AWS config documentation change
Summary
Mirrored additions of new managed rules from the primary list, including security-focused rules for various AWS services
Security assessment
Added the same security-related rules as the main documentation file (e.g., 'nlb-logging-enabled', 'redshift-audit-logging-enabled'). This appears to be routine documentation expansion rather than response to specific security issues.
Diff
diff --git a/config/latest/developerguide/managed-rules-by-evaluation-mode.md b/config/latest/developerguide/managed-rules-by-evaluation-mode.md index b6774b6e9..ab1df9a90 100644 --- a/config/latest/developerguide/managed-rules-by-evaluation-mode.md +++ b/config/latest/developerguide/managed-rules-by-evaluation-mode.md @@ -85,0 +86,2 @@ Currently, all AWS Config rules support detective evaluation. + * [alb-listener-tagged](./alb-listener-tagged.html) + @@ -403,0 +406,2 @@ Currently, all AWS Config rules support detective evaluation. + * [dms-endpoint-tagged](./dms-endpoint-tagged.html) + @@ -413,0 +418,2 @@ Currently, all AWS Config rules support detective evaluation. + * [dms-replication-task-tagged](./dms-replication-task-tagged.html) + @@ -461,0 +468,4 @@ Currently, all AWS Config rules support detective evaluation. + * [ec2-capacity-reservation-tagged](./ec2-capacity-reservation-tagged.html) + + * [ec2-carrier-gateway-tagged](./ec2-carrier-gateway-tagged.html) + @@ -463,0 +474,2 @@ Currently, all AWS Config rules support detective evaluation. + * [ec2-client-vpn-endpoint-tagged](./ec2-client-vpn-endpoint-tagged.html) + @@ -465,0 +478,2 @@ Currently, all AWS Config rules support detective evaluation. + * [ec2-dhcp-options-tagged](./ec2-dhcp-options-tagged.html) + @@ -467,0 +482,2 @@ Currently, all AWS Config rules support detective evaluation. + * [ec2-fleet-tagged](./ec2-fleet-tagged.html) + @@ -503,0 +520,6 @@ Currently, all AWS Config rules support detective evaluation. + * [ec2-network-insights-access-scope-analysis-tagged](./ec2-network-insights-access-scope-analysis-tagged.html) + + * [ec2-network-insights-access-scope-tagged](./ec2-network-insights-access-scope-tagged.html) + + * [ec2-network-insights-path-tagged](./ec2-network-insights-path-tagged.html) + @@ -517,0 +540,2 @@ Currently, all AWS Config rules support detective evaluation. + * [ec2-spot-fleet-request-ct-encryption-at-rest](./ec2-spot-fleet-request-ct-encryption-at-rest.html) + @@ -535,0 +560,2 @@ Currently, all AWS Config rules support detective evaluation. + * [ec2-transit-gateway-multicast-domain-tagged](./ec2-transit-gateway-multicast-domain-tagged.html) + @@ -565,0 +592,2 @@ Currently, all AWS Config rules support detective evaluation. + * [ecs-task-definition-network-mode-not-host](./ecs-task-definition-network-mode-not-host.html) + @@ -679,0 +708,2 @@ Currently, all AWS Config rules support detective evaluation. + * [event-data-store-cmk-encryption-enabled](./event-data-store-cmk-encryption-enabled.html) + @@ -729,0 +760,4 @@ Currently, all AWS Config rules support detective evaluation. + * [fsx-windows-deployment-type-check](./fsx-windows-deployment-type-check.html) + + * [glb-listener-tagged](./glb-listener-tagged.html) + @@ -769,0 +804,2 @@ Currently, all AWS Config rules support detective evaluation. + * [iam-oidc-provider-tagged](./iam-oidc-provider-tagged.html) + @@ -783,0 +820,2 @@ Currently, all AWS Config rules support detective evaluation. + * [iam-saml-provider-tagged](./iam-saml-provider-tagged.html) + @@ -785,0 +824,2 @@ Currently, all AWS Config rules support detective evaluation. + * [iam-server-certificate-tagged](./iam-server-certificate-tagged.html) + @@ -871,0 +912,4 @@ Currently, all AWS Config rules support detective evaluation. + * [lightsail-bucket-tagged](./lightsail-bucket-tagged.html) + + * [lightsail-certificate-tagged](./lightsail-certificate-tagged.html) + @@ -943,0 +988,2 @@ Currently, all AWS Config rules support detective evaluation. + * [nlb-cross-zone-load-balancing-enabled](./nlb-cross-zone-load-balancing-enabled.html) + @@ -945,0 +992,4 @@ Currently, all AWS Config rules support detective evaluation. + * [nlb-listener-tagged](./nlb-listener-tagged.html) + + * [nlb-logging-enabled](./nlb-logging-enabled.html) + @@ -999,0 +1050,2 @@ Currently, all AWS Config rules support detective evaluation. + * [rds-instance-subnet-igw-check](./rds-instance-subnet-igw-check.html) + @@ -1017,0 +1070,2 @@ Currently, all AWS Config rules support detective evaluation. + * [rds-proxy-tls-encryption](./rds-proxy-tls-encryption.html) + @@ -1029,0 +1084,2 @@ Currently, all AWS Config rules support detective evaluation. + * [redshift-audit-logging-enabled](./redshift-audit-logging-enabled.html) + @@ -1051,0 +1108,8 @@ Currently, all AWS Config rules support detective evaluation. + * [redshift-serverless-namespace-cmk-encryption](./redshift-serverless-namespace-cmk-encryption.html) + + * [redshift-serverless-publish-logs-to-cloudwatch](./redshift-serverless-publish-logs-to-cloudwatch.html) + + * [redshift-serverless-workgroup-encrypted-in-transit](./redshift-serverless-workgroup-encrypted-in-transit.html) + + * [redshift-serverless-workgroup-no-public-access](./redshift-serverless-workgroup-no-public-access.html) + @@ -1109,0 +1174,2 @@ Currently, all AWS Config rules support detective evaluation. + * [s3-lifecycle-policy-check](./s3-lifecycle-policy-check.html) +