Conformance Package for Autopilot
The following table lists the rules and solutions included in this conformance package template.
|
Rule |
Cloud Service |
Description |
|---|---|---|
|
css-cluster-disk-encryption-check |
css |
If disk encryption is not enabled for a CSS cluster, this cluster is noncompliant. |
|
css-cluster-https-required |
css |
If HTTPS is not enabled for a CSS cluster, this cluster is noncompliant. |
|
css-cluster-no-public-zone |
css |
If a CSS cluster can be accessed over a public network, this cluster is noncompliant. |
|
css-cluster-security-mode-enable |
css |
If a CSS cluster does not support the security mode, this cluster is noncompliant. |
|
cts-kms-encrypted-check |
cts |
If a CTS tracker is not encrypted using KMS, this tracker is noncompliant. |
|
cts-obs-bucket-track |
cts |
If no CTS trackers are created for the specified OBS bucket, this rule is noncompliant. |
|
cts-support-validate-check |
cts |
If Verify Trace File is not enabled for a CTS tracker, this tacker is noncompliant. |
|
cts-tracker-exists |
cts |
If there are no CTS trackers in an account, this account is noncompliant. |
|
dcs-redis-no-public-ip |
dcs |
If a DCS Redis instance is configured with an EIP, this instance is noncompliant. |
|
dcs-redis-password-access |
dcs |
If a DCS Redis instance can be accessed without a password, this instance is noncompliant. |
|
ecs-instance-no-public-ip |
ecs |
If an ECS has an EIP attached, this ECS is noncompliant. |
|
elb-loadbalancers-no-public-ip |
elb |
If a load balancer has an EIP attached, this load balancer is noncompliant. |
|
elb-tls-https-listeners-only |
elb |
If any listener of a load balancer does not have the frontend protocol set to HTTPS, this load balancer is noncompliant. |
|
iam-password-policy |
iam |
If the password of an IAM user does not meet the password strength requirements, this IAM user is noncompliant. |
|
iam-user-last-login-check |
iam |
If an IAM user does not log in to the system within the specified time range, the result is non-compliant. |
|
iam-user-mfa-enabled |
iam |
If multi-factor authentication is not enabled for an IAM user, this user is noncompliant. |
|
rds-instance-no-public-ip |
rds |
If an RDS instance has an EIP attached, this RDS instance is noncompliant. |
|
root-account-mfa-enabled |
iam |
If multi-factor authentication is not enabled for the root user, the root user is noncompliant. |
|
volumes-encrypted-check |
ecs, evs |
If a mounted EVS disk is not encrypted, this disk is noncompliant. |
|
vpc-flow-logs-enabled |
vpc |
If there is a flow log that has not been enabled for a VPC, this VPC is noncompliant. |
|
vpc-sg-ports-check |
vpc |
If a security group allows all inbound traffic (with the source address set to 0.0.0.0/0) and opens all TCP/UDP ports, this security group is noncompliant. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
