检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
If the VPC of a private NAT gateway belongs is one of the specified VPCs, the private NAT gateway is compliant. Parent topic: NAT Gateway
Parent topic: API Gateway
Rule Logic If logging is not enabled for a dedicated API gateway, this instance is non-compliant. If logging is enabled for a dedicated API gateway, this instance is compliant. Parent topic: API Gateway
If all domain names of a dedicated API gateway instance support HTTPS, and SSL certificates are added to all domain names, this instance is compliant. Parent topic: API Gateway
Parent topic: API Gateway
If a private NAT gateway is not in a specified VPC, this gateway is noncompliant. rds-instance-enable-backup rds If backup is not enabled for an RDS instance, this instance is noncompliant. rds-instance-multi-az-support rds If an RDS instance does not support multi-AZ deployment,
If a private NAT gateway is not in a specified VPC, this gateway is noncompliant. vpc-sg-restricted-common-ports vpc If a security group allows all IPv4 and IPv6 traffic (with the source address set to 0.0.0.0/0 or ::/0) to the specified ports, this security group is noncompliant
If a private NAT gateway is not in a specified VPC, this gateway is noncompliant. rds-instance-multi-az-support rds If an RDS instance does not support multi-AZ deployment, this RDS instance is noncompliant. rds-instance-no-public-ip rds If an RDS instance has an EIP attached, this
NAT Gateway Private NAT Gateways Are in Specified VPCs Parent topic: Built-In Policies
If the function needs to access the public network, you can configure a public NAT gateway in the VPC and bind an EIP to the NAT gateway. For details, see Configuring the Network.
If a private NAT gateway is not in a specified VPC, this gateway is noncompliant. rds-instance-enable-backup rds If backup is not enabled for an RDS instance, this instance is noncompliant. rds-instance-multi-az-support rds If an RDS instance does not support multi-AZ deployment,
Parent topic: API Gateway
Gateway Public NAT Gateways (nat.natGateways) Private NAT Gateways (nat.privateNatGateways) Cloud Backup and Recovery (CBR) Vaults (cbr.vault) Data Encryption Workshop (DEW) keys (kms.keys) Cloud Container Engine (CCE) Clusters (cce.clusters) GaussDB Instances (gaussdb.instances)
If a private NAT gateway is not in a specified VPC, this gateway is noncompliant. rds-instance-multi-az-support rds If an RDS instance does not support multi-AZ deployment, this RDS instance is noncompliant. rds-instance-no-public-ip rds If an RDS instance has an EIP attached, this
Gateway Public NAT gateway EVS Volume Contains Cloud Backup and Recovery Vaults isAttachedTo ECS Cloud server BMS Cloud server Cloud Backup and Recovery Vaults HECS HECS IMS Image isAssociatedWith ECS Cloud server BMS Cloud server HECS HECS NAT Gateway Public NAT gateway isAttachedTo
Gateway Private NAT Gateways Are in Specified VPCs Configuration change nat.privateNatGateways VPC Endpoint (VPCEP) VPC Endpoint Check for Specified Services Periodic Account Web Application Firewall (WAF) Protection Policies Must Be Configured for Domain Names Protected with WAF
Built-In Policies Predefined Policy List General Policies API Gateway CodeArts Deploy MapReduce Service NAT Gateway VPC Endpoint Web Application Firewall Elastic Load Balance Elastic IP Auto Scaling Scalable File Service Turbo (SFS Turbo) Elastic Cloud Server Distributed Cache Service
API Gateway Dedicated API Gateways Have an Authorization Type Set Dedicated API Gateways Have Logging Enabled Dedicated API Gateways Use SSL Certificates Dedicated API Gateway Bound to a Specified VPC Dedicated API Gateway Deployed in Multiple AZs EIP Bound to a Dedicated API Gateway
If logging is not enabled for a dedicated APIG gateway, this gateway is considered non-compliant. apig-instances-ssl-enabled apig If no SSL certificates are attached to a dedicated APIG gateway, this gateway is considered noncompliant.
In production scenarios that require high bandwidth, performance, and reliability, enable VPC access for your function, add a public NAT gateway, and bind an EIP with an exclusive bandwidth to it. For details, see Configuring the Network.
