-
Notifications
You must be signed in to change notification settings - Fork 3
/
configrules.csv
We can make this file beautiful and searchable if this error is corrected: Illegal quoting in line 2.
23 lines (23 loc) · 5.09 KB
/
configrules.csv
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
Name, Type, Description, Owner, MessageType, Scope, MaximumExecutionFrequency, InputParameters
CloudTrailIsEnabled, Periodic, Checks that a CloudTrail exists that is set to multi-region., CUSTOM_LAMBDA, ConfigurationSnapshotDeliveryCompleted, Global, One_Hour, {"configrule":"CloudTrailIsEnabled"}
CloudTrailLogFileValidationEnabled, Periodic, Checks that CloudTrail Log Validation is Enabled in All Regions., CUSTOM_LAMBDA, ConfigurationSnapshotDeliveryCompleted, Global, One_Hour, {"configrule":"CloudTrailLogFileValidationEnabled"}
CloudTrailS3BucketNotPublic, Periodic, Checks that the S3 Bucket used for CloudTrail logs is not public., CUSTOM_LAMBDA, ConfigurationSnapshotDeliveryCompleted, Global, One_Hour, {"configrule":"CloudTrailS3BucketNotPublic"}
CloudTrailWithCloudWatchLogsIsEnabled, Periodic, Checks that CloudTrail is integrated with CloudWatch Logs., CUSTOM_LAMBDA, ConfigurationSnapshotDeliveryCompleted, Global, One_Hour, {"configrule":"CloudTrailWithCloudWatchLogsIsEnabled"}
CloudTrailLogsEncrypted, Periodic, Checks that CloudTrail logs are encrypted., CUSTOM_LAMBDA, ConfigurationSnapshotDeliveryCompleted, Global, One_Hour, {"configrule":"CloudTrailLogsEncrypted"}
ConfigIsEnabled, Periodic, Checks that AWS Config is Enabled in All Regions., CUSTOM_LAMBDA, ConfigurationSnapshotDeliveryCompleted, Global, One_Hour, {"configrule":"ConfigIsEnabled"}
IamUnusedCredentialsAreDisabled, Triggered, Checks that the IAM User's access keys have been used within the specified number of days., CUSTOM_LAMBDA, ConfigurationItemChangeNotification, AWS::IAM::User, One_Hour,{"configrule":"IamUnusedCredentialsAreDisabled"|"MaximumUnusedAge":30}
IamCredentialRotation, Triggered, Checks that the IAM User's access keys have been rotated within the specified number of days., CUSTOM_LAMBDA, ConfigurationItemChangeNotification, AWS::IAM::User, One_Hour,{"configrule":"IamCredentialRotation"|"MaximumAccessKeyAge":90}
IamRequireLowercaseCharacters, Periodic, Checks that the IAM password policy requires a lowercase character., CUSTOM_LAMBDA, ConfigurationSnapshotDeliveryCompleted, Global, One_Hour,{"configrule":"IamRequireLowercaseCharacters"}
IamRequireUppercaseCharacters, Periodic, Checks that the IAM password policy requires an uppercase character., CUSTOM_LAMBDA, ConfigurationSnapshotDeliveryCompleted, Global, One_Hour,{"configrule":"IamRequireUppercaseCharacters"}
IamRequireSymbols, Periodic, Checks that the IAM password policy requires a symbol., CUSTOM_LAMBDA, ConfigurationSnapshotDeliveryCompleted, Global, One_Hour,{"configrule":"IamRequireSymbols"}
IamRequireNumbers, Periodic, Checks that the IAM password policy requires a number., CUSTOM_LAMBDA, ConfigurationSnapshotDeliveryCompleted, Global, One_Hour,{"configrule":"IamRequireNumbers"}
IamPasswordExpiryIsEnabled, Periodic, Checks that the IAM password policy expires passwords older than the configured maximum age., CUSTOM_LAMBDA, ConfigurationSnapshotDeliveryCompleted,Global, One_Hour,{"configrule":"IamPasswordExpiryIsEnabled"|"MaximumPasswordAge":90}
IamPasswordReusePrevention, Periodic, Checks that the IAM password policy prevents password reuse., CUSTOM_LAMBDA, ConfigurationSnapshotDeliveryCompleted,Global, One_Hour,{"configrule":"IamPasswordExpiryIsEnabled"|"PasswordReusePrevention":3}
IamNoRootAccessKeys, Periodic, Checks that the root account's access keys have been disabled., CUSTOM_LAMBDA, ConfigurationSnapshotDeliveryCompleted, Global, One_Hour,{"configrule":"IamNoRootAccessKeys"}
IamRootHardwareMfaIsEnabled, Periodic, Checks that the root account has a MFA device Enabled., CUSTOM_LAMBDA, ConfigurationSnapshotDeliveryCompleted, Global, One_Hour,{"configrule":"IamRootHardwareMfaIsEnabled"}
IamUsersMfaIsEnabled, Triggered, Checks that all IAM Users have a MFA device enabled., CUSTOM_LAMBDA, ConfigurationItemChangeNotification, AWS::IAM::User, One_Hour,{"configrule":"IamUsersMfaIsEnabled"}
IamPoliciesAttachedGroupsOnly, Triggered, Checks that all IAM Users do not have policies attached to them., CUSTOM_LAMBDA, ConfigurationItemChangeNotification, AWS::IAM::User, One_Hour,{"configrule":"IamPoliciesAttachedGroupsOnly"}
SecurityGroupsGlobalPort22, Triggered, Checks that all security groups adhere to rules per passed parameters., CUSTOM_LAMBDA, ConfigurationItemChangeNotification, AWS::EC2::SecurityGroup, One_Hour,{"configrule":"SecurityGroupsGlobalPort22"|"IpProtocol":"tcp"|"FromPort":22|"ToPort":22|"CidrIp":"0.0.0.0/0"}
SecurityGroupsGlobalPort3389, Triggered, Checks that all security groups adhere to rules per passed parameters., CUSTOM_LAMBDA, ConfigurationItemChangeNotification, AWS::EC2::SecurityGroup, One_Hour,{"configrule":"SecurityGroupsGlobalPort3389"|"IpProtocol":"tcp"|"FromPort":3389|"ToPort":3389|"CidrIp":"0.0.0.0/0"}
SecurityGroupsDefaultDisablesTraffic, Triggered, Checks that all default security groups have no rules., CUSTOM_LAMBDA, ConfigurationItemChangeNotification, AWS::EC2::SecurityGroup, One_Hour,{"configrule":"SecurityGroupsDefaultDisablesTraffic"}
VpcFlowLoggingIsEnabled, Triggered, Checks that all Vpc networks have flow logging enabled., CUSTOM_LAMBDA, ConfigurationItemChangeNotification, AWS::EC2::VPC, One_Hour,{"configrule":"VpcFlowLoggingIsEnabled"}