Service Control Policies
Config Rules
Auto Remediation Rules
Conformance Packs
Amazon GuardDuty
Amazon Inspector
AWS Security Hub
AWS Network Firewall
Route53 Resolver Security
Amazon Macie
S3 Bucket Policies
CloudWatch Alarms and Event Rules
AWS WAF
AWS Secrets Manager
AWS Systems Manager
Security Groups & NACLs
AWS KMS
AWS SSO
IAM Policies
VPC Endpoint Policies
CloudFormation Guard Rules
Load Balancers
RDS Event Subscriptions
AWS Resource Access Manager (RAM)A collection of AWS Security controls for AWS Load Balancers. Controls include configuration to create Application Load Balancers (ALB) and Network Load Balancers (NLB). Configuration templates are available in AWS CloudFormation, AWS CLI and Terraform
Configuration to create an Application Load Balancer (ALB), target groups and listeners in an AWS VPC to load balance incoming traffic to targets such as EC2 instances or Lambda functions. The ALB also includes health checks to ensure the state of the targets before forwarding traffic.
Configuration to create a Network Load Balancer (NLB), target groups and listeners in an AWS VPC to load balance incoming traffic to targets such as EC2 instances or ALBs. The NLB also includes health checks to ensure the state of the targets before forwarding traffic.
Configuration for an Auto Scaling Group which creates a logical grouping of EC2 instances, and enables you to use features such as health check replacements and scaling policies. Auto scaling groups also maintain the number of EC2 instances within the defined limits.
Checks whether the Classic Load Balancers use SSL certificates provided by AWS Certificate Manager. To use this rule, use an SSL or HTTPS listener with your Classic Load Balancer. This rule is only applicable to Classic Load Balancers. This rule does not check Application Load Balancers and Network Load Balancers.
Checks whether your Classic Load Balancer SSL listeners are using a custom policy. The rule is only applicable if there are SSL listeners for the Classic Load Balancer.
Checks whether your Classic Load Balancer SSL listeners are using a predefined policy. The rule is only applicable if there are SSL listeners for the Classic Load Balancer.
A Config rule that checks whether the Application Load Balancers and the Classic Load Balancers have logging enabled. The rule is NON_COMPLIANT if the the access_logs.s3.enabled is true and access_logs.S3.bucket is equal to the s3BucketName that you provided.
A Config rule that checks whether your Classic Load Balancer is configured with SSL or HTTPS listeners. The rule is applicable if a Classic Load Balancer has listeners.
A Config rule that checks if cross-zone load balancing is enabled for the Classic Load Balancers (CLBs). This rule is NON_COMPLIANT if cross-zone load balancing is not enabled for a CLB.
A Config rule that checks whether your Auto Scaling groups that are associated with a load balancer are using Elastic Load Balancing health checks.
A Config rule that checks whether Elastic Load Balancing has deletion protection enabled. The rule is NON_COMPLIANT if deletion_protection.enabled is false
A Config rule that checks if Application Load Balancers and Network Load Balancers have listeners that are configured to use certificates from AWS Certificate Manager (ACM). This rule is NON_COMPLIANT if at least 1 load balancer has at least 1 listener that is configured without a certificate from ACM or is configured with a certificate different from an ACM certificate.
A Config rule that checks if an Elastic Load Balancer V2 (Application, Network, or Gateway Load Balancer) has registered instances from multiple Availability Zones (AZs). The rule is NON_COMPLIANT if an Elastic Load Balancer V2 has instances registered in less than 2 AZs.
