AWS config documentation change
Summary
Removed 8 rules from proactive evaluation list and added 5 new rules to detective evaluation section
Security assessment
Adds documentation for security-focused rules (CloudFront key groups, ECS non-root/non-admin) while reorganizing evaluation modes. Enhances security documentation without evidence of vulnerability remediation.
Diff
diff --git a/config/latest/developerguide/managed-rules-by-evaluation-mode.md b/config/latest/developerguide/managed-rules-by-evaluation-mode.md index fce83bdd0..9b7261ec2 100644 --- a//config/latest/developerguide/managed-rules-by-evaluation-mode.md +++ b//config/latest/developerguide/managed-rules-by-evaluation-mode.md @@ -19,2 +18,0 @@ Proactive rules do not remediate resources that are flagged as NON_COMPLIANT or - * [ec2-instance-multiple-eni-check](./ec2-instance-multiple-eni-check.html) - @@ -23,14 +20,0 @@ Proactive rules do not remediate resources that are flagged as NON_COMPLIANT or - * [lambda-function-settings-check](./lambda-function-settings-check.html) - - * [lambda-inside-vpc](./lambda-inside-vpc.html) - - * [rds-enhanced-monitoring-enabled](./rds-enhanced-monitoring-enabled.html) - - * [rds-storage-encrypted](./rds-storage-encrypted.html) - - * [redshift-cluster-maintenancesettings-check](./redshift-cluster-maintenancesettings-check.html) - - * [s3-bucket-logging-enabled](./s3-bucket-logging-enabled.html) - - * [sns-encrypted-kms](./sns-encrypted-kms.html) - @@ -301,0 +286,2 @@ Currently, all AWS Config rules support detective evaluation. + * [cloudformation-stack-service-role-check](./cloudformation-stack-service-role-check.html) + @@ -311,0 +298,2 @@ Currently, all AWS Config rules support detective evaluation. + * [cloudfront-distribution-key-group-enabled](./cloudfront-distribution-key-group-enabled.html) + @@ -639,0 +628,2 @@ Currently, all AWS Config rules support detective evaluation. + * [ecs-capacity-provider-termination-check](./ecs-capacity-provider-termination-check.html) + @@ -651,0 +642,2 @@ Currently, all AWS Config rules support detective evaluation. + * [ecs-task-definition-linux-user-non-root](./ecs-task-definition-linux-user-non-root.html) + @@ -663,0 +656,2 @@ Currently, all AWS Config rules support detective evaluation. + * [ecs-task-definition-windows-user-non-admin](./ecs-task-definition-windows-user-non-admin.html) +