检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Rule Logic If no authentication is set for a dedicated API gateway, this API gateway is non-compliant. If an authentication method is set for a dedicated API gateway, this API gateway is compliant. Parent topic: API Gateway
Error Codes If an error code starting with APIGW is returned after you call an API, rectify the fault by referring to the instructions provided in API Gateway Error Codes.
Tag vpnaas Trigger Type Configuration change Filter Type vpnaas.vpnConnections, vpnaas.ipsec-site-connections Rule Parameters None Application Scenarios After a VPN gateway is created, you need to create a VPN connection to ensure network connectivity.
An EIP can be bound to or unbound from resources such as ECSs, BMSs, virtual IP addresses, ELBs, and NAT gateways. If the bandwidth of an EIP is too small, services may be interrupted. Solution Modify an EIP bandwidth.
If your services require public network access, use other solutions, such as load balancers, NAT gateways, and VPNs, to meet service requirements while reducing costs and risks. Rule Logic If an ECS has an EIP attached, this ECS is non-compliant.
An EIP can be bound to or unbound from resources such as ECSs, BMSs, virtual IP addresses, ELBs, and NAT gateways. Idle EIPs may cause the following problems: Unnecessary expenses: Idle EIPs are still billed, causing increased expenses.
An EIP can be bound to or unbound from resources such as ECSs, BMSs, virtual IP addresses, ELBs, and NAT gateways. Idle EIPs may cause the following problems: Unnecessary expenses: Idle EIPs are still billed, causing increased expenses.
The service is unavailable. 504 Gateway Timeout A gateway timeout error occurred. Parent Topic: Appendixes
If not, the VPCs are considered non-compliant. 8.5 apig-instances-execution-logging-enabled apig If logging is not enabled for a dedicated APIG gateway, this gateway is considered non-compliant. 8.5 cts-lts-enable cts If a CTS tracker does not have trace transfer to LTS enabled, this
Table 1 Conformance package description Rule Identifier Cloud Service Description alarm-action-enabled-check ces If an alarm rule is not enabled, this rule is noncompliant. apig-instances-execution-logging-enabled apig If logging is not enabled for a dedicated APIG gateway, this gateway
are in. 1.2 vpc-sg-restricted-ssh You can configure security groups to only allow traffic from some IPs to access the SSH port 22 of ECSs to ensure secure remote access to ECSs. 1.2 smn-lts-enable Enable LTS for SMN topics. 1.4 private-nat-gateway-authorized-vpc-only Use private NAT
Table 1 Conformance package description Rule Identifier Cloud Service Description apig-instances-execution-logging-enabled apig If logging is not enabled for a dedicated APIG gateway, this gateway is considered non-compliant. as-group-elb-healthcheck-required as If an AS group is
Table 1 Conformance package description Rule Cloud Service Description apig-instances-ssl-enabled apig If no SSL certificates are attached to a dedicated APIG gateway, this gateway is considered noncompliant. cdn-enable-https-certificate cdn If a domain does not have an HTTPS certificate
this gateway is considered non-compliant. apig-instances-ssl-enabled apig If no SSL certificates are attached to an APIG gateway, this gateway is considered noncompliant. cts-lts-enable cts If a CTS tracker does not have trace transfer to LTS enabled, this tracker is noncompliant
this gateway is considered non-compliant. apig-instances-ssl-enabled apig If no SSL certificates are attached to a dedicated APIG gateway, this gateway is considered noncompliant. as-group-elb-healthcheck-required as If an AS group does not have health check enabled, this AS group
period, this CA is noncompliant. pca-certificate-expiration-check pca If the validity period of a private certificate is not within the specified range, this certificate is noncompliant. apig-instances-execution-logging-enabled apig If logging is not enabled for a dedicated APIG gateway
Security Conformance Package for Landing Zone Architecture Security Best Practices Best Practices for Network and Content Delivery Service Operations Best Practices for Idle Asset Management Multi-AZ Deployment Best Practices Resource Stability Best Practices Best Practices for API Gateway
Security Conformance Package for Landing Zone Architecture Security Best Practices Best Practices for Network and Content Delivery Service Operations Best Practices for Idle Asset Management Multi-AZ Deployment Best Practices Resource Stability Best Practices Best Practices for API Gateway
confidentiality. vpc-flow-logs-enabled Use VPC flow logs to obtain VPC traffic information. 2.8.1 AIs should ensure that appropriate up-to-date records are maintained in their premises and kept available for inspection by the HKMA. apig-instances-execution-logging-enabled Use API gateway
This includes ensuring that any third parties working on behalf of the SME have appropriate security measures in place. private-nat-gateway-authorized-vpc-only Use private NAT gateways to control VPC connections. 1_DEVELOP GOOD CYBERSECURITY CULTURE: REMEMBER DATA PROTECTION Under
