检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
If a KMS key is deleted, the data encrypted using the key cannot be recovered. Services depending on this data may be interrupted. You need to check the keys in Pending deletion state to avoid accidental deletion.
For details, see Does DCS for Redis Support SSL Encrypted Transmission? Solution DCS for Redis 6.0 and 7.0 basic edition instances in single-node, master/standby, and Redis cluster mode support SSL encryption for data transmission security.
rds If KMS encryption is not enabled for an RDS instance, this instance is noncompliant. sfsturbo-encrypted-check sfsturbo If KMS encryption is not enabled for an SFS Turbo file system, this file system is noncompliant. volumes-encrypted-check ecs, evs If a mounted EVS disk is not encrypted
cluster is noncompliant. css-cluster-https-required css If HTTPS is not enabled for a CSS cluster, this cluster is noncompliant. css-cluster-in-vpc css If a CSS cluster is not in the specified VPCs, this cluster is noncompliant. cts-kms-encrypted-check cts If a CTS tracker is not encrypted
apig-instances-ssl-enabled apig If no SSL certificates are attached to an APIG gateway, this gateway is considered noncompliant. cts-lts-enable cts If a CTS tracker does not have trace transfer to LTS enabled, this tracker is noncompliant. cts-kms-encrypted-check cts If a CTS tracker is not encrypted
this disk is noncompliant. 3.11 cbr-backup-encrypted-check cbr If a CBR backup is not encrypted, this backup is noncompliant. 3.14 apig-instances-execution-logging-enabled apig If logging is not enabled for a dedicated APIG gateway, this gateway is considered non-compliant. 3.14
set to public network, this migration task is noncompliant. drs-synchronization-job-not-public drs If the network type of a synchronization task is not set to public network, this synchronization task is noncompliant. volumes-encrypted-check-by-default evs If an EVS disk is not encrypted
AK/SK authentication: Requests are encrypted using AK/SK pairs. AK/SK authentication is recommended because it is more secure than token authentication. Token Authentication The validity period of a token is 24 hours.
Version Check Configuration change cce.clusters CCE Clusters Should Not Use EIPs Configuration change cce.clusters Flavor Check Configuration change cce.clusters CCE Clusters Are in Specified VPCs Configuration change cce.clusters Cloud Trace Service (CTS) CTS Trackers Have Traces Encrypted
attachments": [], "replicationStatus": "disabled", "availabilityZone": "regionid1a", "bootable": "true", "userId": "059b5c937d80d3e41ff3c00a3c883d16", "volTenantAttrTenantId": "059b5e0a2500d5552fa1c00adada8c06", "size": "40", "encrypted
been stopped for longer than the time allowed, and no operations have been performed on it, this ECS is noncompliant. volume-unused-check evs If an EVS disk is not mounted to any cloud server, this disk is noncompliant. volumes-encrypted-check ecs, evs If a mounted EVS disk is not encrypted
For details, see Storing Resource Change Notifications and Resource Snapshots to an Encrypted OBS Bucket. Specify IDs of member accounts (domain_id) you want to grant the permissions to.
CRY-02 css-cluster-https-required HTTPS enables encrypted communication with clusters. If HTTPS is disabled, HTTP is used. This compromises data security, and public access cannot be enabled.
", "policy_type" : "builtin", "description" : "An EVS disk is non-compliant if it has been mounted but not encrypted.
Wireless technologies, including 802.11 and Bluetooth Cellular technologies, for example, Global System for Mobile communications (GSM), code division multiple access (CDMA), General Packet Radio Service (GPRS), and satellite communications. css-cluster-https-required HTTPS enables encrypted
