AWS Security ChangesHomeSearch

AWS config documentation change

Service: config · 2025-03-23 · Documentation low

File: config/latest/developerguide/managed-rules-by-evaluation-mode.md

Summary

Mirrored additions of new managed rules from the primary list, including security-focused rules for various AWS services

Security assessment

Added the same security-related rules as the main documentation file (e.g., 'nlb-logging-enabled', 'redshift-audit-logging-enabled'). This appears to be routine documentation expansion rather than response to specific security issues.

Diff

diff --git a/config/latest/developerguide/managed-rules-by-evaluation-mode.md b/config/latest/developerguide/managed-rules-by-evaluation-mode.md
index b6774b6e9..ab1df9a90 100644
--- a/config/latest/developerguide/managed-rules-by-evaluation-mode.md
+++ b/config/latest/developerguide/managed-rules-by-evaluation-mode.md
@@ -85,0 +86,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [alb-listener-tagged](./alb-listener-tagged.html)
+
@@ -403,0 +406,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [dms-endpoint-tagged](./dms-endpoint-tagged.html)
+
@@ -413,0 +418,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [dms-replication-task-tagged](./dms-replication-task-tagged.html)
+
@@ -461,0 +468,4 @@ Currently, all AWS Config rules support detective evaluation.
+  * [ec2-capacity-reservation-tagged](./ec2-capacity-reservation-tagged.html)
+
+  * [ec2-carrier-gateway-tagged](./ec2-carrier-gateway-tagged.html)
+
@@ -463,0 +474,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [ec2-client-vpn-endpoint-tagged](./ec2-client-vpn-endpoint-tagged.html)
+
@@ -465,0 +478,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [ec2-dhcp-options-tagged](./ec2-dhcp-options-tagged.html)
+
@@ -467,0 +482,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [ec2-fleet-tagged](./ec2-fleet-tagged.html)
+
@@ -503,0 +520,6 @@ Currently, all AWS Config rules support detective evaluation.
+  * [ec2-network-insights-access-scope-analysis-tagged](./ec2-network-insights-access-scope-analysis-tagged.html)
+
+  * [ec2-network-insights-access-scope-tagged](./ec2-network-insights-access-scope-tagged.html)
+
+  * [ec2-network-insights-path-tagged](./ec2-network-insights-path-tagged.html)
+
@@ -517,0 +540,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [ec2-spot-fleet-request-ct-encryption-at-rest](./ec2-spot-fleet-request-ct-encryption-at-rest.html)
+
@@ -535,0 +560,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [ec2-transit-gateway-multicast-domain-tagged](./ec2-transit-gateway-multicast-domain-tagged.html)
+
@@ -565,0 +592,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [ecs-task-definition-network-mode-not-host](./ecs-task-definition-network-mode-not-host.html)
+
@@ -679,0 +708,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [event-data-store-cmk-encryption-enabled](./event-data-store-cmk-encryption-enabled.html)
+
@@ -729,0 +760,4 @@ Currently, all AWS Config rules support detective evaluation.
+  * [fsx-windows-deployment-type-check](./fsx-windows-deployment-type-check.html)
+
+  * [glb-listener-tagged](./glb-listener-tagged.html)
+
@@ -769,0 +804,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [iam-oidc-provider-tagged](./iam-oidc-provider-tagged.html)
+
@@ -783,0 +820,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [iam-saml-provider-tagged](./iam-saml-provider-tagged.html)
+
@@ -785,0 +824,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [iam-server-certificate-tagged](./iam-server-certificate-tagged.html)
+
@@ -871,0 +912,4 @@ Currently, all AWS Config rules support detective evaluation.
+  * [lightsail-bucket-tagged](./lightsail-bucket-tagged.html)
+
+  * [lightsail-certificate-tagged](./lightsail-certificate-tagged.html)
+
@@ -943,0 +988,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [nlb-cross-zone-load-balancing-enabled](./nlb-cross-zone-load-balancing-enabled.html)
+
@@ -945,0 +992,4 @@ Currently, all AWS Config rules support detective evaluation.
+  * [nlb-listener-tagged](./nlb-listener-tagged.html)
+
+  * [nlb-logging-enabled](./nlb-logging-enabled.html)
+
@@ -999,0 +1050,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [rds-instance-subnet-igw-check](./rds-instance-subnet-igw-check.html)
+
@@ -1017,0 +1070,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [rds-proxy-tls-encryption](./rds-proxy-tls-encryption.html)
+
@@ -1029,0 +1084,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [redshift-audit-logging-enabled](./redshift-audit-logging-enabled.html)
+
@@ -1051,0 +1108,8 @@ Currently, all AWS Config rules support detective evaluation.
+  * [redshift-serverless-namespace-cmk-encryption](./redshift-serverless-namespace-cmk-encryption.html)
+
+  * [redshift-serverless-publish-logs-to-cloudwatch](./redshift-serverless-publish-logs-to-cloudwatch.html)
+
+  * [redshift-serverless-workgroup-encrypted-in-transit](./redshift-serverless-workgroup-encrypted-in-transit.html)
+
+  * [redshift-serverless-workgroup-no-public-access](./redshift-serverless-workgroup-no-public-access.html)
+
@@ -1109,0 +1174,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [s3-lifecycle-policy-check](./s3-lifecycle-policy-check.html)
+