检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
RDS Instances Are in the Specified VPC Rule Details Table 1 Rule details Parameter Description Rule Name rds-instances-in-vpc Identifier rds-instances-in-vpc Description If an RDS instance is not in the specified VPC, this instance is noncompliant. Tag rds Trigger Type Configuration
GaussDB Instances Are in the Specified VPC Rule Details Table 1 Rule details Parameter Description Rule Name gaussdb-instance-in-vpc Identifier gaussdb-instance-in-vpc Description If a GaussDB instance is not in the specified VPC, this instance is noncompliant. Tag gaussdb Trigger
Functions Are in the Specified VPC Rule Details Table 1 Rule details Parameter Description Rule Name function-graph-inside-vpc Identifier function-graph-inside-vpc Description If a function is not in the specified VPC, this function is noncompliant. Tag fgs Trigger Type Configuration
DDS Instances Are in the Specified VPC Rule Details Table 1 Rule details Parameter Description Rule Name dds-instance-in-vpc Identifier dds-instance-in-vpc Description If a DDS MongoDB instance is not in the specified VPC, this instance is noncompliant. Tag dds Trigger Type Configuration
When creating a VPC, you can configure security groups, VPN, IP address segments, and bandwidth. This facilitates internal network management and configuring, allowing you to change network configurations in a secure, convenient manner.
VPC Endpoint Check for Specified Services Rule Details Table 1 Rule details Parameter Description Rule Name vpcep-endpoint-enabled Identifier vpcep-endpoint-enabled Description If there are no VPC endpoints for a specified service, this rule is noncompliant. Tag vpcep Trigger Type
VPC Check Rule Details Table 1 Rule details Parameter Description Rule Name gaussdb-mysql-instance-in-vpc Identifier gaussdb-mysql-instance-in-vpc Description If a TaurusDB instance is not in any of the specified VPCs, this instance is noncompliant. Tag taurusdb Trigger Type Configuration
vpc-flow-logs-enabled vpc If a VPC does not have the flow log enabled, this VPC is noncompliant. vpc-sg-ports-check vpc If a security group has the source address set to 0.0.0.0/0 or ::/0 and opens all TCP/UDP ports, this security group is noncompliant. vpn-connections-active vpnaas If a VPN
group allows all IPv4 addresses (0.0.0.0/0) to access a specified port, this security group is noncompliant. vpc-sg-restricted-ssh vpc If the source address is set to 0.0.0.0/0 and the TCP port 22 is opened, this security group is non-compliant. vpn-connections-active vpnaas If a VPN
vpc-acl-unused-check vpc If a network ACL is not attached to any subnets, this ACL is noncompliant. vpc-sg-ports-check vpc If a security group has the source address set to 0.0.0.0/0 or ::/0 and opens all TCP/UDP ports, this security group is noncompliant. vpn-connections-active vpnaas If a VPN
log that has not been enabled for a VPC, this VPC is noncompliant. vpc-sg-ports-check vpc If a security group allows all inbound traffic (with the source address set to 0.0.0.0/0) and opens all TCP/UDP ports, this security group is noncompliant. vpn-connections-active vpnaas If a VPN
For data transferred over public networks, such as hotel or airport Wi-Fi networks, ensure that data is encrypted, either by employing a Virtual Private Network (VPN) or accessing websites over secure connections using SSL/TLS protocol.
system is noncompliant. volumes-encrypted-check ecs, evs If a mounted EVS disk is not encrypted, this disk is noncompliant. vpc-flow-logs-enabled vpc If there is a flow log that has not been enabled for a VPC, this VPC is noncompliant. vpn-connections-active vpnaas Ensure normal VPN
to a specified port, this security group is noncompliant. vpc-sg-restricted-ssh vpc If a security group allows all inbound traffic (with the source address set to 0.0.0.0/0 or ::/0) and opens the TCP 22 port, this security group is noncompliant. vpn-connections-active vpnaas If a VPN
performed on it, this ECS is noncompliant. volume-unused-check evs If an EVS disk is not mounted to any cloud server, this disk is noncompliant. volumes-encrypted-check ecs, evs If a mounted EVS disk is not encrypted, this disk is noncompliant. vpn-connections-active vpnaas If a VPN
) Shared VPN Connections (vpnaas.vpnConnections) Shared VPN Gateways (vpnaas.vpnGateways) Scalable File Service Turbo (SFS Turbo) File Systems (sfsturbo.shares) Elastic Load Balance (ELB) Load Balancers (elb.loadbalancers) Listeners (elb.listeners) Simple Message Notification (SMN
allows all IPv4 addresses (0.0.0.0/0) to access a specified port, this security group is noncompliant. 12.2 vpc-sg-restricted-ssh vpc If the source address is set to 0.0.0.0/0 and the TCP port 22 is opened, this security group is non-compliant. 12.2 vpn-connections-active vpnaas If a VPN
VPC Endpoint VPC Endpoint Check for Specified Services Parent topic: Built-In Policies
vpc.securityGroups SSH Check Configuration change vpc.securityGroups Access Control Check for Non-whitelisted Ports Configuration change vpc.securityGroups A Security Group is Attached to Elastic Network Interfaces Configuration change vpc.securityGroups Virtual Private Network (VPN
Connection State Check Rule Details Table 1 Rule details Parameter Description Rule Name vpn-connections-active Identifier vpn-connections-active Description If a VPN is not normally connected, this rule is noncompliant.
