检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
For example, you can check if the configurations (public IPs attached or disks encrypted) of your resources meet security requirements. Optimize costs. For example, you can list all EVS disks that have not been attached to any ECS to avoid unnecessary expenditures.
If logging is not enabled for a dedicated APIG gateway, this gateway is considered non-compliant. as-group-elb-healthcheck-required as If an AS group is not using Elastic Load Balancing health check, this rule is noncompliant. cts-kms-encrypted-check cts If a CTS tracker is not encrypted
been stopped for longer than the time allowed, and no operations have been performed on it, this ECS is noncompliant. volume-unused-check evs If an EVS disk is not mounted to any cloud server, this disk is noncompliant. volumes-encrypted-check ecs, evs If a mounted EVS disk is not encrypted
You used an encrypted OBS bucket, but the agency assigned to the resource recorder did not contain related KMS permissions. For more details, see Storing Resource Change Notifications and Resource Snapshots to an Encrypted OBS Bucket.
If you want to store resource change messages and resource snapshots in an OBS bucket encrypted using KMS, you will also need the KMS Administrator permission.
rds If KMS encryption is not enabled for an RDS instance, this instance is noncompliant. sfsturbo-encrypted-check sfsturbo If KMS encryption is not enabled for an SFS Turbo file system, this file system is noncompliant. volumes-encrypted-check ecs, evs If a mounted EVS disk is not encrypted
cluster is noncompliant. css-cluster-https-required css If HTTPS is not enabled for a CSS cluster, this cluster is noncompliant. css-cluster-in-vpc css If a CSS cluster is not in the specified VPCs, this cluster is noncompliant. cts-kms-encrypted-check cts If a CTS tracker is not encrypted
apig-instances-ssl-enabled apig If no SSL certificates are attached to an APIG gateway, this gateway is considered noncompliant. cts-lts-enable cts If a CTS tracker does not have trace transfer to LTS enabled, this tracker is noncompliant. cts-kms-encrypted-check cts If a CTS tracker is not encrypted
this disk is noncompliant. 3.11 cbr-backup-encrypted-check cbr If a CBR backup is not encrypted, this backup is noncompliant. 3.14 apig-instances-execution-logging-enabled apig If logging is not enabled for a dedicated APIG gateway, this gateway is considered non-compliant. 3.14
set to public network, this migration task is noncompliant. drs-synchronization-job-not-public drs If the network type of a synchronization task is not set to public network, this synchronization task is noncompliant. volumes-encrypted-check-by-default evs If an EVS disk is not encrypted
AK/SK authentication: Requests are encrypted using AK/SK pairs. AK/SK authentication is recommended because it is more secure than token authentication. Token Authentication The validity period of a token is 24 hours.
Check Configuration change cce.clusters CCE Clusters Do Not Have EIPs Attached Configuration change cce.clusters Flavor Check Configuration change cce.clusters CCE Clusters Are in Specified VPCs Configuration change cce.clusters Cloud Trace Service (CTS) CTS Trackers Have Traces Encrypted
For details, see Storing Resource Change Notifications and Resource Snapshots to an Encrypted OBS Bucket.
attachments": [], "replicationStatus": "disabled", "availabilityZone": "regionid1a", "bootable": "true", "userId": "059b5c937d80d3e41ff3c00a3c883d16", "volTenantAttrTenantId": "059b5e0a2500d5552fa1c00adada8c06", "size": "40", "encrypted
been stopped for longer than the time allowed, and no operations have been performed on it, this ECS is noncompliant. volume-unused-check evs If an EVS disk is not mounted to any cloud server, this disk is noncompliant. volumes-encrypted-check ecs, evs If a mounted EVS disk is not encrypted
CRY-02 css-cluster-https-required HTTPS enables encrypted communication with clusters. If HTTPS is disabled, HTTP is used. This compromises data security, and public access cannot be enabled.
", "policy_type" : "builtin", "description" : "An EVS disk is non-compliant if it has been mounted but not encrypted.
Wireless technologies, including 802.11 and Bluetooth Cellular technologies, for example, Global System for Mobile communications (GSM), code division multiple access (CDMA), General Packet Radio Service (GPRS), and satellite communications. css-cluster-https-required HTTPS enables encrypted
