search

awslabs / aws-config-rules

[Node, Python, Java] Repository of sample Custom Rules for AWS Config.
http://aws.amazon.com/config/
Creative Commons Zero v1.0 Universal
1.58k stars 851 forks source link

Fix Operational-Best-Practices-for-BNM-RMiT.yaml #417

Closed vudox-amazon closed 8 months ago

vudox-amazon commented 8 months ago

1/ ALB_HTTP_DROP_INVALID_HEADER_ENABLED; removed as the rule is irrelevant to the security controls in RMiT 2/ CLOUD_TRAIL_ENCRYPTION_ENABLED; removed due to duplication with CLOUDTRAIL_SECURITY_TRAIL_ENABLED 3/ DYNAMODB_IN_BACKUP_PLAN; removed due to duplication with DYNAMODB_RESOURCES_PROTECTED_BY_BACKUP_PLAN 4/ EBS_IN_BACKUP_PLAN; removed due to duplication with EBS_RESOURCES_PROTECTED_BY_BACKUP_PLAN 5/ EFS_IN_BACKUP_PLAN; removed due to duplication with EFS_RESOURCES_PROTECTED_BY_BACKUP_PLAN 6/ ELASTICSEARCH_ENCRYPTED_AT_REST; removed due to the rule is only applicable to legacy ElasticSearch domains 7/ ELASTICSEARCH_IN_VPC_ONLY; removed due to the rule is only applicable to legacy ElasticSearch domains 8/ ELASTICSEARCH_LOGS_TO_CLOUDWATCH; removed due to the rule is only applicable to legacy ElasticSearch domains 9/ ELASTICSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK; removed due to the rule is only applicable to legacy ElasticSearch domains 10/ ELB_ACM_CERTIFICATE_REQUIRED; removed due to the rule is only applicable to Classic Load Balance resources 11/ ELB_CROSS_ZONE_LOAD_BALANCING_ENABLED; removed due to the rule is only applicable to Classic Load Balancer resources 12/ ELB_TLS_HTTPS_LISTENERS_ONLY; removed due to the rule is only applicable to Classic Load Balancer resources 13/ IAM_GROUP_HAS_USERS_CHECK; removed due to duplication with IAM_USER_GROUP_MEMBERSHIP_CHECK 14/ IAM_INLINE_POLICY_BLOCKED_KMS_ACTIONS; removed as IAM_NO_INLINE_POLICY_CHECK is more restrictive 15/ IAM_POLICY_NO_STATEMENTS_WITH_FULL_ACCESS; removed due to the rule could be too restrictive for some customers 16/ INCOMING_SSH_DISABLED; removed due to duplicate wirh VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS 17/ INSTANCES_IN_VPC; removed due to the rule is only applicable to EC2 Classic instances 18/ LAMBDA_DLQ_CHECK; removed as Lambda Destination is the preferred configuration 19/ MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS; removed due to duplication with IAM_USER_MFA_ENABLED 20/ MULTI_REGION_CLOUD_TRAIL_ENABLED; removed due to duplication with CLOUDTRAIL_SECURITY_TRAIL_ENABLED 21/ RDS_IN_BACKUP_PLAN; removed due to duplication with RDS_RESOURCES_PROTECTED_BY_BACKUP_PLAN 22/ RESTRICTED_INCOMING_TRAFFIC; removed due to duplicate wirh VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS 23/ S3_BUCKET_LEVEL_PUBLIC_ACCESS_PROHIBITED; removed due to duplication with S3_BUCKET_PUBLIC_READ_PROHIBITED and S3_BUCKET_PUBLIC_WRITE_PROHIBITED 24/ S3_BUCKET_REPLICATION_ENABLED; removed due to duplication with S3_RESOURCES_PROTECTED_BY_BACKUP_PLAN