AWS config documentation change
Summary
Added multiple new AWS Config managed rules related to resource tagging, HTTPS enforcement, access control checks, and service-specific compliance controls
Security assessment
Added rules like 'datasync-location-object-storage-using-https' enforce secure data transfer, 'elb-internal-scheme-check' validates network security configurations, and 'sqs-queue-policy-full-access-check' addresses permission hardening. While these enhance security documentation, there's no evidence they address specific disclosed vulnerabilities.
Diff
diff --git a/config/latest/developerguide/managed-rules-by-evaluation-mode.md b/config/latest/developerguide/managed-rules-by-evaluation-mode.md index 92936dfa5..909b0c9ee 100644 --- a//config/latest/developerguide/managed-rules-by-evaluation-mode.md +++ b//config/latest/developerguide/managed-rules-by-evaluation-mode.md @@ -87,0 +88,2 @@ Currently, all AWS Config rules support detective evaluation. + * [alb-tagged](./alb-tagged.html) + @@ -111,0 +114,2 @@ Currently, all AWS Config rules support detective evaluation. + * [api-gw-rest-api-tagged](./api-gw-rest-api-tagged.html) + @@ -113,0 +118,2 @@ Currently, all AWS Config rules support detective evaluation. + * [api-gw-stage-tagged](./api-gw-stage-tagged.html) + @@ -193,0 +200,2 @@ Currently, all AWS Config rules support detective evaluation. + * [appsync-graphql-api-xray-enabled](./appsync-graphql-api-xray-enabled.html) + @@ -287,0 +296,2 @@ Currently, all AWS Config rules support detective evaluation. + * [cloudfront-origin-lambda-url-oac-enabled](./cloudfront-origin-lambda-url-oac-enabled.html) + @@ -323,0 +334,2 @@ Currently, all AWS Config rules support detective evaluation. + * [cloudwatch-metric-stream-tagged](./cloudwatch-metric-stream-tagged.html) + @@ -347,0 +360,2 @@ Currently, all AWS Config rules support detective evaluation. + * [codebuild-report-group-tagged](./codebuild-report-group-tagged.html) + @@ -383,0 +398,2 @@ Currently, all AWS Config rules support detective evaluation. + * [datasync-location-object-storage-using-https](./datasync-location-object-storage-using-https.html) + @@ -565,0 +582,2 @@ Currently, all AWS Config rules support detective evaluation. + * [ec2-vpn-connection-tagged](./ec2-vpn-connection-tagged.html) + @@ -577,0 +596,2 @@ Currently, all AWS Config rules support detective evaluation. + * [ecs-capacity-provider-tagged](./ecs-capacity-provider-tagged.html) + @@ -609,0 +630,2 @@ Currently, all AWS Config rules support detective evaluation. + * [efs-file-system-tagged](./efs-file-system-tagged.html) + @@ -623,0 +646,2 @@ Currently, all AWS Config rules support detective evaluation. + * [eks-addon-tagged](./eks-addon-tagged.html) + @@ -691,0 +716,2 @@ Currently, all AWS Config rules support detective evaluation. + * [elb-internal-scheme-check](./elb-internal-scheme-check.html) + @@ -695,0 +722,2 @@ Currently, all AWS Config rules support detective evaluation. + * [elb-tagged](./elb-tagged.html) + @@ -761,0 +790,2 @@ Currently, all AWS Config rules support detective evaluation. + * [glb-tagged](./glb-tagged.html) + @@ -845,0 +876,2 @@ Currently, all AWS Config rules support detective evaluation. + * [iotdevicedefender-custom-metric-tagged](./iotdevicedefender-custom-metric-tagged.html) + @@ -879,0 +912,2 @@ Currently, all AWS Config rules support detective evaluation. + * [iot-job-template-tagged](./iot-job-template-tagged.html) + @@ -897,0 +932,2 @@ Currently, all AWS Config rules support detective evaluation. + * [kms-key-tagged](./kms-key-tagged.html) + @@ -947,0 +984,2 @@ Currently, all AWS Config rules support detective evaluation. + * [msk-cluster-tagged](./msk-cluster-tagged.html) + @@ -1001,0 +1040,2 @@ Currently, all AWS Config rules support detective evaluation. + * [nlb-tagged](./nlb-tagged.html) + @@ -1047,0 +1088,2 @@ Currently, all AWS Config rules support detective evaluation. + * [rds-event-subscription-tagged](./rds-event-subscription-tagged.html) + @@ -1071,0 +1114,2 @@ Currently, all AWS Config rules support detective evaluation. + * [rds-option-group-tagged](./rds-option-group-tagged.html) + @@ -1139,0 +1184,4 @@ Currently, all AWS Config rules support detective evaluation. + * [route53-health-check-tagged](./route53-health-check-tagged.html) + + * [route53-hosted-zone-tagged](./route53-hosted-zone-tagged.html) + @@ -1243,0 +1292,2 @@ Currently, all AWS Config rules support detective evaluation. + * [service-catalog-portfolio-tagged](./service-catalog-portfolio-tagged.html) + @@ -1259,0 +1310,2 @@ Currently, all AWS Config rules support detective evaluation. + * [sqs-queue-dlq-check](./sqs-queue-dlq-check.html) + @@ -1261,0 +1314,2 @@ Currently, all AWS Config rules support detective evaluation. + * [sqs-queue-policy-full-access-check](./sqs-queue-policy-full-access-check.html) + @@ -1269,0 +1324,2 @@ Currently, all AWS Config rules support detective evaluation. + * [stepfunctions-state-machine-tagged](./stepfunctions-state-machine-tagged.html) + @@ -1343,0 +1400,2 @@ Currently, all AWS Config rules support detective evaluation. + * [workspaces-connection-alias-tagged](./workspaces-connection-alias-tagged.html) + @@ -1347,0 +1406,2 @@ Currently, all AWS Config rules support detective evaluation. + * [workspaces-workspace-tagged](./workspaces-workspace-tagged.html) + @@ -1357 +1417 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please -workspaces-user-volume-encryption-enabled +workspaces-workspace-tagged