Updated on 2024-10-28 GMT+08:00

Conformance Package for Autopilot

The following table lists the rules and solutions included in this conformance package template.

Table 1 Conformance package description

Rule

Cloud Service

Description

css-cluster-disk-encryption-check

css

If disk encryption is not enabled for a CSS cluster, this cluster is noncompliant.

css-cluster-https-required

css

If HTTPS is not enabled for a CSS cluster, this cluster is noncompliant.

css-cluster-no-public-zone

css

If a CSS cluster can be accessed over a public network, this cluster is noncompliant.

css-cluster-security-mode-enable

css

If a CSS cluster does not support the security mode, this cluster is noncompliant.

cts-kms-encrypted-check

cts

If a CTS tracker is not encrypted using KMS, this tracker is noncompliant.

cts-obs-bucket-track

cts

If no CTS trackers are created for the specified OBS bucket, this rule is noncompliant.

cts-support-validate-check

cts

If Verify Trace File is not enabled for a CTS tracker, this tacker is noncompliant.

cts-tracker-exists

cts

If there are no CTS trackers in an account, this account is noncompliant.

dcs-redis-no-public-ip

dcs

If a DCS Redis instance is configured with an EIP, this instance is noncompliant.

dcs-redis-password-access

dcs

If a DCS Redis instance can be accessed without a password, this instance is noncompliant.

ecs-instance-no-public-ip

ecs

If an ECS has an EIP attached, this ECS is noncompliant.

elb-loadbalancers-no-public-ip

elb

If a load balancer has an EIP attached, this load balancer is noncompliant.

elb-tls-https-listeners-only

elb

If any listener of a load balancer does not have the frontend protocol set to HTTPS, this load balancer is noncompliant.

iam-password-policy

iam

If the password of an IAM user does not meet the password strength requirements, this IAM user is noncompliant.

iam-user-last-login-check

iam

If an IAM user does not log in to the system within the specified time range, the result is non-compliant.

iam-user-mfa-enabled

iam

If multi-factor authentication is not enabled for an IAM user, this user is noncompliant.

rds-instance-no-public-ip

rds

If an RDS instance has an EIP attached, this RDS instance is noncompliant.

root-account-mfa-enabled

iam

If multi-factor authentication is not enabled for the root user, the root user is noncompliant.

volumes-encrypted-check

ecs, evs

If a mounted EVS disk is not encrypted, this disk is noncompliant.

vpc-flow-logs-enabled

vpc

If there is a flow log that has not been enabled for a VPC, this VPC is noncompliant.

vpc-sg-ports-check

vpc

If a security group allows all inbound traffic (with the source address set to 0.0.0.0/0) and opens all TCP/UDP ports, this security group is noncompliant.