AWS Security ChangesHomeSearch

AWS config documentation change

Service: config · 2025-08-16 · Documentation low

File: config/latest/developerguide/managed-rules-by-evaluation-mode.md

Summary

Added multiple new AWS Config managed rules related to resource tagging, HTTPS enforcement, access control checks, and service-specific compliance controls

Security assessment

Added rules like 'datasync-location-object-storage-using-https' enforce secure data transfer, 'elb-internal-scheme-check' validates network security configurations, and 'sqs-queue-policy-full-access-check' addresses permission hardening. While these enhance security documentation, there's no evidence they address specific disclosed vulnerabilities.

Diff

diff --git a/config/latest/developerguide/managed-rules-by-evaluation-mode.md b/config/latest/developerguide/managed-rules-by-evaluation-mode.md
index 92936dfa5..909b0c9ee 100644
--- a//config/latest/developerguide/managed-rules-by-evaluation-mode.md
+++ b//config/latest/developerguide/managed-rules-by-evaluation-mode.md
@@ -87,0 +88,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [alb-tagged](./alb-tagged.html)
+
@@ -111,0 +114,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [api-gw-rest-api-tagged](./api-gw-rest-api-tagged.html)
+
@@ -113,0 +118,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [api-gw-stage-tagged](./api-gw-stage-tagged.html)
+
@@ -193,0 +200,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [appsync-graphql-api-xray-enabled](./appsync-graphql-api-xray-enabled.html)
+
@@ -287,0 +296,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [cloudfront-origin-lambda-url-oac-enabled](./cloudfront-origin-lambda-url-oac-enabled.html)
+
@@ -323,0 +334,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [cloudwatch-metric-stream-tagged](./cloudwatch-metric-stream-tagged.html)
+
@@ -347,0 +360,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [codebuild-report-group-tagged](./codebuild-report-group-tagged.html)
+
@@ -383,0 +398,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [datasync-location-object-storage-using-https](./datasync-location-object-storage-using-https.html)
+
@@ -565,0 +582,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [ec2-vpn-connection-tagged](./ec2-vpn-connection-tagged.html)
+
@@ -577,0 +596,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [ecs-capacity-provider-tagged](./ecs-capacity-provider-tagged.html)
+
@@ -609,0 +630,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [efs-file-system-tagged](./efs-file-system-tagged.html)
+
@@ -623,0 +646,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [eks-addon-tagged](./eks-addon-tagged.html)
+
@@ -691,0 +716,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [elb-internal-scheme-check](./elb-internal-scheme-check.html)
+
@@ -695,0 +722,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [elb-tagged](./elb-tagged.html)
+
@@ -761,0 +790,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [glb-tagged](./glb-tagged.html)
+
@@ -845,0 +876,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [iotdevicedefender-custom-metric-tagged](./iotdevicedefender-custom-metric-tagged.html)
+
@@ -879,0 +912,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [iot-job-template-tagged](./iot-job-template-tagged.html)
+
@@ -897,0 +932,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [kms-key-tagged](./kms-key-tagged.html)
+
@@ -947,0 +984,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [msk-cluster-tagged](./msk-cluster-tagged.html)
+
@@ -1001,0 +1040,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [nlb-tagged](./nlb-tagged.html)
+
@@ -1047,0 +1088,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [rds-event-subscription-tagged](./rds-event-subscription-tagged.html)
+
@@ -1071,0 +1114,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [rds-option-group-tagged](./rds-option-group-tagged.html)
+
@@ -1139,0 +1184,4 @@ Currently, all AWS Config rules support detective evaluation.
+  * [route53-health-check-tagged](./route53-health-check-tagged.html)
+
+  * [route53-hosted-zone-tagged](./route53-hosted-zone-tagged.html)
+
@@ -1243,0 +1292,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [service-catalog-portfolio-tagged](./service-catalog-portfolio-tagged.html)
+
@@ -1259,0 +1310,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [sqs-queue-dlq-check](./sqs-queue-dlq-check.html)
+
@@ -1261,0 +1314,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [sqs-queue-policy-full-access-check](./sqs-queue-policy-full-access-check.html)
+
@@ -1269,0 +1324,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [stepfunctions-state-machine-tagged](./stepfunctions-state-machine-tagged.html)
+
@@ -1343,0 +1400,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [workspaces-connection-alias-tagged](./workspaces-connection-alias-tagged.html)
+
@@ -1347,0 +1406,2 @@ Currently, all AWS Config rules support detective evaluation.
+  * [workspaces-workspace-tagged](./workspaces-workspace-tagged.html)
+
@@ -1357 +1417 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please
-workspaces-user-volume-encryption-enabled
+workspaces-workspace-tagged