits to a specific bucket.
-
.REDSHIFT_BACKUP_ENABLED ⇒ String
Checks that Amazon Redshift automated snapshots are enabled for clusters.
-
.REDSHIFT_CLUSTER_CONFIGURATION_CHECK ⇒ String
Checks whether Amazon Redshift clusters have the specified settings.
-
.REDSHIFT_CLUSTER_KMS_ENABLED ⇒ String
Checks if Amazon Redshift clusters are using a specified AWS Key Management Service (AWS KMS) key for encryption.
-
.REDSHIFT_CLUSTER_MAINTENANCE_SETTINGS_CHECK ⇒ String
Checks whether Amazon Redshift clusters have the specified maintenance settings.
-
.REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK ⇒ String
Checks whether Amazon Redshift clusters are not publicly accessible.
-
.REDSHIFT_DEFAULT_ADMIN_CHECK ⇒ String
Checks if an Amazon Redshift cluster has changed the admin username from its default value.
-
.REDSHIFT_DEFAULT_DB_NAME_CHECK ⇒ String
Checks if a Redshift cluster has changed its database name from the default value.
-
.REDSHIFT_ENHANCED_VPC_ROUTING_ENABLED ⇒ String
Checks if Amazon Redshift cluster has 'enhancedVpcRouting' enabled.
-
.REDSHIFT_REQUIRE_TLS_SSL ⇒ String
Checks whether Amazon Redshift clusters require TLS/SSL encryption to connect to SQL clients.
-
.REQUIRED_TAGS ⇒ String
Checks whether your resources have the tags that you specify.
-
.ROOT_ACCOUNT_HARDWARE_MFA_ENABLED ⇒ String
Checks whether your AWS account is enabled to use multi-factor authentication (MFA) hardware device to sign in with root credentials.
-
.ROOT_ACCOUNT_MFA_ENABLED ⇒ String
Checks whether users of your AWS account require a multi-factor authentication (MFA) device to sign in with root credentials.
-
.S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS ⇒ String
Checks whether the required public access block settings are configured from account level.
-
.S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC ⇒ String
Checks if the required public access block settings are configured from account level.
-
.S3_BUCKET_ACL_PROHIBITED ⇒ String
Checks if Amazon Simple Storage Service (Amazon S3) Buckets allow user permissions through access control lists (ACLs).
-
.S3_BUCKET_BLOCKED_ACTIONS_PROHIBITED ⇒ String
Checks if the Amazon Simple Storage Service bucket policy does not allow blacklisted bucket-level and object-level actions on resources in the bucket for principals from other AWS accounts.
-
.S3_BUCKET_DEFAULT_LOCK_ENABLED ⇒ String
Checks whether Amazon Simple Storage Service (Amazon S3) bucket has lock enabled, by default.
-
.S3_BUCKET_LEVEL_PUBLIC_ACCESS_PROHIBITED ⇒ String
Checks if Amazon Simple Storage Service (Amazon S3) buckets are publicly accessible.
-
.S3_BUCKET_LOGGING_ENABLED ⇒ String
Checks whether logging is enabled for your S3 buckets.
-
.S3_BUCKET_POLICY_GRANTEE_CHECK ⇒ String
Checks that the access granted by the Amazon S3 bucket is restricted by any of the AWS principals, federated users, service principals, IP addresses, or VPCs that you provide.
-
.S3_BUCKET_POLICY_NOT_MORE_PERMISSIVE ⇒ String
Checks if your Amazon Simple Storage Service bucket policies do not allow other inter-account permissions than the control Amazon S3 bucket policy that you provide.
-
.S3_BUCKET_PUBLIC_READ_PROHIBITED ⇒ String
Checks if your Amazon S3 buckets do not allow public read access.
-
.S3_BUCKET_PUBLIC_WRITE_PROHIBITED ⇒ String
Checks that your Amazon S3 buckets do not allow public write access.
-
.S3_BUCKET_REPLICATION_ENABLED ⇒ String
Checks whether S3 buckets have cross-region replication enabled.
-
.S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED ⇒ String
Checks that your Amazon S3 bucket either has Amazon S3 default encryption enabled or that the S3 bucket policy explicitly denies put-object requests without server side encryption that uses AES-256 or AWS Key Management Service.
-
.S3_BUCKET_SSL_REQUESTS_ONLY ⇒ String
Checks whether S3 buckets have policies that require requests to use Secure Socket Layer (SSL).
-
.S3_BUCKET_VERSIONING_ENABLED ⇒ String
Checks whether versioning is enabled for your S3 buckets.
-
.S3_DEFAULT_ENCRYPTION_KMS ⇒ String
Checks whether the Amazon Simple Storage Service (Amazon S3) buckets are encrypted with AWS Key Management Service (AWS KMS).
-
.S3_EVENT_NOTIFICATIONS_ENABLED ⇒ String
Checks if Amazon S3 Events Notifications are enabled on an S3 bucket.
-
.S3_LAST_BACKUP_RECOVERY_POINT_CREATED ⇒ String
Checks if a recovery point was created for Amazon Simple Storage Service (Amazon S3).
-
.S3_LIFECYCLE_POLICY_CHECK ⇒ String
Checks if a lifecycle rule is configured for an Amazon Simple Storage Service (Amazon S3) bucket.
-
.S3_RESOURCES_PROTECTED_BY_BACKUP_PLAN ⇒ String
Checks if Amazon Simple Storage Service (Amazon S3) buckets are protected by a backup plan.
-
.S3_VERSION_LIFECYCLE_POLICY_CHECK ⇒ String
Checks if Amazon Simple Storage Service (Amazon S3) version enabled buckets have lifecycle policy configured.
-
.SAGEMAKER_ENDPOINT_CONFIGURATION_KMS_KEY_CONFIGURED ⇒ String
Checks whether AWS Key Management Service (KMS) key is configured for an Amazon SageMaker endpoint configuration.
-
.SAGEMAKER_NOTEBOOK_INSTANCE_KMS_KEY_CONFIGURED ⇒ String
Check whether an AWS Key Management Service (KMS) key is configured for SageMaker notebook instance.
-
.SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS ⇒ String
Checks whether direct internet access is disabled for an Amazon SageMaker notebook instance.
-
.SECRETSMANAGER_ROTATION_ENABLED_CHECK ⇒ String
Checks whether AWS Secrets Manager secret has rotation enabled.
-
.SECRETSMANAGER_SCHEDULED_ROTATION_SUCCESS_CHECK ⇒ String
Checks whether AWS Secrets Manager secret rotation has rotated successfully as per the rotation schedule.
-
.SECRETSMANAGER_SECRET_PERIODIC_ROTATION ⇒ String
Checks if AWS Secrets Manager secrets have been rotated in the past specified number of days.
-
.SECRETSMANAGER_SECRET_UNUSED ⇒ String
Checks if AWS Secrets Manager secrets have been accessed within a specified number of days.
-
.SECRETSMANAGER_USING_CMK ⇒ String
Checks if all secrets in AWS Secrets Manager are encrypted using the AWS managed key (aws/secretsmanager) or a customer managed key that was created in AWS Key Management Service (AWS KMS).
-
.SECURITYHUB_ENABLED ⇒ String
Checks that AWS Security Hub is enabled for an AWS account.
-
.SERVICE_VPC_ENDPOINT_ENABLED ⇒ String
Checks whether Service Endpoint for the service provided in rule parameter is created for each Amazon VPC.
-
.SHIELD_ADVANCED_ENABLED_AUTO_RENEW ⇒ String
Checks whether EBS volumes are attached to EC2 instances.
-
.SHIELD_DRT_ACCESS ⇒ String
Verify that DDoS response team (DRT) can access AWS account.
-
.SNS_ENCRYPTED_KMS ⇒ String
Checks whether Amazon SNS topic is encrypted with AWS Key Management Service (AWS KMS).
-
.SNS_TOPIC_MESSAGE_DELIVERY_NOTIFICATION_ENABLED ⇒ String
Checks if Amazon Simple Notification Service (SNS) logging is enabled for the delivery status of notification messages sent to a topic for the endpoints.
-
.SSM_DOCUMENT_NOT_PUBLIC ⇒ String
Checks if AWS Systems Manager documents owned by the account are public.
-
.STORAGEGATEWAY_LAST_BACKUP_RECOVERY_POINT_CREATED ⇒ String
Checks if a recovery point was created for AWS Storage Gateway volumes.
-
.SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED ⇒ String
hecks if Amazon Virtual Private Cloud (Amazon VPC) subnets are assigned a public IP address.
-
.VIRTUALMACHINE_LAST_BACKUP_RECOVERY_POINT_CREATED ⇒ String
Checks if a recovery point was created for AWS Backup-Gateway VirtualMachines.
-
.VIRTUALMACHINE_RESOURCES_PROTECTED_BY_BACKUP_PLAN ⇒ String
Checks if AWS Backup-Gateway VirtualMachines are protected by a backup plan.
-
.VPC_DEFAULT_SECURITY_GROUP_CLOSED ⇒ String
Checks that the default security group of any Amazon Virtual Private Cloud (VPC) does not allow inbound or outbound traffic.
-
.VPC_FLOW_LOGS_ENABLED ⇒ String
Checks whether Amazon Virtual Private Cloud flow logs are found and enabled for Amazon VPC.
-
.VPC_NETWORK_ACL_UNUSED_CHECK ⇒ String
Checks if there are unused network access control lists (network ACLs).
-
.VPC_PEERING_DNS_RESOLUTION_CHECK ⇒ String
Checks if DNS resolution from accepter/requester VPC to private IP is enabled.
-
.VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS ⇒ String
Checks whether the security group with 0.0.0.0/0 of any Amazon Virtual Private Cloud (Amazon VPC) allows only specific inbound TCP or UDP traffic.
-
.VPC_VPN_2_TUNNELS_UP ⇒ String
Checks that both AWS Virtual Private Network tunnels provided by AWS Site-to-Site VPN are in UP status.
-
.WAF_CLASSIC_LOGGING_ENABLED ⇒ String
Checks if logging is enabled on AWS Web Application Firewall (WAF) classic global web ACLs.
-
.WAF_GLOBAL_RULE_NOT_EMPTY ⇒ String
Checks if an AWS WAF global rule contains any conditions.
-
.WAF_GLOBAL_RULEGROUP_NOT_EMPTY ⇒ String
Checks if an AWS WAF Classic rule group contains any rules.
-
.WAF_GLOBAL_WEBACL_NOT_EMPTY ⇒ String
Checks whether a WAF Global Web ACL contains any WAF rules or rule groups.
-
.WAF_REGIONAL_RULE_NOT_EMPTY ⇒ String
Checks whether WAF regional rule contains conditions.
-
.WAF_REGIONAL_RULEGROUP_NOT_EMPTY ⇒ String
Checks if WAF Regional rule groups contain any rules.
-
.WAF_REGIONAL_WEBACL_NOT_EMPTY ⇒ String
Checks if a WAF regional Web ACL contains any WAF rules or rule groups.
-
.WAFV2_LOGGING_ENABLED ⇒ String
Checks whether logging is enabled on AWS Web Application Firewall (WAFV2) regional and global web access control list (ACLs).
Instance Method Summary collapse
-
#initialize(*args) ⇒ ManagedRuleIdentifiers
constructor
A new instance of ManagedRuleIdentifiers.
Constructor Details
#initialize(*args) ⇒ ManagedRuleIdentifiers
Returns a new instance of ManagedRuleIdentifiers.
10 11 12 |
# File 'config/managed_rule_identifiers.rb', line 10 def initialize(*args) raise NoMethodError, "aws-cdk-lib.aws_config.ManagedRuleIdentifiers does not have a visible constructor; use the provided factory methods" end |
Class Method Details
.ACCESS_KEYS_ROTATED ⇒ String
Checks whether the active access keys are rotated within the number of days specified in maxAccessKeyAge.
23 24 25 |
# File 'config/managed_rule_identifiers.rb', line 23 def self.ACCESS_KEYS_ROTATED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ACCESS_KEYS_ROTATED") end |
.ACCOUNT_PART_OF_ORGANIZATIONS ⇒ String
Checks whether AWS account is part of AWS Organizations.
31 32 33 |
# File 'config/managed_rule_identifiers.rb', line 31 def self.ACCOUNT_PART_OF_ORGANIZATIONS() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ACCOUNT_PART_OF_ORGANIZATIONS") end |
.ACM_CERTIFICATE_EXPIRATION_CHECK ⇒ String
Checks whether ACM Certificates in your account are marked for expiration within the specified number of days.
39 40 41 |
# File 'config/managed_rule_identifiers.rb', line 39 def self.ACM_CERTIFICATE_EXPIRATION_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ACM_CERTIFICATE_EXPIRATION_CHECK") end |
.ALB_DESYNC_MODE_CHECK ⇒ String
Checks if an Application Load Balancer (ALB) is configured with a user defined desync mitigation mode.
47 48 49 |
# File 'config/managed_rule_identifiers.rb', line 47 def self.ALB_DESYNC_MODE_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ALB_DESYNC_MODE_CHECK") end |
.ALB_HTTP_DROP_INVALID_HEADER_ENABLED ⇒ String
Checks if rule evaluates Application Load Balancers (ALBs) to ensure they are configured to drop http headers.
55 56 57 |
# File 'config/managed_rule_identifiers.rb', line 55 def self.ALB_HTTP_DROP_INVALID_HEADER_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ALB_HTTP_DROP_INVALID_HEADER_ENABLED") end |
.ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK ⇒ String
Checks whether HTTP to HTTPS redirection is configured on all HTTP listeners of Application Load Balancer.
63 64 65 |
# File 'config/managed_rule_identifiers.rb', line 63 def self.ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK") end |
.ALB_WAF_ENABLED ⇒ String
Checks if Web Application Firewall (WAF) is enabled on Application Load Balancers (ALBs).
71 72 73 |
# File 'config/managed_rule_identifiers.rb', line 71 def self.ALB_WAF_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ALB_WAF_ENABLED") end |
.API_GW_ASSOCIATED_WITH_WAF ⇒ String
Checks if an Amazon API Gateway API stage is using an AWS WAF Web ACL.
79 80 81 |
# File 'config/managed_rule_identifiers.rb', line 79 def self.API_GW_ASSOCIATED_WITH_WAF() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "API_GW_ASSOCIATED_WITH_WAF") end |
.API_GW_CACHE_ENABLED_AND_ENCRYPTED ⇒ String
Checks that all methods in Amazon API Gateway stages have caching enabled and encrypted.
87 88 89 |
# File 'config/managed_rule_identifiers.rb', line 87 def self.API_GW_CACHE_ENABLED_AND_ENCRYPTED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "API_GW_CACHE_ENABLED_AND_ENCRYPTED") end |
.API_GW_ENDPOINT_TYPE_CHECK ⇒ String
Checks that Amazon API Gateway APIs are of the type specified in the rule parameter endpointConfigurationType.
95 96 97 |
# File 'config/managed_rule_identifiers.rb', line 95 def self.API_GW_ENDPOINT_TYPE_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "API_GW_ENDPOINT_TYPE_CHECK") end |
.API_GW_EXECUTION_LOGGING_ENABLED ⇒ String
Checks that all methods in Amazon API Gateway stage has logging enabled.
103 104 105 |
# File 'config/managed_rule_identifiers.rb', line 103 def self.API_GW_EXECUTION_LOGGING_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "API_GW_EXECUTION_LOGGING_ENABLED") end |
.API_GW_SSL_ENABLED ⇒ String
Checks if a REST API stage uses an Secure Sockets Layer (SSL) certificate.
111 112 113 |
# File 'config/managed_rule_identifiers.rb', line 111 def self.API_GW_SSL_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "API_GW_SSL_ENABLED") end |
.API_GW_XRAY_ENABLED ⇒ String
Checks if AWS X-Ray tracing is enabled on Amazon API Gateway REST APIs.
119 120 121 |
# File 'config/managed_rule_identifiers.rb', line 119 def self.API_GW_XRAY_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "API_GW_XRAY_ENABLED") end |
.API_GWV2_ACCESS_LOGS_ENABLED ⇒ String
Checks if Amazon API Gateway V2 stages have access logging enabled.
127 128 129 |
# File 'config/managed_rule_identifiers.rb', line 127 def self.API_GWV2_ACCESS_LOGS_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "API_GWV2_ACCESS_LOGS_ENABLED") end |
.API_GWV2_AUTHORIZATION_TYPE_CONFIGURED ⇒ String
Checks if Amazon API Gatewayv2 API routes have an authorization type set.
135 136 137 |
# File 'config/managed_rule_identifiers.rb', line 135 def self.API_GWV2_AUTHORIZATION_TYPE_CONFIGURED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "API_GWV2_AUTHORIZATION_TYPE_CONFIGURED") end |
.APPROVED_AMIS_BY_ID ⇒ String
Checks whether running instances are using specified AMIs.
143 144 145 |
# File 'config/managed_rule_identifiers.rb', line 143 def self.APPROVED_AMIS_BY_ID() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "APPROVED_AMIS_BY_ID") end |
.APPROVED_AMIS_BY_TAG ⇒ String
Checks whether running instances are using specified AMIs.
151 152 153 |
# File 'config/managed_rule_identifiers.rb', line 151 def self.APPROVED_AMIS_BY_TAG() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "APPROVED_AMIS_BY_TAG") end |
.AURORA_LAST_BACKUP_RECOVERY_POINT_CREATED ⇒ String
Checks if a recovery point was created for Amazon Aurora DB clusters.
159 160 161 |
# File 'config/managed_rule_identifiers.rb', line 159 def self.AURORA_LAST_BACKUP_RECOVERY_POINT_CREATED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "AURORA_LAST_BACKUP_RECOVERY_POINT_CREATED") end |
.AURORA_MYSQL_BACKTRACKING_ENABLED ⇒ String
Checks if an Amazon Aurora MySQL cluster has backtracking enabled.
167 168 169 |
# File 'config/managed_rule_identifiers.rb', line 167 def self.AURORA_MYSQL_BACKTRACKING_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "AURORA_MYSQL_BACKTRACKING_ENABLED") end |
.AURORA_RESOURCES_PROTECTED_BY_BACKUP_PLAN ⇒ String
Checks if Amazon Aurora DB clusters are protected by a backup plan.
175 176 177 |
# File 'config/managed_rule_identifiers.rb', line 175 def self.AURORA_RESOURCES_PROTECTED_BY_BACKUP_PLAN() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "AURORA_RESOURCES_PROTECTED_BY_BACKUP_PLAN") end |
.AUTOSCALING_CAPACITY_REBALANCING ⇒ String
Checks if Capacity Rebalancing is enabled for Amazon EC2 Auto Scaling groups that use multiple instance types.
183 184 185 |
# File 'config/managed_rule_identifiers.rb', line 183 def self.AUTOSCALING_CAPACITY_REBALANCING() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "AUTOSCALING_CAPACITY_REBALANCING") end |
.AUTOSCALING_GROUP_ELB_HEALTHCHECK_REQUIRED ⇒ String
Checks whether your Auto Scaling groups that are associated with a load balancer are using Elastic Load Balancing health checks.
191 192 193 |
# File 'config/managed_rule_identifiers.rb', line 191 def self.AUTOSCALING_GROUP_ELB_HEALTHCHECK_REQUIRED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "AUTOSCALING_GROUP_ELB_HEALTHCHECK_REQUIRED") end |
.AUTOSCALING_LAUNCH_CONFIG_HOP_LIMIT ⇒ String
Checks the number of network hops that the metadata token can travel.
199 200 201 |
# File 'config/managed_rule_identifiers.rb', line 199 def self.AUTOSCALING_LAUNCH_CONFIG_HOP_LIMIT() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "AUTOSCALING_LAUNCH_CONFIG_HOP_LIMIT") end |
.AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED ⇒ String
Checks if Amazon EC2 Auto Scaling groups have public IP addresses enabled through Launch Configurations.
207 208 209 |
# File 'config/managed_rule_identifiers.rb', line 207 def self.AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED") end |
.AUTOSCALING_LAUNCH_TEMPLATE ⇒ String
Checks if an Amazon Elastic Compute Cloud (EC2) Auto Scaling group is created from an EC2 launch template.
215 216 217 |
# File 'config/managed_rule_identifiers.rb', line 215 def self.AUTOSCALING_LAUNCH_TEMPLATE() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "AUTOSCALING_LAUNCH_TEMPLATE") end |
.AUTOSCALING_LAUNCHCONFIG_REQUIRES_IMDSV2 ⇒ String
Checks whether only IMDSv2 is enabled.
223 224 225 |
# File 'config/managed_rule_identifiers.rb', line 223 def self.AUTOSCALING_LAUNCHCONFIG_REQUIRES_IMDSV2() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "AUTOSCALING_LAUNCHCONFIG_REQUIRES_IMDSV2") end |
.AUTOSCALING_MULTIPLE_AZ ⇒ String
Checks if the Auto Scaling group spans multiple Availability Zones.
231 232 233 |
# File 'config/managed_rule_identifiers.rb', line 231 def self.AUTOSCALING_MULTIPLE_AZ() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "AUTOSCALING_MULTIPLE_AZ") end |
.AUTOSCALING_MULTIPLE_INSTANCE_TYPES ⇒ String
Checks if an Amazon Elastic Compute Cloud (Amazon EC2) Auto Scaling group uses multiple instance types.
239 240 241 |
# File 'config/managed_rule_identifiers.rb', line 239 def self.AUTOSCALING_MULTIPLE_INSTANCE_TYPES() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "AUTOSCALING_MULTIPLE_INSTANCE_TYPES") end |
.BACKUP_PLAN_MIN_FREQUENCY_AND_MIN_RETENTION_CHECK ⇒ String
Checks if a backup plan has a backup rule that satisfies the required frequency and retention period.
247 248 249 |
# File 'config/managed_rule_identifiers.rb', line 247 def self.BACKUP_PLAN_MIN_FREQUENCY_AND_MIN_RETENTION_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "BACKUP_PLAN_MIN_FREQUENCY_AND_MIN_RETENTION_CHECK") end |
.BACKUP_RECOVERY_POINT_ENCRYPTED ⇒ String
Checks if a recovery point is encrypted.
255 256 257 |
# File 'config/managed_rule_identifiers.rb', line 255 def self.BACKUP_RECOVERY_POINT_ENCRYPTED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "BACKUP_RECOVERY_POINT_ENCRYPTED") end |
.BACKUP_RECOVERY_POINT_MANUAL_DELETION_DISABLED ⇒ String
Checks if a backup vault has an attached resource-based policy which prevents deletion of recovery points.
263 264 265 |
# File 'config/managed_rule_identifiers.rb', line 263 def self.BACKUP_RECOVERY_POINT_MANUAL_DELETION_DISABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "BACKUP_RECOVERY_POINT_MANUAL_DELETION_DISABLED") end |
.BACKUP_RECOVERY_POINT_MINIMUM_RETENTION_CHECK ⇒ String
Checks if a recovery point expires no earlier than after the specified period.
271 272 273 |
# File 'config/managed_rule_identifiers.rb', line 271 def self.BACKUP_RECOVERY_POINT_MINIMUM_RETENTION_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "BACKUP_RECOVERY_POINT_MINIMUM_RETENTION_CHECK") end |
.BEANSTALK_ENHANCED_HEALTH_REPORTING_ENABLED ⇒ String
Checks if an AWS Elastic Beanstalk environment is configured for enhanced health reporting.
279 280 281 |
# File 'config/managed_rule_identifiers.rb', line 279 def self.BEANSTALK_ENHANCED_HEALTH_REPORTING_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "BEANSTALK_ENHANCED_HEALTH_REPORTING_ENABLED") end |
.CLB_DESYNC_MODE_CHECK ⇒ String
Checks if Classic Load Balancers (CLB) are configured with a user defined Desync mitigation mode.
287 288 289 |
# File 'config/managed_rule_identifiers.rb', line 287 def self.CLB_DESYNC_MODE_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLB_DESYNC_MODE_CHECK") end |
.CLB_MULTIPLE_AZ ⇒ String
Checks if a Classic Load Balancer spans multiple Availability Zones (AZs).
295 296 297 |
# File 'config/managed_rule_identifiers.rb', line 295 def self.CLB_MULTIPLE_AZ() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLB_MULTIPLE_AZ") end |
.CLOUD_TRAIL_CLOUD_WATCH_LOGS_ENABLED ⇒ String
Checks whether AWS CloudTrail trails are configured to send logs to Amazon CloudWatch Logs.
303 304 305 |
# File 'config/managed_rule_identifiers.rb', line 303 def self.CLOUD_TRAIL_CLOUD_WATCH_LOGS_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUD_TRAIL_CLOUD_WATCH_LOGS_ENABLED") end |
.CLOUD_TRAIL_ENABLED ⇒ String
Checks whether AWS CloudTrail is enabled in your AWS account.
311 312 313 |
# File 'config/managed_rule_identifiers.rb', line 311 def self.CLOUD_TRAIL_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUD_TRAIL_ENABLED") end |
.CLOUD_TRAIL_ENCRYPTION_ENABLED ⇒ String
Checks whether AWS CloudTrail is configured to use the server side encryption (SSE) AWS Key Management Service (AWS KMS) customer master key (CMK) encryption.
319 320 321 |
# File 'config/managed_rule_identifiers.rb', line 319 def self.CLOUD_TRAIL_ENCRYPTION_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUD_TRAIL_ENCRYPTION_ENABLED") end |
.CLOUD_TRAIL_LOG_FILE_VALIDATION_ENABLED ⇒ String
Checks whether AWS CloudTrail creates a signed digest file with logs.
327 328 329 |
# File 'config/managed_rule_identifiers.rb', line 327 def self.CLOUD_TRAIL_LOG_FILE_VALIDATION_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUD_TRAIL_LOG_FILE_VALIDATION_ENABLED") end |
.CLOUDFORMATION_STACK_DRIFT_DETECTION_CHECK ⇒ String
Checks whether an AWS CloudFormation stack's actual configuration differs, or has drifted, from its expected configuration.
335 336 337 |
# File 'config/managed_rule_identifiers.rb', line 335 def self.CLOUDFORMATION_STACK_DRIFT_DETECTION_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUDFORMATION_STACK_DRIFT_DETECTION_CHECK") end |
.CLOUDFORMATION_STACK_NOTIFICATION_CHECK ⇒ String
Checks whether your CloudFormation stacks are sending event notifications to an SNS topic.
343 344 345 |
# File 'config/managed_rule_identifiers.rb', line 343 def self.CLOUDFORMATION_STACK_NOTIFICATION_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUDFORMATION_STACK_NOTIFICATION_CHECK") end |
.CLOUDFRONT_ACCESSLOGS_ENABLED ⇒ String
Checks if Amazon CloudFront distributions are configured to capture information from Amazon Simple Storage Service (Amazon S3) server access logs.
351 352 353 |
# File 'config/managed_rule_identifiers.rb', line 351 def self.CLOUDFRONT_ACCESSLOGS_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUDFRONT_ACCESSLOGS_ENABLED") end |
.CLOUDFRONT_ASSOCIATED_WITH_WAF ⇒ String
Checks if Amazon CloudFront distributions are associated with either WAF or WAFv2 web access control lists (ACLs).
359 360 361 |
# File 'config/managed_rule_identifiers.rb', line 359 def self.CLOUDFRONT_ASSOCIATED_WITH_WAF() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUDFRONT_ASSOCIATED_WITH_WAF") end |
.CLOUDFRONT_CUSTOM_SSL_CERTIFICATE ⇒ String
Checks if the certificate associated with an Amazon CloudFront distribution is the default Secure Sockets Layer (SSL) certificate.
367 368 369 |
# File 'config/managed_rule_identifiers.rb', line 367 def self.CLOUDFRONT_CUSTOM_SSL_CERTIFICATE() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUDFRONT_CUSTOM_SSL_CERTIFICATE") end |
.CLOUDFRONT_DEFAULT_ROOT_OBJECT_CONFIGURED ⇒ String
Checks if an Amazon CloudFront distribution is configured to return a specific object that is the default root object.
375 376 377 |
# File 'config/managed_rule_identifiers.rb', line 375 def self.CLOUDFRONT_DEFAULT_ROOT_OBJECT_CONFIGURED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUDFRONT_DEFAULT_ROOT_OBJECT_CONFIGURED") end |
.CLOUDFRONT_NO_DEPRECATED_SSL_PROTOCOLS ⇒ String
Checks if CloudFront distributions are using deprecated SSL protocols for HTTPS communication between CloudFront edge locations and custom origins.
383 384 385 |
# File 'config/managed_rule_identifiers.rb', line 383 def self.CLOUDFRONT_NO_DEPRECATED_SSL_PROTOCOLS() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUDFRONT_NO_DEPRECATED_SSL_PROTOCOLS") end |
.CLOUDFRONT_ORIGIN_ACCESS_IDENTITY_ENABLED ⇒ String
Checks that Amazon CloudFront distribution with Amazon S3 Origin type has Origin Access Identity (OAI) configured.
391 392 393 |
# File 'config/managed_rule_identifiers.rb', line 391 def self.CLOUDFRONT_ORIGIN_ACCESS_IDENTITY_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUDFRONT_ORIGIN_ACCESS_IDENTITY_ENABLED") end |
.CLOUDFRONT_ORIGIN_FAILOVER_ENABLED ⇒ String
Checks whether an origin group is configured for the distribution of at least 2 origins in the origin group for Amazon CloudFront.
399 400 401 |
# File 'config/managed_rule_identifiers.rb', line 399 def self.CLOUDFRONT_ORIGIN_FAILOVER_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUDFRONT_ORIGIN_FAILOVER_ENABLED") end |
.CLOUDFRONT_SECURITY_POLICY_CHECK ⇒ String
Checks if Amazon CloudFront distributions are using a minimum security policy and cipher suite of TLSv1.2 or greater for viewer connections.
407 408 409 |
# File 'config/managed_rule_identifiers.rb', line 407 def self.CLOUDFRONT_SECURITY_POLICY_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUDFRONT_SECURITY_POLICY_CHECK") end |
.CLOUDFRONT_SNI_ENABLED ⇒ String
Checks if Amazon CloudFront distributions are using a custom SSL certificate and are configured to use SNI to serve HTTPS requests.
415 416 417 |
# File 'config/managed_rule_identifiers.rb', line 415 def self.CLOUDFRONT_SNI_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUDFRONT_SNI_ENABLED") end |
.CLOUDFRONT_TRAFFIC_TO_ORIGIN_ENCRYPTED ⇒ String
Checks if Amazon CloudFront distributions are encrypting traffic to custom origins.
423 424 425 |
# File 'config/managed_rule_identifiers.rb', line 423 def self.CLOUDFRONT_TRAFFIC_TO_ORIGIN_ENCRYPTED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUDFRONT_TRAFFIC_TO_ORIGIN_ENCRYPTED") end |
.CLOUDFRONT_VIEWER_POLICY_HTTPS ⇒ String
Checks whether your Amazon CloudFront distributions use HTTPS (directly or via a redirection).
431 432 433 |
# File 'config/managed_rule_identifiers.rb', line 431 def self.CLOUDFRONT_VIEWER_POLICY_HTTPS() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUDFRONT_VIEWER_POLICY_HTTPS") end |
.CLOUDTRAIL_MULTI_REGION_ENABLED ⇒ String
Checks that there is at least one multi-region AWS CloudTrail.
439 440 441 |
# File 'config/managed_rule_identifiers.rb', line 439 def self.CLOUDTRAIL_MULTI_REGION_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUDTRAIL_MULTI_REGION_ENABLED") end |
.CLOUDTRAIL_S3_DATAEVENTS_ENABLED ⇒ String
Checks whether at least one AWS CloudTrail trail is logging Amazon S3 data events for all S3 buckets.
447 448 449 |
# File 'config/managed_rule_identifiers.rb', line 447 def self.CLOUDTRAIL_S3_DATAEVENTS_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUDTRAIL_S3_DATAEVENTS_ENABLED") end |
.CLOUDTRAIL_SECURITY_TRAIL_ENABLED ⇒ String
Checks that there is at least one AWS CloudTrail trail defined with security best practices.
455 456 457 |
# File 'config/managed_rule_identifiers.rb', line 455 def self.CLOUDTRAIL_SECURITY_TRAIL_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUDTRAIL_SECURITY_TRAIL_ENABLED") end |
.CLOUDWATCH_ALARM_ACTION_CHECK ⇒ String
Checks whether CloudWatch alarms have at least one alarm action, one INSUFFICIENT_DATA action, or one OK action enabled.
463 464 465 |
# File 'config/managed_rule_identifiers.rb', line 463 def self.CLOUDWATCH_ALARM_ACTION_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUDWATCH_ALARM_ACTION_CHECK") end |
.CLOUDWATCH_ALARM_ACTION_ENABLED_CHECK ⇒ String
Checks if Amazon CloudWatch alarms actions are in enabled state.
471 472 473 |
# File 'config/managed_rule_identifiers.rb', line 471 def self.CLOUDWATCH_ALARM_ACTION_ENABLED_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUDWATCH_ALARM_ACTION_ENABLED_CHECK") end |
.CLOUDWATCH_ALARM_RESOURCE_CHECK ⇒ String
Checks whether the specified resource type has a CloudWatch alarm for the specified metric.
479 480 481 |
# File 'config/managed_rule_identifiers.rb', line 479 def self.CLOUDWATCH_ALARM_RESOURCE_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUDWATCH_ALARM_RESOURCE_CHECK") end |
.CLOUDWATCH_ALARM_SETTINGS_CHECK ⇒ String
Checks whether CloudWatch alarms with the given metric name have the specified settings.
487 488 489 |
# File 'config/managed_rule_identifiers.rb', line 487 def self.CLOUDWATCH_ALARM_SETTINGS_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUDWATCH_ALARM_SETTINGS_CHECK") end |
.CLOUDWATCH_LOG_GROUP_ENCRYPTED ⇒ String
Checks whether a log group in Amazon CloudWatch Logs is encrypted with a AWS Key Management Service (KMS) managed Customer Master Keys (CMK).
495 496 497 |
# File 'config/managed_rule_identifiers.rb', line 495 def self.CLOUDWATCH_LOG_GROUP_ENCRYPTED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CLOUDWATCH_LOG_GROUP_ENCRYPTED") end |
.CMK_BACKING_KEY_ROTATION_ENABLED ⇒ String
Checks that key rotation is enabled for each key and matches to the key ID of the customer created customer master key (CMK).
503 504 505 |
# File 'config/managed_rule_identifiers.rb', line 503 def self.CMK_BACKING_KEY_ROTATION_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CMK_BACKING_KEY_ROTATION_ENABLED") end |
.CODEBUILD_PROJECT_ARTIFACT_ENCRYPTION ⇒ String
Checks if an AWS CodeBuild project has encryption enabled for all of its artifacts.
511 512 513 |
# File 'config/managed_rule_identifiers.rb', line 511 def self.CODEBUILD_PROJECT_ARTIFACT_ENCRYPTION() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CODEBUILD_PROJECT_ARTIFACT_ENCRYPTION") end |
.CODEBUILD_PROJECT_ENVIRONMENT_PRIVILEGED_CHECK ⇒ String
Checks if an AWS CodeBuild project environment has privileged mode enabled.
519 520 521 |
# File 'config/managed_rule_identifiers.rb', line 519 def self.CODEBUILD_PROJECT_ENVIRONMENT_PRIVILEGED_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CODEBUILD_PROJECT_ENVIRONMENT_PRIVILEGED_CHECK") end |
.CODEBUILD_PROJECT_ENVVAR_AWSCRED_CHECK ⇒ String
Checks whether the project contains environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY.
527 528 529 |
# File 'config/managed_rule_identifiers.rb', line 527 def self.CODEBUILD_PROJECT_ENVVAR_AWSCRED_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CODEBUILD_PROJECT_ENVVAR_AWSCRED_CHECK") end |
.CODEBUILD_PROJECT_LOGGING_ENABLED ⇒ String
Checks if an AWS CodeBuild project environment has at least one log option enabled.
535 536 537 |
# File 'config/managed_rule_identifiers.rb', line 535 def self.CODEBUILD_PROJECT_LOGGING_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CODEBUILD_PROJECT_LOGGING_ENABLED") end |
.CODEBUILD_PROJECT_S3_LOGS_ENCRYPTED ⇒ String
Checks if a AWS CodeBuild project configured with Amazon S3 Logs has encryption enabled for its logs.
543 544 545 |
# File 'config/managed_rule_identifiers.rb', line 543 def self.CODEBUILD_PROJECT_S3_LOGS_ENCRYPTED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CODEBUILD_PROJECT_S3_LOGS_ENCRYPTED") end |
.CODEBUILD_PROJECT_SOURCE_REPO_URL_CHECK ⇒ String
Checks whether the GitHub or Bitbucket source repository URL contains either personal access tokens or user name and password.
551 552 553 |
# File 'config/managed_rule_identifiers.rb', line 551 def self.CODEBUILD_PROJECT_SOURCE_REPO_URL_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CODEBUILD_PROJECT_SOURCE_REPO_URL_CHECK") end |
.CODEDEPLOY_AUTO_ROLLBACK_MONITOR_ENABLED ⇒ String
Checks if the deployment group is configured with automatic deployment rollback and deployment monitoring with alarms attached.
559 560 561 |
# File 'config/managed_rule_identifiers.rb', line 559 def self.CODEDEPLOY_AUTO_ROLLBACK_MONITOR_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CODEDEPLOY_AUTO_ROLLBACK_MONITOR_ENABLED") end |
.CODEDEPLOY_EC2_MINIMUM_HEALTHY_HOSTS_CONFIGURED ⇒ String
Checks if the deployment group for EC2/On-Premises Compute Platform is configured with a minimum healthy hosts fleet percentage or host count greater than or equal to the input threshold.
567 568 569 |
# File 'config/managed_rule_identifiers.rb', line 567 def self.CODEDEPLOY_EC2_MINIMUM_HEALTHY_HOSTS_CONFIGURED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CODEDEPLOY_EC2_MINIMUM_HEALTHY_HOSTS_CONFIGURED") end |
.CODEDEPLOY_LAMBDA_ALLATONCE_TRAFFIC_SHIFT_DISABLED ⇒ String
Checks if the deployment group for Lambda Compute Platform is not using the default deployment configuration.
575 576 577 |
# File 'config/managed_rule_identifiers.rb', line 575 def self.CODEDEPLOY_LAMBDA_ALLATONCE_TRAFFIC_SHIFT_DISABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CODEDEPLOY_LAMBDA_ALLATONCE_TRAFFIC_SHIFT_DISABLED") end |
.CODEPIPELINE_DEPLOYMENT_COUNT_CHECK ⇒ String
Checks whether the first deployment stage of the AWS CodePipeline performs more than one deployment.
583 584 585 |
# File 'config/managed_rule_identifiers.rb', line 583 def self.CODEPIPELINE_DEPLOYMENT_COUNT_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CODEPIPELINE_DEPLOYMENT_COUNT_CHECK") end |
.CODEPIPELINE_REGION_FANOUT_CHECK ⇒ String
Checks whether each stage in the AWS CodePipeline deploys to more than N times the number of the regions the AWS CodePipeline has deployed in all the previous combined stages, where N is the region fanout number.
591 592 593 |
# File 'config/managed_rule_identifiers.rb', line 591 def self.CODEPIPELINE_REGION_FANOUT_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CODEPIPELINE_REGION_FANOUT_CHECK") end |
.CW_LOGGROUP_RETENTION_PERIOD_CHECK ⇒ String
Checks whether Amazon CloudWatch LogGroup retention period is set to specific number of days.
599 600 601 |
# File 'config/managed_rule_identifiers.rb', line 599 def self.CW_LOGGROUP_RETENTION_PERIOD_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "CW_LOGGROUP_RETENTION_PERIOD_CHECK") end |
.DAX_ENCRYPTION_ENABLED ⇒ String
Checks that DynamoDB Accelerator (DAX) clusters are encrypted.
607 608 609 |
# File 'config/managed_rule_identifiers.rb', line 607 def self.DAX_ENCRYPTION_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "DAX_ENCRYPTION_ENABLED") end |
.DMS_REPLICATION_NOT_PUBLIC ⇒ String
Checks whether AWS Database Migration Service replication instances are public.
615 616 617 |
# File 'config/managed_rule_identifiers.rb', line 615 def self.DMS_REPLICATION_NOT_PUBLIC() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "DMS_REPLICATION_NOT_PUBLIC") end |
.DYNAMODB_AUTOSCALING_ENABLED ⇒ String
Checks whether Auto Scaling or On-Demand is enabled on your DynamoDB tables and/or global secondary indexes.
623 624 625 |
# File 'config/managed_rule_identifiers.rb', line 623 def self.DYNAMODB_AUTOSCALING_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "DYNAMODB_AUTOSCALING_ENABLED") end |
.DYNAMODB_IN_BACKUP_PLAN ⇒ String
Checks whether Amazon DynamoDB table is present in AWS Backup plans.
631 632 633 |
# File 'config/managed_rule_identifiers.rb', line 631 def self.DYNAMODB_IN_BACKUP_PLAN() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "DYNAMODB_IN_BACKUP_PLAN") end |
.DYNAMODB_LAST_BACKUP_RECOVERY_POINT_CREATED ⇒ String
Checks if a recovery point was created for Amazon DynamoDB Tables within the specified period.
639 640 641 |
# File 'config/managed_rule_identifiers.rb', line 639 def self.DYNAMODB_LAST_BACKUP_RECOVERY_POINT_CREATED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "DYNAMODB_LAST_BACKUP_RECOVERY_POINT_CREATED") end |
.DYNAMODB_PITR_ENABLED ⇒ String
Checks that point in time recovery (PITR) is enabled for Amazon DynamoDB tables.
647 648 649 |
# File 'config/managed_rule_identifiers.rb', line 647 def self.DYNAMODB_PITR_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "DYNAMODB_PITR_ENABLED") end |
.DYNAMODB_RESOURCES_PROTECTED_BY_BACKUP_PLAN ⇒ String
Checks if Amazon DynamoDB tables are protected by a backup plan.
655 656 657 |
# File 'config/managed_rule_identifiers.rb', line 655 def self.DYNAMODB_RESOURCES_PROTECTED_BY_BACKUP_PLAN() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "DYNAMODB_RESOURCES_PROTECTED_BY_BACKUP_PLAN") end |
.DYNAMODB_TABLE_ENCRYPTED_KMS ⇒ String
Checks whether Amazon DynamoDB table is encrypted with AWS Key Management Service (KMS).
663 664 665 |
# File 'config/managed_rule_identifiers.rb', line 663 def self.DYNAMODB_TABLE_ENCRYPTED_KMS() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "DYNAMODB_TABLE_ENCRYPTED_KMS") end |
.DYNAMODB_TABLE_ENCRYPTION_ENABLED ⇒ String
Checks whether the Amazon DynamoDB tables are encrypted and checks their status.
671 672 673 |
# File 'config/managed_rule_identifiers.rb', line 671 def self.DYNAMODB_TABLE_ENCRYPTION_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "DYNAMODB_TABLE_ENCRYPTION_ENABLED") end |
.DYNAMODB_THROUGHPUT_LIMIT_CHECK ⇒ String
Checks whether provisioned DynamoDB throughput is approaching the maximum limit for your account.
679 680 681 |
# File 'config/managed_rule_identifiers.rb', line 679 def self.DYNAMODB_THROUGHPUT_LIMIT_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "DYNAMODB_THROUGHPUT_LIMIT_CHECK") end |
.EBS_ENCRYPTED_VOLUMES ⇒ String
Checks whether the EBS volumes that are in an attached state are encrypted.
687 688 689 |
# File 'config/managed_rule_identifiers.rb', line 687 def self.EBS_ENCRYPTED_VOLUMES() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EBS_ENCRYPTED_VOLUMES") end |
.EBS_IN_BACKUP_PLAN ⇒ String
Checks if Amazon Elastic Block Store (Amazon EBS) volumes are added in backup plans of AWS Backup.
695 696 697 |
# File 'config/managed_rule_identifiers.rb', line 695 def self.EBS_IN_BACKUP_PLAN() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EBS_IN_BACKUP_PLAN") end |
.EBS_OPTIMIZED_INSTANCE ⇒ String
Checks whether EBS optimization is enabled for your EC2 instances that can be EBS-optimized.
703 704 705 |
# File 'config/managed_rule_identifiers.rb', line 703 def self.EBS_OPTIMIZED_INSTANCE() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EBS_OPTIMIZED_INSTANCE") end |
.EBS_RESOURCES_PROTECTED_BY_BACKUP_PLAN ⇒ String
Checks if Amazon Elastic Block Store (Amazon EBS) volumes are protected by a backup plan.
711 712 713 |
# File 'config/managed_rule_identifiers.rb', line 711 def self.EBS_RESOURCES_PROTECTED_BY_BACKUP_PLAN() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EBS_RESOURCES_PROTECTED_BY_BACKUP_PLAN") end |
.EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK ⇒ String
Checks whether Amazon Elastic Block Store snapshots are not publicly restorable.
719 720 721 |
# File 'config/managed_rule_identifiers.rb', line 719 def self.EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK") end |
.EC2_DESIRED_INSTANCE_TENANCY ⇒ String
Checks instances for specified tenancy.
727 728 729 |
# File 'config/managed_rule_identifiers.rb', line 727 def self.EC2_DESIRED_INSTANCE_TENANCY() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_DESIRED_INSTANCE_TENANCY") end |
.EC2_DESIRED_INSTANCE_TYPE ⇒ String
Checks whether your EC2 instances are of the specified instance types.
735 736 737 |
# File 'config/managed_rule_identifiers.rb', line 735 def self.EC2_DESIRED_INSTANCE_TYPE() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_DESIRED_INSTANCE_TYPE") end |
.EC2_EBS_ENCRYPTION_BY_DEFAULT ⇒ String
Check that Amazon Elastic Block Store (EBS) encryption is enabled by default.
743 744 745 |
# File 'config/managed_rule_identifiers.rb', line 743 def self.EC2_EBS_ENCRYPTION_BY_DEFAULT() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_EBS_ENCRYPTION_BY_DEFAULT") end |
.EC2_IMDSV2_CHECK ⇒ String
Checks whether your Amazon Elastic Compute Cloud (Amazon EC2) instance metadata version is configured with Instance Metadata Service Version 2 (IMDSv2).
751 752 753 |
# File 'config/managed_rule_identifiers.rb', line 751 def self.EC2_IMDSV2_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_IMDSV2_CHECK") end |
.EC2_INSTANCE_DETAILED_MONITORING_ENABLED ⇒ String
Checks whether detailed monitoring is enabled for EC2 instances.
759 760 761 |
# File 'config/managed_rule_identifiers.rb', line 759 def self.EC2_INSTANCE_DETAILED_MONITORING_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_INSTANCE_DETAILED_MONITORING_ENABLED") end |
.EC2_INSTANCE_MANAGED_BY_SSM ⇒ String
Checks whether the Amazon EC2 instances in your account are managed by AWS Systems Manager.
767 768 769 |
# File 'config/managed_rule_identifiers.rb', line 767 def self.EC2_INSTANCE_MANAGED_BY_SSM() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_INSTANCE_MANAGED_BY_SSM") end |
.EC2_INSTANCE_MULTIPLE_ENI_CHECK ⇒ String
Checks if Amazon Elastic Compute Cloud (Amazon EC2) uses multiple ENIs (Elastic Network Interfaces) or Elastic Fabric Adapters (EFAs).
775 776 777 |
# File 'config/managed_rule_identifiers.rb', line 775 def self.EC2_INSTANCE_MULTIPLE_ENI_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_INSTANCE_MULTIPLE_ENI_CHECK") end |
.EC2_INSTANCE_NO_PUBLIC_IP ⇒ String
Checks whether Amazon Elastic Compute Cloud (Amazon EC2) instances have a public IP association.
783 784 785 |
# File 'config/managed_rule_identifiers.rb', line 783 def self.EC2_INSTANCE_NO_PUBLIC_IP() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_INSTANCE_NO_PUBLIC_IP") end |
.EC2_INSTANCE_PROFILE_ATTACHED ⇒ String
Checks if an Amazon Elastic Compute Cloud (Amazon EC2) instance has an Identity and Access Management (IAM) profile attached to it.
This rule is NON_COMPLIANT if no IAM profile is attached to the Amazon EC2 instance.
794 795 796 |
# File 'config/managed_rule_identifiers.rb', line 794 def self.EC2_INSTANCE_PROFILE_ATTACHED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_INSTANCE_PROFILE_ATTACHED") end |
.EC2_INSTANCES_IN_VPC ⇒ String
Checks whether your EC2 instances belong to a virtual private cloud (VPC).
802 803 804 |
# File 'config/managed_rule_identifiers.rb', line 802 def self.EC2_INSTANCES_IN_VPC() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_INSTANCES_IN_VPC") end |
.EC2_LAST_BACKUP_RECOVERY_POINT_CREATED ⇒ String
Checks if a recovery point was created for Amazon Elastic Compute Cloud (Amazon EC2) instances.
810 811 812 |
# File 'config/managed_rule_identifiers.rb', line 810 def self.EC2_LAST_BACKUP_RECOVERY_POINT_CREATED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_LAST_BACKUP_RECOVERY_POINT_CREATED") end |
.EC2_MANAGED_INSTANCE_APPLICATIONS_BLOCKED ⇒ String
Checks that none of the specified applications are installed on the instance.
818 819 820 |
# File 'config/managed_rule_identifiers.rb', line 818 def self.EC2_MANAGED_INSTANCE_APPLICATIONS_BLOCKED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_MANAGED_INSTANCE_APPLICATIONS_BLOCKED") end |
.EC2_MANAGED_INSTANCE_APPLICATIONS_REQUIRED ⇒ String
Checks whether all of the specified applications are installed on the instance.
826 827 828 |
# File 'config/managed_rule_identifiers.rb', line 826 def self.EC2_MANAGED_INSTANCE_APPLICATIONS_REQUIRED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_MANAGED_INSTANCE_APPLICATIONS_REQUIRED") end |
.EC2_MANAGED_INSTANCE_ASSOCIATION_COMPLIANCE_STATUS_CHECK ⇒ String
Checks whether the compliance status of AWS Systems Manager association compliance is COMPLIANT or NON_COMPLIANT after the association execution on the instance.
834 835 836 |
# File 'config/managed_rule_identifiers.rb', line 834 def self.EC2_MANAGED_INSTANCE_ASSOCIATION_COMPLIANCE_STATUS_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_MANAGED_INSTANCE_ASSOCIATION_COMPLIANCE_STATUS_CHECK") end |
.EC2_MANAGED_INSTANCE_INVENTORY_BLOCKED ⇒ String
Checks whether instances managed by AWS Systems Manager are configured to collect blocked inventory types.
842 843 844 |
# File 'config/managed_rule_identifiers.rb', line 842 def self.EC2_MANAGED_INSTANCE_INVENTORY_BLOCKED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_MANAGED_INSTANCE_INVENTORY_BLOCKED") end |
.EC2_MANAGED_INSTANCE_PATCH_COMPLIANCE_STATUS_CHECK ⇒ String
Checks whether the compliance status of the Amazon EC2 Systems Manager patch compliance is COMPLIANT or NON_COMPLIANT after the patch installation on the instance.
850 851 852 |
# File 'config/managed_rule_identifiers.rb', line 850 def self.EC2_MANAGED_INSTANCE_PATCH_COMPLIANCE_STATUS_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_MANAGED_INSTANCE_PATCH_COMPLIANCE_STATUS_CHECK") end |
.EC2_MANAGED_INSTANCE_PLATFORM_CHECK ⇒ String
Checks whether EC2 managed instances have the desired configurations.
858 859 860 |
# File 'config/managed_rule_identifiers.rb', line 858 def self.EC2_MANAGED_INSTANCE_PLATFORM_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_MANAGED_INSTANCE_PLATFORM_CHECK") end |
.EC2_NO_AMAZON_KEY_PAIR ⇒ String
Checks if running Amazon Elastic Compute Cloud (EC2) instances are launched using amazon key pairs.
866 867 868 |
# File 'config/managed_rule_identifiers.rb', line 866 def self.EC2_NO_AMAZON_KEY_PAIR() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_NO_AMAZON_KEY_PAIR") end |
.EC2_PARAVIRTUAL_INSTANCE_CHECK ⇒ String
Checks if the virtualization type of an EC2 instance is paravirtual.
874 875 876 |
# File 'config/managed_rule_identifiers.rb', line 874 def self.EC2_PARAVIRTUAL_INSTANCE_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_PARAVIRTUAL_INSTANCE_CHECK") end |
.EC2_RESOURCES_PROTECTED_BY_BACKUP_PLAN ⇒ String
Checks if Amazon Elastic Compute Cloud (Amazon EC2) instances are protected by a backup plan.
882 883 884 |
# File 'config/managed_rule_identifiers.rb', line 882 def self.EC2_RESOURCES_PROTECTED_BY_BACKUP_PLAN() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_RESOURCES_PROTECTED_BY_BACKUP_PLAN") end |
.EC2_SECURITY_GROUP_ATTACHED_TO_ENI ⇒ String
Checks that security groups are attached to Amazon Elastic Compute Cloud (Amazon EC2) instances or to an elastic network interface.
890 891 892 |
# File 'config/managed_rule_identifiers.rb', line 890 def self.EC2_SECURITY_GROUP_ATTACHED_TO_ENI() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_SECURITY_GROUP_ATTACHED_TO_ENI") end |
.EC2_SECURITY_GROUP_ATTACHED_TO_ENI_PERIODIC ⇒ String
Checks if non-default security groups are attached to Elastic network interfaces (ENIs).
898 899 900 |
# File 'config/managed_rule_identifiers.rb', line 898 def self.EC2_SECURITY_GROUP_ATTACHED_TO_ENI_PERIODIC() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_SECURITY_GROUP_ATTACHED_TO_ENI_PERIODIC") end |
.EC2_SECURITY_GROUPS_INCOMING_SSH_DISABLED ⇒ String
Checks whether the incoming SSH traffic for the security groups is accessible.
906 907 908 |
# File 'config/managed_rule_identifiers.rb', line 906 def self.EC2_SECURITY_GROUPS_INCOMING_SSH_DISABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_SECURITY_GROUPS_INCOMING_SSH_DISABLED") end |
.EC2_SECURITY_GROUPS_RESTRICTED_INCOMING_TRAFFIC ⇒ String
Checks whether the security groups in use do not allow unrestricted incoming TCP traffic to the specified ports.
914 915 916 |
# File 'config/managed_rule_identifiers.rb', line 914 def self.EC2_SECURITY_GROUPS_RESTRICTED_INCOMING_TRAFFIC() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_SECURITY_GROUPS_RESTRICTED_INCOMING_TRAFFIC") end |
.EC2_STOPPED_INSTANCE ⇒ String
Checks whether there are instances stopped for more than the allowed number of days.
922 923 924 |
# File 'config/managed_rule_identifiers.rb', line 922 def self.EC2_STOPPED_INSTANCE() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_STOPPED_INSTANCE") end |
.EC2_TOKEN_HOP_LIMIT_CHECK ⇒ String
Checks if an Amazon Elastic Compute Cloud (EC2) instance metadata has a specified token hop limit that is below the desired limit.
930 931 932 |
# File 'config/managed_rule_identifiers.rb', line 930 def self.EC2_TOKEN_HOP_LIMIT_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_TOKEN_HOP_LIMIT_CHECK") end |
.EC2_TRANSIT_GATEWAY_AUTO_VPC_ATTACH_DISABLED ⇒ String
Checks if Amazon Elastic Compute Cloud (Amazon EC2) Transit Gateways have 'AutoAcceptSharedAttachments' enabled.
938 939 940 |
# File 'config/managed_rule_identifiers.rb', line 938 def self.EC2_TRANSIT_GATEWAY_AUTO_VPC_ATTACH_DISABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_TRANSIT_GATEWAY_AUTO_VPC_ATTACH_DISABLED") end |
.EC2_VOLUME_IECS_TASK_DEFINITION_USER_FOR_HOST_MODE_CHECKNUSE_CHECK ⇒ String
Checks if an Amazon Elastic Container Service (Amazon ECS) task definition with host networking mode has 'privileged' or 'user' container definitions.
946 947 948 |
# File 'config/managed_rule_identifiers.rb', line 946 def self.EC2_VOLUME_IECS_TASK_DEFINITION_USER_FOR_HOST_MODE_CHECKNUSE_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_VOLUME_IECS_TASK_DEFINITION_USER_FOR_HOST_MODE_CHECKNUSE_CHECK") end |
.EC2_VOLUME_INUSE_CHECK ⇒ String
Checks whether EBS volumes are attached to EC2 instances.
954 955 956 |
# File 'config/managed_rule_identifiers.rb', line 954 def self.EC2_VOLUME_INUSE_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EC2_VOLUME_INUSE_CHECK") end |
.ECR_PRIVATE_IMAGE_SCANNING_ENABLED ⇒ String
Checks if a private Amazon Elastic Container Registry (ECR) repository has image scanning enabled.
962 963 964 |
# File 'config/managed_rule_identifiers.rb', line 962 def self.ECR_PRIVATE_IMAGE_SCANNING_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ECR_PRIVATE_IMAGE_SCANNING_ENABLED") end |
.ECR_PRIVATE_LIFECYCLE_POLICY_CONFIGURED ⇒ String
Checks if a private Amazon Elastic Container Registry (ECR) repository has at least one lifecycle policy configured.
970 971 972 |
# File 'config/managed_rule_identifiers.rb', line 970 def self.ECR_PRIVATE_LIFECYCLE_POLICY_CONFIGURED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ECR_PRIVATE_LIFECYCLE_POLICY_CONFIGURED") end |
.ECR_PRIVATE_TAG_IMMUTABILITY_ENABLED ⇒ String
Checks if a private Amazon Elastic Container Registry (ECR) repository has tag immutability enabled.
978 979 980 |
# File 'config/managed_rule_identifiers.rb', line 978 def self.ECR_PRIVATE_TAG_IMMUTABILITY_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ECR_PRIVATE_TAG_IMMUTABILITY_ENABLED") end |
.ECS_AWSVPC_NETWORKING_ENABLED ⇒ String
Checks if the networking mode for active ECSTaskDefinitions is set to ‘awsvpc’.
986 987 988 |
# File 'config/managed_rule_identifiers.rb', line 986 def self.ECS_AWSVPC_NETWORKING_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ECS_AWSVPC_NETWORKING_ENABLED") end |
.ECS_CONTAINER_INSIGHTS_ENABLED ⇒ String
Checks if Amazon Elastic Container Service clusters have container insights enabled.
994 995 996 |
# File 'config/managed_rule_identifiers.rb', line 994 def self.ECS_CONTAINER_INSIGHTS_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ECS_CONTAINER_INSIGHTS_ENABLED") end |
.ECS_CONTAINERS_NONPRIVILEGED ⇒ String
Checks if the privileged parameter in the container definition of ECSTaskDefinitions is set to ‘true’.
1002 1003 1004 |
# File 'config/managed_rule_identifiers.rb', line 1002 def self.ECS_CONTAINERS_NONPRIVILEGED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ECS_CONTAINERS_NONPRIVILEGED") end |
.ECS_CONTAINERS_READONLY_ACCESS ⇒ String
Checks if Amazon Elastic Container Service (Amazon ECS) Containers only have read-only access to its root filesystems.
1010 1011 1012 |
# File 'config/managed_rule_identifiers.rb', line 1010 def self.ECS_CONTAINERS_READONLY_ACCESS() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ECS_CONTAINERS_READONLY_ACCESS") end |
.ECS_FARGATE_LATEST_PLATFORM_VERSION ⇒ String
Checks if Amazon Elastic Container Service (ECS) Fargate Services is running on the latest Fargate platform version.
1018 1019 1020 |
# File 'config/managed_rule_identifiers.rb', line 1018 def self.ECS_FARGATE_LATEST_PLATFORM_VERSION() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ECS_FARGATE_LATEST_PLATFORM_VERSION") end |
.ECS_NO_ENVIRONMENT_SECRETS ⇒ String
Checks if secrets are passed as container environment variables.
1026 1027 1028 |
# File 'config/managed_rule_identifiers.rb', line 1026 def self.ECS_NO_ENVIRONMENT_SECRETS() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ECS_NO_ENVIRONMENT_SECRETS") end |
.ECS_TASK_DEFINITION_LOG_CONFIGURATION ⇒ String
Checks if logConfiguration is set on active ECS Task Definitions.
1034 1035 1036 |
# File 'config/managed_rule_identifiers.rb', line 1034 def self.ECS_TASK_DEFINITION_LOG_CONFIGURATION() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ECS_TASK_DEFINITION_LOG_CONFIGURATION") end |
.ECS_TASK_DEFINITION_MEMORY_HARD_LIMIT ⇒ String
Checks if Amazon Elastic Container Service (ECS) task definitions have a set memory limit for its container definitions.
1042 1043 1044 |
# File 'config/managed_rule_identifiers.rb', line 1042 def self.ECS_TASK_DEFINITION_MEMORY_HARD_LIMIT() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ECS_TASK_DEFINITION_MEMORY_HARD_LIMIT") end |
.ECS_TASK_DEFINITION_NONROOT_USER ⇒ String
Checks if ECSTaskDefinitions specify a user for Amazon Elastic Container Service (Amazon ECS) EC2 launch type containers to run on.
1050 1051 1052 |
# File 'config/managed_rule_identifiers.rb', line 1050 def self.ECS_TASK_DEFINITION_NONROOT_USER() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ECS_TASK_DEFINITION_NONROOT_USER") end |
.ECS_TASK_DEFINITION_PID_MODE_CHECK ⇒ String
Checks if ECSTaskDefinitions are configured to share a host’s process namespace with its Amazon Elastic Container Service (Amazon ECS) containers.
1058 1059 1060 |
# File 'config/managed_rule_identifiers.rb', line 1058 def self.ECS_TASK_DEFINITION_PID_MODE_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ECS_TASK_DEFINITION_PID_MODE_CHECK") end |
.EFS_ACCESS_POINT_ENFORCE_ROOT_DIRECTORY ⇒ String
Checks if Amazon Elastic File System (Amazon EFS) access points are configured to enforce a root directory.
1066 1067 1068 |
# File 'config/managed_rule_identifiers.rb', line 1066 def self.EFS_ACCESS_POINT_ENFORCE_ROOT_DIRECTORY() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EFS_ACCESS_POINT_ENFORCE_ROOT_DIRECTORY") end |
.EFS_ACCESS_POINT_ENFORCE_USER_IDENTITY ⇒ String
Checks if Amazon Elastic File System (Amazon EFS) access points are configured to enforce a user identity.
1074 1075 1076 |
# File 'config/managed_rule_identifiers.rb', line 1074 def self.EFS_ACCESS_POINT_ENFORCE_USER_IDENTITY() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EFS_ACCESS_POINT_ENFORCE_USER_IDENTITY") end |
.EFS_ENCRYPTED_CHECK ⇒ String
hecks whether Amazon Elastic File System (Amazon EFS) is configured to encrypt the file data using AWS Key Management Service (AWS KMS).
1082 1083 1084 |
# File 'config/managed_rule_identifiers.rb', line 1082 def self.EFS_ENCRYPTED_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EFS_ENCRYPTED_CHECK") end |
.EFS_IN_BACKUP_PLAN ⇒ String
Checks whether Amazon Elastic File System (Amazon EFS) file systems are added in the backup plans of AWS Backup.
1090 1091 1092 |
# File 'config/managed_rule_identifiers.rb', line 1090 def self.EFS_IN_BACKUP_PLAN() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EFS_IN_BACKUP_PLAN") end |
.EFS_LAST_BACKUP_RECOVERY_POINT_CREATED ⇒ String
Checks if a recovery point was created for Amazon Elastic File System (Amazon EFS) File Systems.
1098 1099 1100 |
# File 'config/managed_rule_identifiers.rb', line 1098 def self.EFS_LAST_BACKUP_RECOVERY_POINT_CREATED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EFS_LAST_BACKUP_RECOVERY_POINT_CREATED") end |
.EFS_RESOURCES_PROTECTED_BY_BACKUP_PLAN ⇒ String
Checks if Amazon Elastic File System (Amazon EFS) File Systems are protected by a backup plan.
1106 1107 1108 |
# File 'config/managed_rule_identifiers.rb', line 1106 def self.EFS_RESOURCES_PROTECTED_BY_BACKUP_PLAN() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EFS_RESOURCES_PROTECTED_BY_BACKUP_PLAN") end |
.EIP_ATTACHED ⇒ String
Checks whether all Elastic IP addresses that are allocated to a VPC are attached to EC2 instances or in-use elastic network interfaces (ENIs).
1114 1115 1116 |
# File 'config/managed_rule_identifiers.rb', line 1114 def self.EIP_ATTACHED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EIP_ATTACHED") end |
.EKS_CLUSTER_OLDEST_SUPPORTED_VERSION ⇒ String
Checks if an Amazon Elastic Kubernetes Service (EKS) cluster is running the oldest supported version.
1122 1123 1124 |
# File 'config/managed_rule_identifiers.rb', line 1122 def self.EKS_CLUSTER_OLDEST_SUPPORTED_VERSION() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EKS_CLUSTER_OLDEST_SUPPORTED_VERSION") end |
.EKS_CLUSTER_SUPPORTED_VERSION ⇒ String
Checks if an Amazon Elastic Kubernetes Service (EKS) cluster is running a supported Kubernetes version.
1130 1131 1132 |
# File 'config/managed_rule_identifiers.rb', line 1130 def self.EKS_CLUSTER_SUPPORTED_VERSION() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EKS_CLUSTER_SUPPORTED_VERSION") end |
.EKS_ENDPOINT_NO_PUBLIC_ACCESS ⇒ String
Checks whether Amazon Elastic Kubernetes Service (Amazon EKS) endpoint is not publicly accessible.
1138 1139 1140 |
# File 'config/managed_rule_identifiers.rb', line 1138 def self.EKS_ENDPOINT_NO_PUBLIC_ACCESS() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EKS_ENDPOINT_NO_PUBLIC_ACCESS") end |
.EKS_SECRETS_ENCRYPTED ⇒ String
Checks whether Amazon Elastic Kubernetes Service clusters are configured to have Kubernetes secrets encrypted using AWS Key Management Service (KMS) keys.
1146 1147 1148 |
# File 'config/managed_rule_identifiers.rb', line 1146 def self.EKS_SECRETS_ENCRYPTED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EKS_SECRETS_ENCRYPTED") end |
.ELASTIC_BEANSTALK_MANAGED_UPDATES_ENABLED ⇒ String
Checks if managed platform updates in an AWS Elastic Beanstalk environment is enabled.
1154 1155 1156 |
# File 'config/managed_rule_identifiers.rb', line 1154 def self.ELASTIC_BEANSTALK_MANAGED_UPDATES_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ELASTIC_BEANSTALK_MANAGED_UPDATES_ENABLED") end |
.ELASTICACHE_REDIS_CLUSTER_AUTOMATIC_BACKUP_CHECK ⇒ String
Check if the Amazon ElastiCache Redis clusters have automatic backup turned on.
1162 1163 1164 |
# File 'config/managed_rule_identifiers.rb', line 1162 def self.ELASTICACHE_REDIS_CLUSTER_AUTOMATIC_BACKUP_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ELASTICACHE_REDIS_CLUSTER_AUTOMATIC_BACKUP_CHECK") end |
.ELASTICSEARCH_ENCRYPTED_AT_REST ⇒ String
Checks whether Amazon Elasticsearch Service (Amazon ES) domains have encryption at rest configuration enabled.
1170 1171 1172 |
# File 'config/managed_rule_identifiers.rb', line 1170 def self.ELASTICSEARCH_ENCRYPTED_AT_REST() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ELASTICSEARCH_ENCRYPTED_AT_REST") end |
.ELASTICSEARCH_IN_VPC_ONLY ⇒ String
Checks whether Amazon Elasticsearch Service (Amazon ES) domains are in Amazon Virtual Private Cloud (Amazon VPC).
1178 1179 1180 |
# File 'config/managed_rule_identifiers.rb', line 1178 def self.ELASTICSEARCH_IN_VPC_ONLY() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ELASTICSEARCH_IN_VPC_ONLY") end |
.ELASTICSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK ⇒ String
Check that Amazon ElasticSearch Service nodes are encrypted end to end.
1186 1187 1188 |
# File 'config/managed_rule_identifiers.rb', line 1186 def self.ELASTICSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ELASTICSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK") end |
.ELB_ACM_CERTIFICATE_REQUIRED ⇒ String
Checks whether the Classic Load Balancers use SSL certificates provided by AWS Certificate Manager.
1194 1195 1196 |
# File 'config/managed_rule_identifiers.rb', line 1194 def self.ELB_ACM_CERTIFICATE_REQUIRED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ELB_ACM_CERTIFICATE_REQUIRED") end |
.ELB_CROSS_ZONE_LOAD_BALANCING_ENABLED ⇒ String
Checks if cross-zone load balancing is enabled for the Classic Load Balancers (CLBs).
1202 1203 1204 |
# File 'config/managed_rule_identifiers.rb', line 1202 def self.ELB_CROSS_ZONE_LOAD_BALANCING_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ELB_CROSS_ZONE_LOAD_BALANCING_ENABLED") end |
.ELB_CUSTOM_SECURITY_POLICY_SSL_CHECK ⇒ String
Checks whether your Classic Load Balancer SSL listeners are using a custom policy.
1210 1211 1212 |
# File 'config/managed_rule_identifiers.rb', line 1210 def self.ELB_CUSTOM_SECURITY_POLICY_SSL_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ELB_CUSTOM_SECURITY_POLICY_SSL_CHECK") end |
.ELB_DELETION_PROTECTION_ENABLED ⇒ String
Checks whether Elastic Load Balancing has deletion protection enabled.
1218 1219 1220 |
# File 'config/managed_rule_identifiers.rb', line 1218 def self.ELB_DELETION_PROTECTION_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ELB_DELETION_PROTECTION_ENABLED") end |
.ELB_LOGGING_ENABLED ⇒ String
Checks whether the Application Load Balancer and the Classic Load Balancer have logging enabled.
1226 1227 1228 |
# File 'config/managed_rule_identifiers.rb', line 1226 def self.ELB_LOGGING_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ELB_LOGGING_ENABLED") end |
.ELB_PREDEFINED_SECURITY_POLICY_SSL_CHECK ⇒ String
Checks whether your Classic Load Balancer SSL listeners are using a predefined policy.
1234 1235 1236 |
# File 'config/managed_rule_identifiers.rb', line 1234 def self.ELB_PREDEFINED_SECURITY_POLICY_SSL_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ELB_PREDEFINED_SECURITY_POLICY_SSL_CHECK") end |
.ELB_TLS_HTTPS_LISTENERS_ONLY ⇒ String
Checks whether your Classic Load Balancer is configured with SSL or HTTPS listeners.
1242 1243 1244 |
# File 'config/managed_rule_identifiers.rb', line 1242 def self.ELB_TLS_HTTPS_LISTENERS_ONLY() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ELB_TLS_HTTPS_LISTENERS_ONLY") end |
.ELBV2_ACM_CERTIFICATE_REQUIRED ⇒ String
Checks if Application Load Balancers and Network Load Balancers have listeners that are configured to use certificates from AWS Certificate Manager (ACM).
1250 1251 1252 |
# File 'config/managed_rule_identifiers.rb', line 1250 def self.ELBV2_ACM_CERTIFICATE_REQUIRED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ELBV2_ACM_CERTIFICATE_REQUIRED") end |
.ELBV2_MULTIPLE_AZ ⇒ String
Checks if an Elastic Load Balancer V2 (Application, Network, or Gateway Load Balancer) has registered instances from multiple Availability Zones (AZ's).
1258 1259 1260 |
# File 'config/managed_rule_identifiers.rb', line 1258 def self.ELBV2_MULTIPLE_AZ() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ELBV2_MULTIPLE_AZ") end |
.EMR_KERBEROS_ENABLED ⇒ String
Checks that Amazon EMR clusters have Kerberos enabled.
1266 1267 1268 |
# File 'config/managed_rule_identifiers.rb', line 1266 def self.EMR_KERBEROS_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EMR_KERBEROS_ENABLED") end |
.EMR_MASTER_NO_PUBLIC_IP ⇒ String
Checks whether Amazon Elastic MapReduce (EMR) clusters' master nodes have public IPs.
1274 1275 1276 |
# File 'config/managed_rule_identifiers.rb', line 1274 def self.EMR_MASTER_NO_PUBLIC_IP() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "EMR_MASTER_NO_PUBLIC_IP") end |
.FMS_SECURITY_GROUP_AUDIT_POLICY_CHECK ⇒ String
Inactive managed rule
Checks whether the security groups associated inScope resources are compliant with the master security groups at each rule level based on allowSecurityGroup and denySecurityGroup flag.
1283 1284 1285 |
# File 'config/managed_rule_identifiers.rb', line 1283 def self.FMS_SECURITY_GROUP_AUDIT_POLICY_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "FMS_SECURITY_GROUP_AUDIT_POLICY_CHECK") end |
.FMS_SECURITY_GROUP_CONTENT_CHECK ⇒ String
Inactive managed rule
Checks whether AWS Firewall Manager created security groups content is the same as the master security groups.
1292 1293 1294 |
# File 'config/managed_rule_identifiers.rb', line 1292 def self.FMS_SECURITY_GROUP_CONTENT_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "FMS_SECURITY_GROUP_CONTENT_CHECK") end |
.FMS_SECURITY_GROUP_RESOURCE_ASSOCIATION_CHECK ⇒ String
Inactive managed rule
Checks whether Amazon EC2 or an elastic network interface is associated with AWS Firewall Manager security groups.
1301 1302 1303 |
# File 'config/managed_rule_identifiers.rb', line 1301 def self.FMS_SECURITY_GROUP_RESOURCE_ASSOCIATION_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "FMS_SECURITY_GROUP_RESOURCE_ASSOCIATION_CHECK") end |
.FMS_SHIELD_RESOURCE_POLICY_CHECK ⇒ String
Checks whether an Application Load Balancer, Amazon CloudFront distributions, Elastic Load Balancer or Elastic IP has AWS Shield protection.
1309 1310 1311 |
# File 'config/managed_rule_identifiers.rb', line 1309 def self.FMS_SHIELD_RESOURCE_POLICY_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "FMS_SHIELD_RESOURCE_POLICY_CHECK") end |
.FMS_WEBACL_RESOURCE_POLICY_CHECK ⇒ String
Checks whether the web ACL is associated with an Application Load Balancer, API Gateway stage, or Amazon CloudFront distributions.
1317 1318 1319 |
# File 'config/managed_rule_identifiers.rb', line 1317 def self.FMS_WEBACL_RESOURCE_POLICY_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "FMS_WEBACL_RESOURCE_POLICY_CHECK") end |
.FMS_WEBACL_RULEGROUP_ASSOCIATION_CHECK ⇒ String
Checks that the rule groups associate with the web ACL at the correct priority.
The correct priority is decided by the rank of the rule groups in the ruleGroups parameter.
1327 1328 1329 |
# File 'config/managed_rule_identifiers.rb', line 1327 def self.FMS_WEBACL_RULEGROUP_ASSOCIATION_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "FMS_WEBACL_RULEGROUP_ASSOCIATION_CHECK") end |
.FSX_LAST_BACKUP_RECOVERY_POINT_CREATED ⇒ String
Checks if a recovery point was created for Amazon FSx File Systems.
1335 1336 1337 |
# File 'config/managed_rule_identifiers.rb', line 1335 def self.FSX_LAST_BACKUP_RECOVERY_POINT_CREATED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "FSX_LAST_BACKUP_RECOVERY_POINT_CREATED") end |
.FSX_RESOURCES_PROTECTED_BY_BACKUP_PLAN ⇒ String
Checks if Amazon FSx File Systems are protected by a backup plan.
1343 1344 1345 |
# File 'config/managed_rule_identifiers.rb', line 1343 def self.FSX_RESOURCES_PROTECTED_BY_BACKUP_PLAN() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "FSX_RESOURCES_PROTECTED_BY_BACKUP_PLAN") end |
.GUARDDUTY_ENABLED_CENTRALIZED ⇒ String
Checks whether Amazon GuardDuty is enabled in your AWS account and region.
If you provide an AWS account for centralization, the rule evaluates the Amazon GuardDuty results in the centralized account.
1354 1355 1356 |
# File 'config/managed_rule_identifiers.rb', line 1354 def self.GUARDDUTY_ENABLED_CENTRALIZED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "GUARDDUTY_ENABLED_CENTRALIZED") end |
.GUARDDUTY_NON_ARCHIVED_FINDINGS ⇒ String
Checks whether the Amazon GuardDuty has findings that are non archived.
1362 1363 1364 |
# File 'config/managed_rule_identifiers.rb', line 1362 def self.GUARDDUTY_NON_ARCHIVED_FINDINGS() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "GUARDDUTY_NON_ARCHIVED_FINDINGS") end |
.IAM_CUSTOMER_POLICY_BLOCKED_KMS_ACTIONS ⇒ String
Checks that the managed AWS Identity and Access Management policies that you create do not allow blocked actions on all AWS AWS KMS keys.
1370 1371 1372 |
# File 'config/managed_rule_identifiers.rb', line 1370 def self.IAM_CUSTOMER_POLICY_BLOCKED_KMS_ACTIONS() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "IAM_CUSTOMER_POLICY_BLOCKED_KMS_ACTIONS") end |
.IAM_GROUP_HAS_USERS_CHECK ⇒ String
Checks whether IAM groups have at least one IAM user.
1378 1379 1380 |
# File 'config/managed_rule_identifiers.rb', line 1378 def self.IAM_GROUP_HAS_USERS_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "IAM_GROUP_HAS_USERS_CHECK") end |
.IAM_INLINE_POLICY_BLOCKED_KMS_ACTIONS ⇒ String
Checks that the inline policies attached to your AWS Identity and Access Management users, roles, and groups do not allow blocked actions on all AWS Key Management Service keys.
1386 1387 1388 |
# File 'config/managed_rule_identifiers.rb', line 1386 def self.IAM_INLINE_POLICY_BLOCKED_KMS_ACTIONS() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "IAM_INLINE_POLICY_BLOCKED_KMS_ACTIONS") end |
.IAM_NO_INLINE_POLICY_CHECK ⇒ String
Checks that inline policy feature is not in use.
1394 1395 1396 |
# File 'config/managed_rule_identifiers.rb', line 1394 def self.IAM_NO_INLINE_POLICY_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "IAM_NO_INLINE_POLICY_CHECK") end |
.IAM_PASSWORD_POLICY ⇒ String
Checks whether the account password policy for IAM users meets the specified requirements indicated in the parameters.
1402 1403 1404 |
# File 'config/managed_rule_identifiers.rb', line 1402 def self.IAM_PASSWORD_POLICY() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "IAM_PASSWORD_POLICY") end |
.IAM_POLICY_BLOCKED_CHECK ⇒ String
Checks whether for each IAM resource, a policy ARN in the input parameter is attached to the IAM resource.
1410 1411 1412 |
# File 'config/managed_rule_identifiers.rb', line 1410 def self.IAM_POLICY_BLOCKED_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "IAM_POLICY_BLOCKED_CHECK") end |
.IAM_POLICY_IN_USE ⇒ String
Checks whether the IAM policy ARN is attached to an IAM user, or an IAM group with one or more IAM users, or an IAM role with one or more trusted entity.
1418 1419 1420 |
# File 'config/managed_rule_identifiers.rb', line 1418 def self.IAM_POLICY_IN_USE() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "IAM_POLICY_IN_USE") end |
.IAM_POLICY_NO_STATEMENTS_WITH_ADMIN_ACCESS ⇒ String
Checks the IAM policies that you create for Allow statements that grant permissions to all actions on all resources.
1426 1427 1428 |
# File 'config/managed_rule_identifiers.rb', line 1426 def self.IAM_POLICY_NO_STATEMENTS_WITH_ADMIN_ACCESS() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "IAM_POLICY_NO_STATEMENTS_WITH_ADMIN_ACCESS") end |
.IAM_POLICY_NO_STATEMENTS_WITH_FULL_ACCESS ⇒ String
Checks if AWS Identity and Access Management (IAM) policies that you create grant permissions to all actions on individual AWS resources.
1434 1435 1436 |
# File 'config/managed_rule_identifiers.rb', line 1434 def self.IAM_POLICY_NO_STATEMENTS_WITH_FULL_ACCESS() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "IAM_POLICY_NO_STATEMENTS_WITH_FULL_ACCESS") end |
.IAM_ROLE_MANAGED_POLICY_CHECK ⇒ String
Checks that AWS Identity and Access Management (IAM) policies in a list of policies are attached to all AWS roles.
1442 1443 1444 |
# File 'config/managed_rule_identifiers.rb', line 1442 def self.IAM_ROLE_MANAGED_POLICY_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "IAM_ROLE_MANAGED_POLICY_CHECK") end |
.IAM_ROOT_ACCESS_KEY_CHECK ⇒ String
Checks whether the root user access key is available.
1450 1451 1452 |
# File 'config/managed_rule_identifiers.rb', line 1450 def self.IAM_ROOT_ACCESS_KEY_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "IAM_ROOT_ACCESS_KEY_CHECK") end |
.IAM_USER_GROUP_MEMBERSHIP_CHECK ⇒ String
Checks whether IAM users are members of at least one IAM group.
1458 1459 1460 |
# File 'config/managed_rule_identifiers.rb', line 1458 def self.IAM_USER_GROUP_MEMBERSHIP_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "IAM_USER_GROUP_MEMBERSHIP_CHECK") end |
.IAM_USER_MFA_ENABLED ⇒ String
Checks whether the AWS Identity and Access Management users have multi-factor authentication (MFA) enabled.
1466 1467 1468 |
# File 'config/managed_rule_identifiers.rb', line 1466 def self.IAM_USER_MFA_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "IAM_USER_MFA_ENABLED") end |
.IAM_USER_NO_POLICIES_CHECK ⇒ String
Checks that none of your IAM users have policies attached.
IAM users must inherit permissions from IAM groups or roles.
1476 1477 1478 |
# File 'config/managed_rule_identifiers.rb', line 1476 def self.IAM_USER_NO_POLICIES_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "IAM_USER_NO_POLICIES_CHECK") end |
.IAM_USER_UNUSED_CREDENTIALS_CHECK ⇒ String
Checks whether your AWS Identity and Access Management (IAM) users have passwords or active access keys that have not been used within the specified number of days you provided.
1484 1485 1486 |
# File 'config/managed_rule_identifiers.rb', line 1484 def self.IAM_USER_UNUSED_CREDENTIALS_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "IAM_USER_UNUSED_CREDENTIALS_CHECK") end |
.INTERNET_GATEWAY_AUTHORIZED_VPC_ONLY ⇒ String
Checks that Internet gateways (IGWs) are only attached to an authorized Amazon Virtual Private Cloud (VPCs).
1492 1493 1494 |
# File 'config/managed_rule_identifiers.rb', line 1492 def self.INTERNET_GATEWAY_AUTHORIZED_VPC_ONLY() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "INTERNET_GATEWAY_AUTHORIZED_VPC_ONLY") end |
.jsii_overridable_methods ⇒ Object
14 15 16 17 |
# File 'config/managed_rule_identifiers.rb', line 14 def self.jsii_overridable_methods { } end |
.KINESIS_STREAM_ENCRYPTED ⇒ String
Checks if Amazon Kinesis streams are encrypted at rest with server-side encryption.
1500 1501 1502 |
# File 'config/managed_rule_identifiers.rb', line 1500 def self.KINESIS_STREAM_ENCRYPTED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "KINESIS_STREAM_ENCRYPTED") end |
.KMS_CMK_NOT_SCHEDULED_FOR_DELETION ⇒ String
Checks whether customer master keys (CMKs) are not scheduled for deletion in AWS Key Management Service (KMS).
1508 1509 1510 |
# File 'config/managed_rule_identifiers.rb', line 1508 def self.KMS_CMK_NOT_SCHEDULED_FOR_DELETION() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "KMS_CMK_NOT_SCHEDULED_FOR_DELETION") end |
.LAMBDA_CONCURRENCY_CHECK ⇒ String
Checks whether the AWS Lambda function is configured with function-level concurrent execution limit.
1516 1517 1518 |
# File 'config/managed_rule_identifiers.rb', line 1516 def self.LAMBDA_CONCURRENCY_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "LAMBDA_CONCURRENCY_CHECK") end |
.LAMBDA_DLQ_CHECK ⇒ String
Checks whether an AWS Lambda function is configured with a dead-letter queue.
1524 1525 1526 |
# File 'config/managed_rule_identifiers.rb', line 1524 def self.LAMBDA_DLQ_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "LAMBDA_DLQ_CHECK") end |
.LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED ⇒ String
Checks whether the AWS Lambda function policy attached to the Lambda resource prohibits public access.
1532 1533 1534 |
# File 'config/managed_rule_identifiers.rb', line 1532 def self.LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED") end |
.LAMBDA_FUNCTION_SETTINGS_CHECK ⇒ String
Checks that the lambda function settings for runtime, role, timeout, and memory size match the expected values.
1540 1541 1542 |
# File 'config/managed_rule_identifiers.rb', line 1540 def self.LAMBDA_FUNCTION_SETTINGS_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "LAMBDA_FUNCTION_SETTINGS_CHECK") end |
.LAMBDA_INSIDE_VPC ⇒ String
Checks whether an AWS Lambda function is in an Amazon Virtual Private Cloud.
1548 1549 1550 |
# File 'config/managed_rule_identifiers.rb', line 1548 def self.LAMBDA_INSIDE_VPC() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "LAMBDA_INSIDE_VPC") end |
.LAMBDA_VPC_MULTI_AZ_CHECK ⇒ String
Checks if Lambda has more than 1 availability zone associated.
1556 1557 1558 |
# File 'config/managed_rule_identifiers.rb', line 1556 def self.LAMBDA_VPC_MULTI_AZ_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "LAMBDA_VPC_MULTI_AZ_CHECK") end |
.MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS ⇒ String
Checks whether AWS Multi-Factor Authentication (MFA) is enabled for all IAM users that use a console password.
1564 1565 1566 |
# File 'config/managed_rule_identifiers.rb', line 1564 def self.MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS") end |
.NACL_NO_UNRESTRICTED_SSH_RDP ⇒ String
Checks if default ports for SSH/RDP ingress traffic for network access control lists (NACLs) is unrestricted.
1572 1573 1574 |
# File 'config/managed_rule_identifiers.rb', line 1572 def self.NACL_NO_UNRESTRICTED_SSH_RDP() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "NACL_NO_UNRESTRICTED_SSH_RDP") end |
.NETFW_POLICY_DEFAULT_ACTION_FRAGMENT_PACKETS ⇒ String
Checks if an AWS Network Firewall policy is configured with a user defined stateless default action for fragmented packets.
1580 1581 1582 |
# File 'config/managed_rule_identifiers.rb', line 1580 def self.NETFW_POLICY_DEFAULT_ACTION_FRAGMENT_PACKETS() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "NETFW_POLICY_DEFAULT_ACTION_FRAGMENT_PACKETS") end |
.NETFW_POLICY_DEFAULT_ACTION_FULL_PACKETS ⇒ String
Checks if an AWS Network Firewall policy is configured with a user defined default stateless action for full packets.
1588 1589 1590 |
# File 'config/managed_rule_identifiers.rb', line 1588 def self.NETFW_POLICY_DEFAULT_ACTION_FULL_PACKETS() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "NETFW_POLICY_DEFAULT_ACTION_FULL_PACKETS") end |
.NETFW_POLICY_RULE_GROUP_ASSOCIATED ⇒ String
Check AWS Network Firewall policy is associated with stateful OR stateless rule groups.
1596 1597 1598 |
# File 'config/managed_rule_identifiers.rb', line 1596 def self.NETFW_POLICY_RULE_GROUP_ASSOCIATED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "NETFW_POLICY_RULE_GROUP_ASSOCIATED") end |
.NETFW_STATELESS_RULE_GROUP_NOT_EMPTY ⇒ String
Checks if a Stateless Network Firewall Rule Group contains rules.
1604 1605 1606 |
# File 'config/managed_rule_identifiers.rb', line 1604 def self.NETFW_STATELESS_RULE_GROUP_NOT_EMPTY() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "NETFW_STATELESS_RULE_GROUP_NOT_EMPTY") end |
.NLB_CROSS_ZONE_LOAD_BALANCING_ENABLED ⇒ String
Checks if cross-zone load balancing is enabled on Network Load Balancers (NLBs).
1612 1613 1614 |
# File 'config/managed_rule_identifiers.rb', line 1612 def self.NLB_CROSS_ZONE_LOAD_BALANCING_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "NLB_CROSS_ZONE_LOAD_BALANCING_ENABLED") end |
.OPENSEARCH_ACCESS_CONTROL_ENABLED ⇒ String
Checks if Amazon OpenSearch Service domains have fine-grained access control enabled.
1620 1621 1622 |
# File 'config/managed_rule_identifiers.rb', line 1620 def self.OPENSEARCH_ACCESS_CONTROL_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "OPENSEARCH_ACCESS_CONTROL_ENABLED") end |
.OPENSEARCH_AUDIT_LOGGING_ENABLED ⇒ String
Checks if Amazon OpenSearch Service domains have audit logging enabled.
1628 1629 1630 |
# File 'config/managed_rule_identifiers.rb', line 1628 def self.OPENSEARCH_AUDIT_LOGGING_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "OPENSEARCH_AUDIT_LOGGING_ENABLED") end |
.OPENSEARCH_DATA_NODE_FAULT_TOLERANCE ⇒ String
Checks if Amazon OpenSearch Service domains are configured with at least three data nodes and zoneAwarenessEnabled is true.
1636 1637 1638 |
# File 'config/managed_rule_identifiers.rb', line 1636 def self.OPENSEARCH_DATA_NODE_FAULT_TOLERANCE() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "OPENSEARCH_DATA_NODE_FAULT_TOLERANCE") end |
.OPENSEARCH_ENCRYPTED_AT_REST ⇒ String
Checks if Amazon OpenSearch Service domains have encryption at rest configuration enabled.
1644 1645 1646 |
# File 'config/managed_rule_identifiers.rb', line 1644 def self.OPENSEARCH_ENCRYPTED_AT_REST() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "OPENSEARCH_ENCRYPTED_AT_REST") end |
.OPENSEARCH_HTTPS_REQUIRED ⇒ String
Checks whether connections to OpenSearch domains are using HTTPS.
1652 1653 1654 |
# File 'config/managed_rule_identifiers.rb', line 1652 def self.OPENSEARCH_HTTPS_REQUIRED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "OPENSEARCH_HTTPS_REQUIRED") end |
.OPENSEARCH_IN_VPC_ONLY ⇒ String
Checks if Amazon OpenSearch Service domains are in an Amazon Virtual Private Cloud (VPC).
1660 1661 1662 |
# File 'config/managed_rule_identifiers.rb', line 1660 def self.OPENSEARCH_IN_VPC_ONLY() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "OPENSEARCH_IN_VPC_ONLY") end |
.OPENSEARCH_LOGS_TO_CLOUDWATCH ⇒ String
Checks if Amazon OpenSearch Service domains are configured to send logs to Amazon CloudWatch Logs.
1668 1669 1670 |
# File 'config/managed_rule_identifiers.rb', line 1668 def self.OPENSEARCH_LOGS_TO_CLOUDWATCH() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "OPENSEARCH_LOGS_TO_CLOUDWATCH") end |
.OPENSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK ⇒ String
Check if Amazon OpenSearch Service nodes are encrypted end to end.
1676 1677 1678 |
# File 'config/managed_rule_identifiers.rb', line 1676 def self.OPENSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "OPENSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK") end |
.RDS_AUTOMATIC_MINOR_VERSION_UPGRADE_ENABLED ⇒ String
Checks if Amazon Relational Database Service (RDS) database instances are configured for automatic minor version upgrades.
1684 1685 1686 |
# File 'config/managed_rule_identifiers.rb', line 1684 def self.RDS_AUTOMATIC_MINOR_VERSION_UPGRADE_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "RDS_AUTOMATIC_MINOR_VERSION_UPGRADE_ENABLED") end |
.RDS_CLUSTER_DEFAULT_ADMIN_CHECK ⇒ String
Checks if an Amazon Relational Database Service (Amazon RDS) database cluster has changed the admin username from its default value.
1692 1693 1694 |
# File 'config/managed_rule_identifiers.rb', line 1692 def self.RDS_CLUSTER_DEFAULT_ADMIN_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "RDS_CLUSTER_DEFAULT_ADMIN_CHECK") end |
.RDS_CLUSTER_DELETION_PROTECTION_ENABLED ⇒ String
Checks if an Amazon Relational Database Service (Amazon RDS) cluster has deletion protection enabled.
1700 1701 1702 |
# File 'config/managed_rule_identifiers.rb', line 1700 def self.RDS_CLUSTER_DELETION_PROTECTION_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "RDS_CLUSTER_DELETION_PROTECTION_ENABLED") end |
.RDS_CLUSTER_IAM_AUTHENTICATION_ENABLED ⇒ String
Checks if an Amazon RDS Cluster has AWS Identity and Access Management (IAM) authentication enabled.
1708 1709 1710 |
# File 'config/managed_rule_identifiers.rb', line 1708 def self.RDS_CLUSTER_IAM_AUTHENTICATION_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "RDS_CLUSTER_IAM_AUTHENTICATION_ENABLED") end |
.RDS_CLUSTER_MULTI_AZ_ENABLED ⇒ String
Checks if Multi-AZ replication is enabled on Amazon Aurora and Hermes clusters managed by Amazon Relational Database Service (Amazon RDS).
1716 1717 1718 |
# File 'config/managed_rule_identifiers.rb', line 1716 def self.RDS_CLUSTER_MULTI_AZ_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "RDS_CLUSTER_MULTI_AZ_ENABLED") end |
.RDS_DB_INSTANCE_BACKUP_ENABLED ⇒ String
Checks whether RDS DB instances have backups enabled.
1724 1725 1726 |
# File 'config/managed_rule_identifiers.rb', line 1724 def self.RDS_DB_INSTANCE_BACKUP_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "RDS_DB_INSTANCE_BACKUP_ENABLED") end |
.RDS_DB_SECURITY_GROUP_NOT_ALLOWED ⇒ String
Checks if there are any Amazon Relational Database Service (RDS) DB security groups that are not the default DB security group.
1732 1733 1734 |
# File 'config/managed_rule_identifiers.rb', line 1732 def self.RDS_DB_SECURITY_GROUP_NOT_ALLOWED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "RDS_DB_SECURITY_GROUP_NOT_ALLOWED") end |
.RDS_ENHANCED_MONITORING_ENABLED ⇒ String
Checks whether enhanced monitoring is enabled for Amazon Relational Database Service (Amazon RDS) instances.
1740 1741 1742 |
# File 'config/managed_rule_identifiers.rb', line 1740 def self.RDS_ENHANCED_MONITORING_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "RDS_ENHANCED_MONITORING_ENABLED") end |
.RDS_IN_BACKUP_PLAN ⇒ String
Checks whether Amazon RDS database is present in back plans of AWS Backup.
1748 1749 1750 |
# File 'config/managed_rule_identifiers.rb', line 1748 def self.RDS_IN_BACKUP_PLAN() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "RDS_IN_BACKUP_PLAN") end |
.RDS_INSTANCE_DEFAULT_ADMIN_CHECK ⇒ String
Checks if an Amazon Relational Database Service (Amazon RDS) database has changed the admin username from its default value.
1756 1757 1758 |
# File 'config/managed_rule_identifiers.rb', line 1756 def self.RDS_INSTANCE_DEFAULT_ADMIN_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "RDS_INSTANCE_DEFAULT_ADMIN_CHECK") end |
.RDS_INSTANCE_DELETION_PROTECTION_ENABLED ⇒ String
Checks if an Amazon Relational Database Service (Amazon RDS) instance has deletion protection enabled.
1764 1765 1766 |
# File 'config/managed_rule_identifiers.rb', line 1764 def self.RDS_INSTANCE_DELETION_PROTECTION_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "RDS_INSTANCE_DELETION_PROTECTION_ENABLED") end |
.RDS_INSTANCE_IAM_AUTHENTICATION_ENABLED ⇒ String
Checks if an Amazon RDS instance has AWS Identity and Access Management (IAM) authentication enabled.
1772 1773 1774 |
# File 'config/managed_rule_identifiers.rb', line 1772 def self.RDS_INSTANCE_IAM_AUTHENTICATION_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "RDS_INSTANCE_IAM_AUTHENTICATION_ENABLED") end |
.RDS_INSTANCE_PUBLIC_ACCESS_CHECK ⇒ String
Check whether the Amazon Relational Database Service instances are not publicly accessible.
1780 1781 1782 |
# File 'config/managed_rule_identifiers.rb', line 1780 def self.RDS_INSTANCE_PUBLIC_ACCESS_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "RDS_INSTANCE_PUBLIC_ACCESS_CHECK") end |
.RDS_LAST_BACKUP_RECOVERY_POINT_CREATED ⇒ String
Checks if a recovery point was created for Amazon Relational Database Service (Amazon RDS).
1788 1789 1790 |
# File 'config/managed_rule_identifiers.rb', line 1788 def self.RDS_LAST_BACKUP_RECOVERY_POINT_CREATED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "RDS_LAST_BACKUP_RECOVERY_POINT_CREATED") end |
.RDS_LOGGING_ENABLED ⇒ String
Checks that respective logs of Amazon Relational Database Service (Amazon RDS) are enabled.
1796 1797 1798 |
# File 'config/managed_rule_identifiers.rb', line 1796 def self.RDS_LOGGING_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "RDS_LOGGING_ENABLED") end |
.RDS_MULTI_AZ_SUPPORT ⇒ String
Checks whether high availability is enabled for your RDS DB instances.
1804 1805 1806 |
# File 'config/managed_rule_identifiers.rb', line 1804 def self.RDS_MULTI_AZ_SUPPORT() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "RDS_MULTI_AZ_SUPPORT") end |
.RDS_RESOURCES_PROTECTED_BY_BACKUP_PLAN ⇒ String
Checks if Amazon Relational Database Service (Amazon RDS) instances are protected by a backup plan.
1812 1813 1814 |
# File 'config/managed_rule_identifiers.rb', line 1812 def self.RDS_RESOURCES_PROTECTED_BY_BACKUP_PLAN() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "RDS_RESOURCES_PROTECTED_BY_BACKUP_PLAN") end |
.RDS_SNAPSHOT_ENCRYPTED ⇒ String
Checks whether Amazon Relational Database Service (Amazon RDS) DB snapshots are encrypted.
1820 1821 1822 |
# File 'config/managed_rule_identifiers.rb', line 1820 def self.RDS_SNAPSHOT_ENCRYPTED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "RDS_SNAPSHOT_ENCRYPTED") end |
.RDS_SNAPSHOTS_PUBLIC_PROHIBITED ⇒ String
Checks if Amazon Relational Database Service (Amazon RDS) snapshots are public.
1828 1829 1830 |
# File 'config/managed_rule_identifiers.rb', line 1828 def self.RDS_SNAPSHOTS_PUBLIC_PROHIBITED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "RDS_SNAPSHOTS_PUBLIC_PROHIBITED") end |
.RDS_STORAGE_ENCRYPTED ⇒ String
Checks whether storage encryption is enabled for your RDS DB instances.
1836 1837 1838 |
# File 'config/managed_rule_identifiers.rb', line 1836 def self.RDS_STORAGE_ENCRYPTED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "RDS_STORAGE_ENCRYPTED") end |
.REDSHIFT_AUDIT_LOGGING_ENABLED ⇒ String
Checks if Amazon Redshift clusters are logging audits to a specific bucket.
1844 1845 1846 |
# File 'config/managed_rule_identifiers.rb', line 1844 def self.REDSHIFT_AUDIT_LOGGING_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "REDSHIFT_AUDIT_LOGGING_ENABLED") end |
.REDSHIFT_BACKUP_ENABLED ⇒ String
Checks that Amazon Redshift automated snapshots are enabled for clusters.
1852 1853 1854 |
# File 'config/managed_rule_identifiers.rb', line 1852 def self.REDSHIFT_BACKUP_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "REDSHIFT_BACKUP_ENABLED") end |
.REDSHIFT_CLUSTER_CONFIGURATION_CHECK ⇒ String
Checks whether Amazon Redshift clusters have the specified settings.
1860 1861 1862 |
# File 'config/managed_rule_identifiers.rb', line 1860 def self.REDSHIFT_CLUSTER_CONFIGURATION_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "REDSHIFT_CLUSTER_CONFIGURATION_CHECK") end |
.REDSHIFT_CLUSTER_KMS_ENABLED ⇒ String
Checks if Amazon Redshift clusters are using a specified AWS Key Management Service (AWS KMS) key for encryption.
1868 1869 1870 |
# File 'config/managed_rule_identifiers.rb', line 1868 def self.REDSHIFT_CLUSTER_KMS_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "REDSHIFT_CLUSTER_KMS_ENABLED") end |
.REDSHIFT_CLUSTER_MAINTENANCE_SETTINGS_CHECK ⇒ String
Checks whether Amazon Redshift clusters have the specified maintenance settings.
1876 1877 1878 |
# File 'config/managed_rule_identifiers.rb', line 1876 def self.REDSHIFT_CLUSTER_MAINTENANCE_SETTINGS_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "REDSHIFT_CLUSTER_MAINTENANCE_SETTINGS_CHECK") end |
.REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK ⇒ String
Checks whether Amazon Redshift clusters are not publicly accessible.
1884 1885 1886 |
# File 'config/managed_rule_identifiers.rb', line 1884 def self.REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK") end |
.REDSHIFT_DEFAULT_ADMIN_CHECK ⇒ String
Checks if an Amazon Redshift cluster has changed the admin username from its default value.
1892 1893 1894 |
# File 'config/managed_rule_identifiers.rb', line 1892 def self.REDSHIFT_DEFAULT_ADMIN_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "REDSHIFT_DEFAULT_ADMIN_CHECK") end |
.REDSHIFT_DEFAULT_DB_NAME_CHECK ⇒ String
Checks if a Redshift cluster has changed its database name from the default value.
1900 1901 1902 |
# File 'config/managed_rule_identifiers.rb', line 1900 def self.REDSHIFT_DEFAULT_DB_NAME_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "REDSHIFT_DEFAULT_DB_NAME_CHECK") end |
.REDSHIFT_ENHANCED_VPC_ROUTING_ENABLED ⇒ String
Checks if Amazon Redshift cluster has 'enhancedVpcRouting' enabled.
1908 1909 1910 |
# File 'config/managed_rule_identifiers.rb', line 1908 def self.REDSHIFT_ENHANCED_VPC_ROUTING_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "REDSHIFT_ENHANCED_VPC_ROUTING_ENABLED") end |
.REDSHIFT_REQUIRE_TLS_SSL ⇒ String
Checks whether Amazon Redshift clusters require TLS/SSL encryption to connect to SQL clients.
1916 1917 1918 |
# File 'config/managed_rule_identifiers.rb', line 1916 def self.REDSHIFT_REQUIRE_TLS_SSL() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "REDSHIFT_REQUIRE_TLS_SSL") end |
.REQUIRED_TAGS ⇒ String
Checks whether your resources have the tags that you specify.
For example, you can check whether your Amazon EC2 instances have the CostCenter tag.
1926 1927 1928 |
# File 'config/managed_rule_identifiers.rb', line 1926 def self.REQUIRED_TAGS() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "REQUIRED_TAGS") end |
.ROOT_ACCOUNT_HARDWARE_MFA_ENABLED ⇒ String
Checks whether your AWS account is enabled to use multi-factor authentication (MFA) hardware device to sign in with root credentials.
1934 1935 1936 |
# File 'config/managed_rule_identifiers.rb', line 1934 def self.ROOT_ACCOUNT_HARDWARE_MFA_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ROOT_ACCOUNT_HARDWARE_MFA_ENABLED") end |
.ROOT_ACCOUNT_MFA_ENABLED ⇒ String
Checks whether users of your AWS account require a multi-factor authentication (MFA) device to sign in with root credentials.
1942 1943 1944 |
# File 'config/managed_rule_identifiers.rb', line 1942 def self.ROOT_ACCOUNT_MFA_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "ROOT_ACCOUNT_MFA_ENABLED") end |
.S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS ⇒ String
Checks whether the required public access block settings are configured from account level.
1950 1951 1952 |
# File 'config/managed_rule_identifiers.rb', line 1950 def self.S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS") end |
.S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC ⇒ String
Checks if the required public access block settings are configured from account level.
1958 1959 1960 |
# File 'config/managed_rule_identifiers.rb', line 1958 def self.S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC") end |
.S3_BUCKET_ACL_PROHIBITED ⇒ String
Checks if Amazon Simple Storage Service (Amazon S3) Buckets allow user permissions through access control lists (ACLs).
1966 1967 1968 |
# File 'config/managed_rule_identifiers.rb', line 1966 def self.S3_BUCKET_ACL_PROHIBITED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "S3_BUCKET_ACL_PROHIBITED") end |
.S3_BUCKET_BLOCKED_ACTIONS_PROHIBITED ⇒ String
Checks if the Amazon Simple Storage Service bucket policy does not allow blacklisted bucket-level and object-level actions on resources in the bucket for principals from other AWS accounts.
1974 1975 1976 |
# File 'config/managed_rule_identifiers.rb', line 1974 def self.S3_BUCKET_BLOCKED_ACTIONS_PROHIBITED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "S3_BUCKET_BLOCKED_ACTIONS_PROHIBITED") end |
.S3_BUCKET_DEFAULT_LOCK_ENABLED ⇒ String
Checks whether Amazon Simple Storage Service (Amazon S3) bucket has lock enabled, by default.
1982 1983 1984 |
# File 'config/managed_rule_identifiers.rb', line 1982 def self.S3_BUCKET_DEFAULT_LOCK_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "S3_BUCKET_DEFAULT_LOCK_ENABLED") end |
.S3_BUCKET_LEVEL_PUBLIC_ACCESS_PROHIBITED ⇒ String
Checks if Amazon Simple Storage Service (Amazon S3) buckets are publicly accessible.
1990 1991 1992 |
# File 'config/managed_rule_identifiers.rb', line 1990 def self.S3_BUCKET_LEVEL_PUBLIC_ACCESS_PROHIBITED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "S3_BUCKET_LEVEL_PUBLIC_ACCESS_PROHIBITED") end |
.S3_BUCKET_LOGGING_ENABLED ⇒ String
Checks whether logging is enabled for your S3 buckets.
1998 1999 2000 |
# File 'config/managed_rule_identifiers.rb', line 1998 def self.S3_BUCKET_LOGGING_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "S3_BUCKET_LOGGING_ENABLED") end |
.S3_BUCKET_POLICY_GRANTEE_CHECK ⇒ String
Checks that the access granted by the Amazon S3 bucket is restricted by any of the AWS principals, federated users, service principals, IP addresses, or VPCs that you provide.
2006 2007 2008 |
# File 'config/managed_rule_identifiers.rb', line 2006 def self.S3_BUCKET_POLICY_GRANTEE_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "S3_BUCKET_POLICY_GRANTEE_CHECK") end |
.S3_BUCKET_POLICY_NOT_MORE_PERMISSIVE ⇒ String
Checks if your Amazon Simple Storage Service bucket policies do not allow other inter-account permissions than the control Amazon S3 bucket policy that you provide.
2014 2015 2016 |
# File 'config/managed_rule_identifiers.rb', line 2014 def self.S3_BUCKET_POLICY_NOT_MORE_PERMISSIVE() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "S3_BUCKET_POLICY_NOT_MORE_PERMISSIVE") end |
.S3_BUCKET_PUBLIC_READ_PROHIBITED ⇒ String
Checks if your Amazon S3 buckets do not allow public read access.
2022 2023 2024 |
# File 'config/managed_rule_identifiers.rb', line 2022 def self.S3_BUCKET_PUBLIC_READ_PROHIBITED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "S3_BUCKET_PUBLIC_READ_PROHIBITED") end |
.S3_BUCKET_PUBLIC_WRITE_PROHIBITED ⇒ String
Checks that your Amazon S3 buckets do not allow public write access.
2030 2031 2032 |
# File 'config/managed_rule_identifiers.rb', line 2030 def self.S3_BUCKET_PUBLIC_WRITE_PROHIBITED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "S3_BUCKET_PUBLIC_WRITE_PROHIBITED") end |
.S3_BUCKET_REPLICATION_ENABLED ⇒ String
Checks whether S3 buckets have cross-region replication enabled.
2038 2039 2040 |
# File 'config/managed_rule_identifiers.rb', line 2038 def self.S3_BUCKET_REPLICATION_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "S3_BUCKET_REPLICATION_ENABLED") end |
.S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED ⇒ String
Checks that your Amazon S3 bucket either has Amazon S3 default encryption enabled or that the S3 bucket policy explicitly denies put-object requests without server side encryption that uses AES-256 or AWS Key Management Service.
2046 2047 2048 |
# File 'config/managed_rule_identifiers.rb', line 2046 def self.S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED") end |
.S3_BUCKET_SSL_REQUESTS_ONLY ⇒ String
Checks whether S3 buckets have policies that require requests to use Secure Socket Layer (SSL).
2054 2055 2056 |
# File 'config/managed_rule_identifiers.rb', line 2054 def self.S3_BUCKET_SSL_REQUESTS_ONLY() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "S3_BUCKET_SSL_REQUESTS_ONLY") end |
.S3_BUCKET_VERSIONING_ENABLED ⇒ String
Checks whether versioning is enabled for your S3 buckets.
2062 2063 2064 |
# File 'config/managed_rule_identifiers.rb', line 2062 def self.S3_BUCKET_VERSIONING_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "S3_BUCKET_VERSIONING_ENABLED") end |
.S3_DEFAULT_ENCRYPTION_KMS ⇒ String
Checks whether the Amazon Simple Storage Service (Amazon S3) buckets are encrypted with AWS Key Management Service (AWS KMS).
2070 2071 2072 |
# File 'config/managed_rule_identifiers.rb', line 2070 def self.S3_DEFAULT_ENCRYPTION_KMS() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "S3_DEFAULT_ENCRYPTION_KMS") end |
.S3_EVENT_NOTIFICATIONS_ENABLED ⇒ String
Checks if Amazon S3 Events Notifications are enabled on an S3 bucket.
2078 2079 2080 |
# File 'config/managed_rule_identifiers.rb', line 2078 def self.S3_EVENT_NOTIFICATIONS_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "S3_EVENT_NOTIFICATIONS_ENABLED") end |
.S3_LAST_BACKUP_RECOVERY_POINT_CREATED ⇒ String
Checks if a recovery point was created for Amazon Simple Storage Service (Amazon S3).
2086 2087 2088 |
# File 'config/managed_rule_identifiers.rb', line 2086 def self.S3_LAST_BACKUP_RECOVERY_POINT_CREATED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "S3_LAST_BACKUP_RECOVERY_POINT_CREATED") end |
.S3_LIFECYCLE_POLICY_CHECK ⇒ String
Checks if a lifecycle rule is configured for an Amazon Simple Storage Service (Amazon S3) bucket.
2094 2095 2096 |
# File 'config/managed_rule_identifiers.rb', line 2094 def self.S3_LIFECYCLE_POLICY_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "S3_LIFECYCLE_POLICY_CHECK") end |
.S3_RESOURCES_PROTECTED_BY_BACKUP_PLAN ⇒ String
Checks if Amazon Simple Storage Service (Amazon S3) buckets are protected by a backup plan.
2102 2103 2104 |
# File 'config/managed_rule_identifiers.rb', line 2102 def self.S3_RESOURCES_PROTECTED_BY_BACKUP_PLAN() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "S3_RESOURCES_PROTECTED_BY_BACKUP_PLAN") end |
.S3_VERSION_LIFECYCLE_POLICY_CHECK ⇒ String
Checks if Amazon Simple Storage Service (Amazon S3) version enabled buckets have lifecycle policy configured.
2110 2111 2112 |
# File 'config/managed_rule_identifiers.rb', line 2110 def self.S3_VERSION_LIFECYCLE_POLICY_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "S3_VERSION_LIFECYCLE_POLICY_CHECK") end |
.SAGEMAKER_ENDPOINT_CONFIGURATION_KMS_KEY_CONFIGURED ⇒ String
Checks whether AWS Key Management Service (KMS) key is configured for an Amazon SageMaker endpoint configuration.
2118 2119 2120 |
# File 'config/managed_rule_identifiers.rb', line 2118 def self.SAGEMAKER_ENDPOINT_CONFIGURATION_KMS_KEY_CONFIGURED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "SAGEMAKER_ENDPOINT_CONFIGURATION_KMS_KEY_CONFIGURED") end |
.SAGEMAKER_NOTEBOOK_INSTANCE_KMS_KEY_CONFIGURED ⇒ String
Check whether an AWS Key Management Service (KMS) key is configured for SageMaker notebook instance.
2126 2127 2128 |
# File 'config/managed_rule_identifiers.rb', line 2126 def self.SAGEMAKER_NOTEBOOK_INSTANCE_KMS_KEY_CONFIGURED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "SAGEMAKER_NOTEBOOK_INSTANCE_KMS_KEY_CONFIGURED") end |
.SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS ⇒ String
Checks whether direct internet access is disabled for an Amazon SageMaker notebook instance.
2134 2135 2136 |
# File 'config/managed_rule_identifiers.rb', line 2134 def self.SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS") end |
.SECRETSMANAGER_ROTATION_ENABLED_CHECK ⇒ String
Checks whether AWS Secrets Manager secret has rotation enabled.
2142 2143 2144 |
# File 'config/managed_rule_identifiers.rb', line 2142 def self.SECRETSMANAGER_ROTATION_ENABLED_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "SECRETSMANAGER_ROTATION_ENABLED_CHECK") end |
.SECRETSMANAGER_SCHEDULED_ROTATION_SUCCESS_CHECK ⇒ String
Checks whether AWS Secrets Manager secret rotation has rotated successfully as per the rotation schedule.
2150 2151 2152 |
# File 'config/managed_rule_identifiers.rb', line 2150 def self.SECRETSMANAGER_SCHEDULED_ROTATION_SUCCESS_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "SECRETSMANAGER_SCHEDULED_ROTATION_SUCCESS_CHECK") end |
.SECRETSMANAGER_SECRET_PERIODIC_ROTATION ⇒ String
Checks if AWS Secrets Manager secrets have been rotated in the past specified number of days.
2158 2159 2160 |
# File 'config/managed_rule_identifiers.rb', line 2158 def self.SECRETSMANAGER_SECRET_PERIODIC_ROTATION() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "SECRETSMANAGER_SECRET_PERIODIC_ROTATION") end |
.SECRETSMANAGER_SECRET_UNUSED ⇒ String
Checks if AWS Secrets Manager secrets have been accessed within a specified number of days.
2166 2167 2168 |
# File 'config/managed_rule_identifiers.rb', line 2166 def self.SECRETSMANAGER_SECRET_UNUSED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "SECRETSMANAGER_SECRET_UNUSED") end |
.SECRETSMANAGER_USING_CMK ⇒ String
Checks if all secrets in AWS Secrets Manager are encrypted using the AWS managed key (aws/secretsmanager) or a customer managed key that was created in AWS Key Management Service (AWS KMS).
2174 2175 2176 |
# File 'config/managed_rule_identifiers.rb', line 2174 def self.SECRETSMANAGER_USING_CMK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "SECRETSMANAGER_USING_CMK") end |
.SECURITYHUB_ENABLED ⇒ String
Checks that AWS Security Hub is enabled for an AWS account.
2182 2183 2184 |
# File 'config/managed_rule_identifiers.rb', line 2182 def self.SECURITYHUB_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "SECURITYHUB_ENABLED") end |
.SERVICE_VPC_ENDPOINT_ENABLED ⇒ String
Checks whether Service Endpoint for the service provided in rule parameter is created for each Amazon VPC.
2190 2191 2192 |
# File 'config/managed_rule_identifiers.rb', line 2190 def self.SERVICE_VPC_ENDPOINT_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "SERVICE_VPC_ENDPOINT_ENABLED") end |
.SHIELD_ADVANCED_ENABLED_AUTO_RENEW ⇒ String
Checks whether EBS volumes are attached to EC2 instances.
2198 2199 2200 |
# File 'config/managed_rule_identifiers.rb', line 2198 def self.SHIELD_ADVANCED_ENABLED_AUTO_RENEW() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "SHIELD_ADVANCED_ENABLED_AUTO_RENEW") end |
.SHIELD_DRT_ACCESS ⇒ String
Verify that DDoS response team (DRT) can access AWS account.
2206 2207 2208 |
# File 'config/managed_rule_identifiers.rb', line 2206 def self.SHIELD_DRT_ACCESS() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "SHIELD_DRT_ACCESS") end |
.SNS_ENCRYPTED_KMS ⇒ String
Checks whether Amazon SNS topic is encrypted with AWS Key Management Service (AWS KMS).
2214 2215 2216 |
# File 'config/managed_rule_identifiers.rb', line 2214 def self.SNS_ENCRYPTED_KMS() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "SNS_ENCRYPTED_KMS") end |
.SNS_TOPIC_MESSAGE_DELIVERY_NOTIFICATION_ENABLED ⇒ String
Checks if Amazon Simple Notification Service (SNS) logging is enabled for the delivery status of notification messages sent to a topic for the endpoints.
2222 2223 2224 |
# File 'config/managed_rule_identifiers.rb', line 2222 def self.SNS_TOPIC_MESSAGE_DELIVERY_NOTIFICATION_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "SNS_TOPIC_MESSAGE_DELIVERY_NOTIFICATION_ENABLED") end |
.SSM_DOCUMENT_NOT_PUBLIC ⇒ String
Checks if AWS Systems Manager documents owned by the account are public.
2230 2231 2232 |
# File 'config/managed_rule_identifiers.rb', line 2230 def self.SSM_DOCUMENT_NOT_PUBLIC() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "SSM_DOCUMENT_NOT_PUBLIC") end |
.STORAGEGATEWAY_LAST_BACKUP_RECOVERY_POINT_CREATED ⇒ String
Checks if a recovery point was created for AWS Storage Gateway volumes.
2238 2239 2240 |
# File 'config/managed_rule_identifiers.rb', line 2238 def self.STORAGEGATEWAY_LAST_BACKUP_RECOVERY_POINT_CREATED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "STORAGEGATEWAY_LAST_BACKUP_RECOVERY_POINT_CREATED") end |
.SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED ⇒ String
hecks if Amazon Virtual Private Cloud (Amazon VPC) subnets are assigned a public IP address.
2246 2247 2248 |
# File 'config/managed_rule_identifiers.rb', line 2246 def self.SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED") end |
.VIRTUALMACHINE_LAST_BACKUP_RECOVERY_POINT_CREATED ⇒ String
Checks if a recovery point was created for AWS Backup-Gateway VirtualMachines.
2254 2255 2256 |
# File 'config/managed_rule_identifiers.rb', line 2254 def self.VIRTUALMACHINE_LAST_BACKUP_RECOVERY_POINT_CREATED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "VIRTUALMACHINE_LAST_BACKUP_RECOVERY_POINT_CREATED") end |
.VIRTUALMACHINE_RESOURCES_PROTECTED_BY_BACKUP_PLAN ⇒ String
Checks if AWS Backup-Gateway VirtualMachines are protected by a backup plan.
2262 2263 2264 |
# File 'config/managed_rule_identifiers.rb', line 2262 def self.VIRTUALMACHINE_RESOURCES_PROTECTED_BY_BACKUP_PLAN() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "VIRTUALMACHINE_RESOURCES_PROTECTED_BY_BACKUP_PLAN") end |
.VPC_DEFAULT_SECURITY_GROUP_CLOSED ⇒ String
Checks that the default security group of any Amazon Virtual Private Cloud (VPC) does not allow inbound or outbound traffic.
The rule returns NOT_APPLICABLE if the security group is not default.
2273 2274 2275 |
# File 'config/managed_rule_identifiers.rb', line 2273 def self.VPC_DEFAULT_SECURITY_GROUP_CLOSED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "VPC_DEFAULT_SECURITY_GROUP_CLOSED") end |
.VPC_FLOW_LOGS_ENABLED ⇒ String
Checks whether Amazon Virtual Private Cloud flow logs are found and enabled for Amazon VPC.
2281 2282 2283 |
# File 'config/managed_rule_identifiers.rb', line 2281 def self.VPC_FLOW_LOGS_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "VPC_FLOW_LOGS_ENABLED") end |
.VPC_NETWORK_ACL_UNUSED_CHECK ⇒ String
Checks if there are unused network access control lists (network ACLs).
2289 2290 2291 |
# File 'config/managed_rule_identifiers.rb', line 2289 def self.VPC_NETWORK_ACL_UNUSED_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "VPC_NETWORK_ACL_UNUSED_CHECK") end |
.VPC_PEERING_DNS_RESOLUTION_CHECK ⇒ String
Checks if DNS resolution from accepter/requester VPC to private IP is enabled.
2297 2298 2299 |
# File 'config/managed_rule_identifiers.rb', line 2297 def self.VPC_PEERING_DNS_RESOLUTION_CHECK() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "VPC_PEERING_DNS_RESOLUTION_CHECK") end |
.VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS ⇒ String
Checks whether the security group with 0.0.0.0/0 of any Amazon Virtual Private Cloud (Amazon VPC) allows only specific inbound TCP or UDP traffic.
2305 2306 2307 |
# File 'config/managed_rule_identifiers.rb', line 2305 def self.VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS") end |
.VPC_VPN_2_TUNNELS_UP ⇒ String
Checks that both AWS Virtual Private Network tunnels provided by AWS Site-to-Site VPN are in UP status.
2313 2314 2315 |
# File 'config/managed_rule_identifiers.rb', line 2313 def self.VPC_VPN_2_TUNNELS_UP() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "VPC_VPN_2_TUNNELS_UP") end |
.WAF_CLASSIC_LOGGING_ENABLED ⇒ String
Checks if logging is enabled on AWS Web Application Firewall (WAF) classic global web ACLs.
2321 2322 2323 |
# File 'config/managed_rule_identifiers.rb', line 2321 def self.WAF_CLASSIC_LOGGING_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "WAF_CLASSIC_LOGGING_ENABLED") end |
.WAF_GLOBAL_RULE_NOT_EMPTY ⇒ String
Checks if an AWS WAF global rule contains any conditions.
2329 2330 2331 |
# File 'config/managed_rule_identifiers.rb', line 2329 def self.WAF_GLOBAL_RULE_NOT_EMPTY() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "WAF_GLOBAL_RULE_NOT_EMPTY") end |
.WAF_GLOBAL_RULEGROUP_NOT_EMPTY ⇒ String
Checks if an AWS WAF Classic rule group contains any rules.
2337 2338 2339 |
# File 'config/managed_rule_identifiers.rb', line 2337 def self.WAF_GLOBAL_RULEGROUP_NOT_EMPTY() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "WAF_GLOBAL_RULEGROUP_NOT_EMPTY") end |
.WAF_GLOBAL_WEBACL_NOT_EMPTY ⇒ String
Checks whether a WAF Global Web ACL contains any WAF rules or rule groups.
2345 2346 2347 |
# File 'config/managed_rule_identifiers.rb', line 2345 def self.WAF_GLOBAL_WEBACL_NOT_EMPTY() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "WAF_GLOBAL_WEBACL_NOT_EMPTY") end |
.WAF_REGIONAL_RULE_NOT_EMPTY ⇒ String
Checks whether WAF regional rule contains conditions.
2353 2354 2355 |
# File 'config/managed_rule_identifiers.rb', line 2353 def self.WAF_REGIONAL_RULE_NOT_EMPTY() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "WAF_REGIONAL_RULE_NOT_EMPTY") end |
.WAF_REGIONAL_RULEGROUP_NOT_EMPTY ⇒ String
Checks if WAF Regional rule groups contain any rules.
2361 2362 2363 |
# File 'config/managed_rule_identifiers.rb', line 2361 def self.WAF_REGIONAL_RULEGROUP_NOT_EMPTY() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "WAF_REGIONAL_RULEGROUP_NOT_EMPTY") end |
.WAF_REGIONAL_WEBACL_NOT_EMPTY ⇒ String
Checks if a WAF regional Web ACL contains any WAF rules or rule groups.
2369 2370 2371 |
# File 'config/managed_rule_identifiers.rb', line 2369 def self.WAF_REGIONAL_WEBACL_NOT_EMPTY() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "WAF_REGIONAL_WEBACL_NOT_EMPTY") end |
.WAFV2_LOGGING_ENABLED ⇒ String
Checks whether logging is enabled on AWS Web Application Firewall (WAFV2) regional and global web access control list (ACLs).
2377 2378 2379 |
# File 'config/managed_rule_identifiers.rb', line 2377 def self.WAFV2_LOGGING_ENABLED() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_config.ManagedRuleIdentifiers", "WAFV2_LOGGING_ENABLED") end |