Conformance Package for Logging and Monitoring

The following table describes the compliance rules and solutions in the sample template.

**Table 1** Conformance package description
Rule Identifier	Cloud Service	Description
alarm-action-enabled-check	ces	If an alarm rule is not enabled, this rule is noncompliant.
apig-instances-execution-logging-enabled	apig	If logging is not enabled for a dedicated API gateway, this gateway is considered non-compliant.
as-group-elb-healthcheck-required	as	If an AS group is not using Elastic Load Balancing health check, the result is noncompliant.
cts-kms-encrypted-check	cts	If a CTS tracker is not encrypted using KMS, this tracker is noncompliant.
cts-lts-enable	cts	If Transfer to LTS is not enabled for a CTS tracker, this tracker is noncompliant.
cts-obs-bucket-track	cts	If there are no trackers created for the specified OBS bucket, the result is noncompliant.
cts-support-validate-check	cts	If Verify Trace File is not enabled for a CTS tracker, this tacker is noncompliant.
cts-tracker-exists	cts	If there is no tracker in the current account, the result is noncompliant.
dws-enable-log-dump	dws	If the Audit Log Dump is not enabled for a DWS cluster, this cluster is noncompliant.
function-graph-concurrency-check	fgs	If the number of concurrent requests of a function is not within the specified range, this function is noncompliant.
multi-region-cts-tracker-exists	cts	If there are no trackers in any of the specified regions, the result is noncompliant.
rds-instance-logging-enabled	rds	If neither error logs nor slow query logs are collected for an RDS instance, this instance is noncompliant.
vpc-flow-logs-enabled	vpc	If there is a flow log that has not been enabled for a VPC, this VPC is noncompliant.