From 179a2287411a8347f902d97fe67ec70bb32a68d5 Mon Sep 17 00:00:00 2001 From: kbalk <7536198+kbalk@users.noreply.github.com> Date: Wed, 20 Sep 2023 03:30:58 -0400 Subject: [PATCH] Update script that creates managed rule list used by Config (#6823) --- moto/config/resources/aws_managed_rules.json | 1276 ++++++++++++++---- scripts/pull_down_aws_managed_rules.py | 208 +-- 2 files changed, 1106 insertions(+), 378 deletions(-) diff --git a/moto/config/resources/aws_managed_rules.json b/moto/config/resources/aws_managed_rules.json index ced36c39b..daa88e30b 100644 --- a/moto/config/resources/aws_managed_rules.json +++ b/moto/config/resources/aws_managed_rules.json @@ -1,7 +1,7 @@ { "ManagedRules": { "ACCESS_KEYS_ROTATED": { - "AWS Region": "All supported AWS regions", + "AWS Region": "All supported AWS regions except Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Default": "90", @@ -10,10 +10,11 @@ "Type": "int" } ], + "Resource Types": "AWS::IAM::User", "Trigger type": "Periodic" }, "ACCOUNT_PART_OF_ORGANIZATIONS": { - "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Europe (Spain) Region", "Parameters": [ { "Name": "MasterAccountId", @@ -24,7 +25,7 @@ "Trigger type": "Periodic" }, "ACM_CERTIFICATE_EXPIRATION_CHECK": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), Asia Pacific (Osaka), Europe (Milan) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Default": "14", @@ -33,10 +34,17 @@ "Type": "int" } ], + "Resource Types": "AWS::ACM::Certificate", + "Trigger type": "Configuration changes and Periodic" + }, + "ACM_CERTIFICATE_RSA_CHECK": { + "AWS Region": "All supported AWS regions except China (Beijing), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", + "Parameters": [], + "Resource Types": "AWS::ACM::Certificate", "Trigger type": "Configuration changes" }, "ALB_DESYNC_MODE_CHECK": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), China (Ningxia) Region", "Parameters": [ { "Name": "desyncMode", @@ -44,20 +52,22 @@ "Type": "CSV" } ], + "Resource Types": "AWS::ElasticLoadBalancingV2::LoadBalancer", "Trigger type": "Configuration changes" }, "ALB_HTTP_DROP_INVALID_HEADER_ENABLED": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except Africa (Cape Town), Asia Pacific (Osaka), Europe (Milan), Israel (Tel Aviv) Region", "Parameters": [], + "Resource Types": "AWS::ElasticLoadBalancingV2::LoadBalancer", "Trigger type": "Configuration changes" }, "ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except Africa (Cape Town), Asia Pacific (Osaka), Europe (Milan), Israel (Tel Aviv) Region", "Parameters": [], "Trigger type": "Periodic" }, "ALB_WAF_ENABLED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Africa (Cape Town), Middle East (UAE), Asia Pacific (Osaka), Europe (Milan), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "wafWebAclIds", @@ -65,10 +75,29 @@ "Type": "CSV" } ], + "Resource Types": "AWS::ElasticLoadBalancingV2::LoadBalancer", "Trigger type": "Configuration changes" }, + "API_GWV2_ACCESS_LOGS_ENABLED": { + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", + "Parameters": [], + "Resource Types": "AWS::ApiGatewayV2::Stage", + "Trigger type": "Configuration changes" + }, + "API_GWV2_AUTHORIZATION_TYPE_CONFIGURED": { + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", + "Parameters": [ + { + "Name": "authorizationType", + "Optional": true, + "Type": "String" + } + ], + "Resource Types": "AWS::ApiGatewayV2::Route", + "Trigger type": "Periodic" + }, "API_GW_ASSOCIATED_WITH_WAF": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Europe (Spain) Region", "Parameters": [ { "Name": "WebAclArns", @@ -76,15 +105,17 @@ "Type": "CSV" } ], + "Resource Types": "AWS::ApiGateway::Stage", "Trigger type": "Configuration changes" }, "API_GW_CACHE_ENABLED_AND_ENCRYPTED": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Africa (Cape Town), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Europe (Milan), Europe (Spain) Region", "Parameters": [], + "Resource Types": "AWS::ApiGateway::Stage", "Trigger type": "Configuration changes" }, "API_GW_ENDPOINT_TYPE_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Africa (Cape Town), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Europe (Milan), Europe (Spain) Region", "Parameters": [ { "Name": "endpointConfigurationTypes", @@ -92,10 +123,11 @@ "Type": "String" } ], + "Resource Types": "AWS::ApiGateway::RestApi", "Trigger type": "Configuration changes" }, "API_GW_EXECUTION_LOGGING_ENABLED": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Africa (Cape Town), Asia Pacific (Osaka), Europe (Milan) Region", "Parameters": [ { "Default": "ERROR,INFO", @@ -104,10 +136,11 @@ "Type": "String" } ], + "Resource Types": "AWS::ApiGateway::Stage, AWS::ApiGatewayV2::Stage", "Trigger type": "Configuration changes" }, "API_GW_SSL_ENABLED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", "Parameters": [ { "Name": "CertificateIDs", @@ -115,11 +148,13 @@ "Type": "CSV" } ], + "Resource Types": "AWS::ApiGateway::Stage", "Trigger type": "Configuration changes" }, "API_GW_XRAY_ENABLED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Europe (Spain) Region", "Parameters": [], + "Resource Types": "AWS::ApiGateway::Stage", "Trigger type": "Configuration changes" }, "APPROVED_AMIS_BY_ID": { @@ -131,22 +166,60 @@ "Type": "CSV" } ], + "Resource Types": "AWS::EC2::Instance", "Trigger type": "Configuration changes" }, "APPROVED_AMIS_BY_TAG": { "AWS Region": "All supported AWS regions", "Parameters": [ { - "Default": "tag-key", + "Default": "tag-key:tag-value,other-tag-key", "Name": "amisByTagKeyAndValue", "Optional": false, "Type": "StringMap" } ], + "Resource Types": "AWS::EC2::Instance", + "Trigger type": "Configuration changes" + }, + "APPSYNC_ASSOCIATED_WITH_WAF": { + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Africa (Cape Town), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", + "Parameters": [ + { + "Name": "wafWebAclARNs", + "Optional": true, + "Type": "CSV" + } + ], + "Resource Types": "AWS::AppSync::GraphQLApi", + "Trigger type": "Periodic" + }, + "APPSYNC_CACHE_ENCRYPTION_AT_REST": { + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Africa (Cape Town), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", + "Parameters": [], + "Resource Types": "AWS::AppSync::GraphQLApi", + "Trigger type": "Periodic" + }, + "APPSYNC_LOGGING_ENABLED": { + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Africa (Cape Town), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", + "Parameters": [ + { + "Name": "fieldLoggingLevel", + "Optional": true, + "Type": "CSV" + } + ], + "Resource Types": "AWS::AppSync::GraphQLApi", + "Trigger type": "Configuration changes" + }, + "ATHENA_WORKGROUP_ENCRYPTED_AT_REST": { + "AWS Region": "All supported AWS regions except Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", + "Parameters": [], + "Resource Types": "AWS::Athena::WorkGroup", "Trigger type": "Configuration changes" }, "AURORA_LAST_BACKUP_RECOVERY_POINT_CREATED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "resourceTags", @@ -171,10 +244,11 @@ "Type": "String" } ], + "Resource Types": "AWS::RDS::DBCluster", "Trigger type": "Periodic" }, "AURORA_MYSQL_BACKTRACKING_ENABLED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Hong Kong), Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Europe (Stockholm), Middle East (Bahrain), Africa (Cape Town), South America (Sao Paulo) Region", + "AWS Region": "All supported AWS regions except Europe (Stockholm), Middle East (Bahrain), China (Beijing), Asia Pacific (Jakarta), Africa (Cape Town), Middle East (UAE), South America (Sao Paulo), Asia Pacific (Hong Kong), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain) Region", "Parameters": [ { "Name": "BacktrackWindowInHours", @@ -182,10 +256,11 @@ "Type": "double" } ], + "Resource Types": "AWS::RDS::DBCluster", "Trigger type": "Configuration changes" }, "AURORA_RESOURCES_PROTECTED_BY_BACKUP_PLAN": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "resourceTags", @@ -223,40 +298,47 @@ "Type": "String" } ], + "Resource Types": "AWS::RDS::DBCluster", "Trigger type": "Periodic" }, "AUTOSCALING_CAPACITY_REBALANCING": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::AutoScaling::AutoScalingGroup", "Trigger type": "Configuration changes" }, "AUTOSCALING_GROUP_ELB_HEALTHCHECK_REQUIRED": { - "AWS Region": "All supported AWS regions", + "AWS Region": "All supported AWS regions except Middle East (UAE), Asia Pacific (Melbourne) Region", "Parameters": [], + "Resource Types": "AWS::AutoScaling::AutoScalingGroup", "Trigger type": "Configuration changes" }, "AUTOSCALING_LAUNCHCONFIG_REQUIRES_IMDSV2": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), China (Ningxia) Region", "Parameters": [], + "Resource Types": "AWS::AutoScaling::LaunchConfiguration", "Trigger type": "Configuration changes" }, "AUTOSCALING_LAUNCH_CONFIG_HOP_LIMIT": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), AWS GovCloud (US-East), AWS GovCloud (US-West), China (Ningxia) Region", "Parameters": [], + "Resource Types": "AWS::AutoScaling::LaunchConfiguration", "Trigger type": "Configuration changes" }, "AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED": { - "AWS Region": "All supported AWS regions except AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv) Region", "Parameters": [], + "Resource Types": "AWS::AutoScaling::LaunchConfiguration", "Trigger type": "Configuration changes" }, "AUTOSCALING_LAUNCH_TEMPLATE": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), AWS GovCloud (US-East), AWS GovCloud (US-West), China (Ningxia) Region", "Parameters": [], + "Resource Types": "AWS::AutoScaling::AutoScalingGroup", "Trigger type": "Configuration changes" }, "AUTOSCALING_MULTIPLE_AZ": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West) Region", + "AWS Region": "All supported AWS regions except China (Beijing), AWS GovCloud (US-East), AWS GovCloud (US-West), China (Ningxia) Region", "Parameters": [ { "Name": "minAvailabilityZones", @@ -264,15 +346,17 @@ "Type": "int" } ], + "Resource Types": "AWS::AutoScaling::AutoScalingGroup", "Trigger type": "Configuration changes" }, "AUTOSCALING_MULTIPLE_INSTANCE_TYPES": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), China (Ningxia) Region", "Parameters": [], + "Resource Types": "AWS::AutoScaling::AutoScalingGroup", "Trigger type": "Configuration changes" }, "BACKUP_PLAN_MIN_FREQUENCY_AND_MIN_RETENTION_CHECK": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Default": "1", @@ -293,15 +377,17 @@ "Type": "String" } ], + "Resource Types": "AWS::Backup::BackupPlan", "Trigger type": "Configuration changes" }, "BACKUP_RECOVERY_POINT_ENCRYPTED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::Backup::RecoveryPoint", "Trigger type": "Configuration changes" }, "BACKUP_RECOVERY_POINT_MANUAL_DELETION_DISABLED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "principalArnList", @@ -309,10 +395,11 @@ "Type": "CSV" } ], + "Resource Types": "AWS::Backup::BackupVault", "Trigger type": "Configuration changes" }, "BACKUP_RECOVERY_POINT_MINIMUM_RETENTION_CHECK": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Default": "35", @@ -321,15 +408,17 @@ "Type": "int" } ], + "Resource Types": "AWS::Backup::RecoveryPoint", "Trigger type": "Configuration changes" }, "BEANSTALK_ENHANCED_HEALTH_REPORTING_ENABLED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::ElasticBeanstalk::Environment", "Trigger type": "Configuration changes" }, "CLB_DESYNC_MODE_CHECK": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "desyncMode", @@ -337,10 +426,11 @@ "Type": "CSV" } ], + "Resource Types": "AWS::ElasticLoadBalancing::LoadBalancer", "Trigger type": "Configuration changes" }, "CLB_MULTIPLE_AZ": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West) Region", + "AWS Region": "All supported AWS regions except China (Beijing), AWS GovCloud (US-East), AWS GovCloud (US-West), China (Ningxia) Region", "Parameters": [ { "Name": "minAvailabilityZones", @@ -348,10 +438,11 @@ "Type": "int" } ], + "Resource Types": "AWS::ElasticLoadBalancing::LoadBalancer", "Trigger type": "Configuration changes" }, "CLOUDFORMATION_STACK_DRIFT_DETECTION_CHECK": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Hong Kong), Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Europe (Paris), Europe (Stockholm), Middle East (Bahrain), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except Europe (Stockholm), Europe (Paris), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Name": "cloudformationRoleArn", @@ -359,10 +450,11 @@ "Type": "String" } ], - "Trigger type": "Configuration changes" + "Resource Types": "AWS::CloudFormation::Stack", + "Trigger type": "Configuration changes and Periodic" }, "CLOUDFORMATION_STACK_NOTIFICATION_CHECK": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Hong Kong), Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Europe (Paris), Europe (Stockholm), Middle East (Bahrain), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except Europe (Stockholm), Middle East (Bahrain), Europe (Paris), Asia Pacific (Jakarta), Africa (Cape Town), Middle East (UAE), Asia Pacific (Hong Kong), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Name": "snsTopic1", @@ -390,6 +482,7 @@ "Type": "String" } ], + "Resource Types": "AWS::CloudFormation::Stack", "Trigger type": "Configuration changes" }, "CLOUDFRONT_ACCESSLOGS_ENABLED": { @@ -401,6 +494,7 @@ "Type": "String" } ], + "Resource Types": "AWS::CloudFront::Distribution", "Trigger type": "Configuration changes" }, "CLOUDFRONT_ASSOCIATED_WITH_WAF": { @@ -412,50 +506,77 @@ "Type": "CSV" } ], + "Resource Types": "AWS::CloudFront::Distribution", "Trigger type": "Configuration changes" }, "CLOUDFRONT_CUSTOM_SSL_CERTIFICATE": { "AWS Region": "Only available in US East (N. Virginia) Region", "Parameters": [], + "Resource Types": "AWS::CloudFront::Distribution", "Trigger type": "Configuration changes" }, "CLOUDFRONT_DEFAULT_ROOT_OBJECT_CONFIGURED": { "AWS Region": "Only available in US East (N. Virginia) Region", "Parameters": [], + "Resource Types": "AWS::CloudFront::Distribution", "Trigger type": "Configuration changes" }, "CLOUDFRONT_NO_DEPRECATED_SSL_PROTOCOLS": { "AWS Region": "Only available in US East (N. Virginia) Region", "Parameters": [], + "Resource Types": "AWS::CloudFront::Distribution", "Trigger type": "Configuration changes" }, "CLOUDFRONT_ORIGIN_ACCESS_IDENTITY_ENABLED": { "AWS Region": "Only available in US East (N. Virginia) Region", "Parameters": [], + "Resource Types": "AWS::CloudFront::Distribution", "Trigger type": "Configuration changes" }, "CLOUDFRONT_ORIGIN_FAILOVER_ENABLED": { "AWS Region": "Only available in US East (N. Virginia) Region", "Parameters": [], + "Resource Types": "AWS::CloudFront::Distribution", + "Trigger type": "Configuration changes" + }, + "CLOUDFRONT_S3_ORIGIN_ACCESS_CONTROL_ENABLED": { + "AWS Region": "Only available in US East (N. Virginia) Region", + "Parameters": [], + "Resource Types": "AWS::CloudFront::Distribution", + "Trigger type": "Configuration changes" + }, + "CLOUDFRONT_S3_ORIGIN_NON_EXISTENT_BUCKET": { + "AWS Region": "Only available in US East (N. Virginia) Region", + "Parameters": [], + "Resource Types": "AWS::CloudFront::Distribution", + "Trigger type": "Periodic" + }, + "CLOUDFRONT_SECURITY_POLICY_CHECK": { + "AWS Region": "Only available in US East (N. Virginia) Region", + "Parameters": [], + "Resource Types": "AWS::CloudFront::Distribution", "Trigger type": "Configuration changes" }, "CLOUDFRONT_SNI_ENABLED": { "AWS Region": "Only available in US East (N. Virginia) Region", "Parameters": [], + "Resource Types": "AWS::CloudFront::Distribution", "Trigger type": "Configuration changes" }, "CLOUDFRONT_TRAFFIC_TO_ORIGIN_ENCRYPTED": { "AWS Region": "Only available in US East (N. Virginia) Region", "Parameters": [], + "Resource Types": "AWS::CloudFront::Distribution", "Trigger type": "Configuration changes" }, "CLOUDFRONT_VIEWER_POLICY_HTTPS": { "AWS Region": "Only available in US East (N. Virginia) Region", "Parameters": [], + "Resource Types": "AWS::CloudFront::Distribution", "Trigger type": "Configuration changes" }, "CLOUDTRAIL_S3_DATAEVENTS_ENABLED": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Europe (Spain) Region", "Parameters": [ { "Name": "S3BucketNames", @@ -466,7 +587,7 @@ "Trigger type": "Periodic" }, "CLOUDTRAIL_SECURITY_TRAIL_ENABLED": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Europe (Spain) Region", "Parameters": [], "Trigger type": "Periodic" }, @@ -517,11 +638,13 @@ "Type": "String" } ], + "Resource Types": "AWS::CloudWatch::Alarm", "Trigger type": "Configuration changes" }, "CLOUDWATCH_ALARM_ACTION_ENABLED_CHECK": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), AWS GovCloud (US-East), AWS GovCloud (US-West), China (Ningxia) Region", "Parameters": [], + "Resource Types": "AWS::CloudWatch::Alarm", "Trigger type": "Configuration changes" }, "CLOUDWATCH_ALARM_RESOURCE_CHECK": { @@ -575,10 +698,11 @@ "Type": "String" } ], + "Resource Types": "AWS::CloudWatch::Alarm", "Trigger type": "Configuration changes" }, "CLOUDWATCH_LOG_GROUP_ENCRYPTED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Israel (Tel Aviv), Europe (Spain), China (Ningxia) Region", "Parameters": [ { "Name": "KmsKeyId", @@ -631,17 +755,18 @@ "Trigger type": "Periodic" }, "CMK_BACKING_KEY_ROTATION_ENABLED": { - "AWS Region": "All supported AWS regions", + "AWS Region": "All supported AWS regions except Middle East (UAE), Europe (Spain) Region", "Parameters": [], "Trigger type": "Periodic" }, "CODEBUILD_PROJECT_ARTIFACT_ENCRYPTION": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::CodeBuild::Project", "Trigger type": "Configuration changes" }, "CODEBUILD_PROJECT_ENVIRONMENT_PRIVILEGED_CHECK": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "exemptedProjects", @@ -649,15 +774,17 @@ "Type": "CSV" } ], + "Resource Types": "AWS::CodeBuild::Project", "Trigger type": "Configuration changes" }, "CODEBUILD_PROJECT_ENVVAR_AWSCRED_CHECK": { - "AWS Region": "All supported AWS regions except AWS GovCloud (US-East), Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Africa (Cape Town), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Europe (Milan), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::CodeBuild::Project", "Trigger type": "Configuration changes" }, "CODEBUILD_PROJECT_LOGGING_ENABLED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "s3BucketNames", @@ -670,10 +797,11 @@ "Type": "String" } ], + "Resource Types": "AWS::CodeBuild::Project", "Trigger type": "Configuration changes" }, "CODEBUILD_PROJECT_S3_LOGS_ENCRYPTED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "exemptedProjects", @@ -681,20 +809,23 @@ "Type": "CSV" } ], + "Resource Types": "AWS::CodeBuild::Project", "Trigger type": "Configuration changes" }, "CODEBUILD_PROJECT_SOURCE_REPO_URL_CHECK": { - "AWS Region": "All supported AWS regions except AWS GovCloud (US-East), Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Africa (Cape Town), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Europe (Milan), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::CodeBuild::Project", "Trigger type": "Configuration changes" }, "CODEDEPLOY_AUTO_ROLLBACK_MONITOR_ENABLED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::CodeDeploy::DeploymentGroup", "Trigger type": "Configuration changes" }, "CODEDEPLOY_EC2_MINIMUM_HEALTHY_HOSTS_CONFIGURED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Default": "66", @@ -709,15 +840,17 @@ "Type": "int" } ], + "Resource Types": "AWS::CodeDeploy::DeploymentGroup", "Trigger type": "Configuration changes" }, "CODEDEPLOY_LAMBDA_ALLATONCE_TRAFFIC_SHIFT_DISABLED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::CodeDeploy::DeploymentGroup", "Trigger type": "Configuration changes" }, "CODEPIPELINE_DEPLOYMENT_COUNT_CHECK": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Hong Kong), Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Europe (Stockholm), Middle East (Bahrain), Africa (Cape Town) Region", + "AWS Region": "Only available in Asia Pacific (Mumbai), Europe (Paris), US East (Ohio), Europe (Ireland), Europe (Frankfurt), South America (Sao Paulo), US East (N. Virginia), Asia Pacific (Seoul), Europe (London), Asia Pacific (Tokyo), US West (Oregon), US West (N. California), Asia Pacific (Singapore), Asia Pacific (Sydney), Canada (Central) Region", "Parameters": [ { "Name": "deploymentLimit", @@ -725,10 +858,11 @@ "Type": "int" } ], + "Resource Types": "AWS::CodePipeline::Pipeline", "Trigger type": "Configuration changes" }, "CODEPIPELINE_REGION_FANOUT_CHECK": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Hong Kong), Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Europe (Stockholm), Middle East (Bahrain), Africa (Cape Town) Region", + "AWS Region": "Only available in Asia Pacific (Mumbai), Europe (Paris), US East (Ohio), Europe (Ireland), Europe (Frankfurt), South America (Sao Paulo), US East (N. Virginia), Asia Pacific (Seoul), Europe (London), Asia Pacific (Tokyo), US West (Oregon), US West (N. California), Asia Pacific (Singapore), Asia Pacific (Sydney), Canada (Central) Region", "Parameters": [ { "Default": "3", @@ -737,10 +871,17 @@ "Type": "int" } ], + "Resource Types": "AWS::CodePipeline::Pipeline", "Trigger type": "Configuration changes" }, + "CUSTOM_SCHEMA_REGISTRY_POLICY_ATTACHED": { + "AWS Region": "All supported AWS regions except Middle East (Bahrain), China (Beijing), Asia Pacific (Jakarta), Africa (Cape Town), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", + "Parameters": [], + "Resource Types": "AWS::EventSchemas::Registry", + "Trigger type": "Periodic" + }, "CW_LOGGROUP_RETENTION_PERIOD_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Middle East (UAE), Asia Pacific (Osaka), Europe (Spain) Region", "Parameters": [ { "Name": "LogGroupNames", @@ -761,7 +902,7 @@ "Trigger type": "Periodic" }, "DB_INSTANCE_BACKUP_ENABLED": { - "AWS Region": "All supported AWS regions", + "AWS Region": "All supported AWS regions except Europe (Spain) Region", "Parameters": [ { "Name": "backupRetentionPeriod", @@ -784,6 +925,7 @@ "Type": "boolean" } ], + "Resource Types": "AWS::RDS::DBInstance", "Trigger type": "Configuration changes" }, "DESIRED_INSTANCE_TENANCY": { @@ -805,6 +947,7 @@ "Type": "CSV" } ], + "Resource Types": "AWS::EC2::Instance", "Trigger type": "Configuration changes" }, "DESIRED_INSTANCE_TYPE": { @@ -816,15 +959,40 @@ "Type": "CSV" } ], + "Resource Types": "AWS::EC2::Instance", "Trigger type": "Configuration changes" }, "DMS_REPLICATION_NOT_PUBLIC": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Africa (Cape Town), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Europe (Milan), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [], "Trigger type": "Periodic" }, + "DOCDB_CLUSTER_BACKUP_RETENTION_CHECK": { + "AWS Region": "Only available in Asia Pacific (Mumbai), Europe (Paris), US East (Ohio), Europe (Ireland), Europe (Frankfurt), South America (Sao Paulo), US East (N. Virginia), Asia Pacific (Seoul), Europe (London), Europe (Milan), Asia Pacific (Tokyo), US West (Oregon), Asia Pacific (Singapore), Asia Pacific (Sydney), Canada (Central), China (Ningxia) Region", + "Parameters": [ + { + "Name": "minimumBackupRetentionPeriod", + "Optional": true, + "Type": "int" + } + ], + "Resource Types": "AWS::RDS::DBCluster", + "Trigger type": "Configuration changes" + }, + "DOCDB_CLUSTER_ENCRYPTED": { + "AWS Region": "Only available in Asia Pacific (Mumbai), Europe (Paris), US East (Ohio), Europe (Ireland), Europe (Frankfurt), South America (Sao Paulo), US East (N. Virginia), Asia Pacific (Seoul), Europe (London), Europe (Milan), Asia Pacific (Tokyo), US West (Oregon), Asia Pacific (Singapore), Asia Pacific (Sydney), Canada (Central), China (Ningxia) Region", + "Parameters": [ + { + "Name": "kmsKeyArns", + "Optional": true, + "Type": "CSV" + } + ], + "Resource Types": "AWS::RDS::DBCluster", + "Trigger type": "Configuration changes" + }, "DYNAMODB_AUTOSCALING_ENABLED": { - "AWS Region": "All supported AWS regions except AWS GovCloud (US-East), AWS GovCloud (US-West) Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "minProvisionedReadCapacity", @@ -857,15 +1025,17 @@ "Type": "double" } ], + "Resource Types": "AWS::DynamoDB::Table", "Trigger type": "Periodic" }, "DYNAMODB_IN_BACKUP_PLAN": { - "AWS Region": "All supported AWS regions except AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Africa (Cape Town), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::DynamoDB::Table", "Trigger type": "Periodic" }, "DYNAMODB_LAST_BACKUP_RECOVERY_POINT_CREATED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "resourceTags", @@ -890,15 +1060,17 @@ "Type": "String" } ], + "Resource Types": "AWS::DynamoDB::Table", "Trigger type": "Periodic" }, "DYNAMODB_PITR_ENABLED": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Osaka) Region", "Parameters": [], + "Resource Types": "AWS::DynamoDB::Table", "Trigger type": "Configuration changes" }, "DYNAMODB_RESOURCES_PROTECTED_BY_BACKUP_PLAN": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "resourceTags", @@ -936,10 +1108,11 @@ "Type": "String" } ], + "Resource Types": "AWS::DynamoDB::Table", "Trigger type": "Periodic" }, "DYNAMODB_TABLE_ENCRYPTED_KMS": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Europe (Spain) Region", "Parameters": [ { "Name": "kmsKeyArns", @@ -947,15 +1120,17 @@ "Type": "CSV" } ], + "Resource Types": "AWS::DynamoDB::Table", "Trigger type": "Configuration changes" }, "DYNAMODB_TABLE_ENCRYPTION_ENABLED": { - "AWS Region": "All supported AWS regions except China (Ningxia), Asia Pacific (Hong Kong), Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Europe (Stockholm), Middle East (Bahrain), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except Europe (Stockholm), Middle East (Bahrain), Asia Pacific (Jakarta), Africa (Cape Town), Asia Pacific (Hong Kong), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Europe (Milan), Europe (Spain), China (Ningxia) Region", "Parameters": [], + "Resource Types": "AWS::DynamoDB::Table", "Trigger type": "Configuration changes" }, "DYNAMODB_THROUGHPUT_LIMIT_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Africa (Cape Town), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Europe (Milan), Europe (Spain) Region", "Parameters": [ { "Default": "80", @@ -973,12 +1148,12 @@ "Trigger type": "Periodic" }, "EBS_IN_BACKUP_PLAN": { - "AWS Region": "All supported AWS regions except AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Africa (Cape Town), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [], "Trigger type": "Periodic" }, "EBS_LAST_BACKUP_RECOVERY_POINT_CREATED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "resourceTags", @@ -1003,15 +1178,17 @@ "Type": "String" } ], + "Resource Types": "AWS::EC2::Volume", "Trigger type": "Periodic" }, "EBS_OPTIMIZED_INSTANCE": { "AWS Region": "All supported AWS regions", "Parameters": [], + "Resource Types": "AWS::EC2::Instance", "Trigger type": "Configuration changes" }, "EBS_RESOURCES_PROTECTED_BY_BACKUP_PLAN": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "resourceTags", @@ -1049,35 +1226,45 @@ "Type": "String" } ], + "Resource Types": "AWS::EC2::Volume", "Trigger type": "Periodic" }, "EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Europe (Spain) Region", "Parameters": [], "Trigger type": "Periodic" }, + "EC2_CLIENT_VPN_NOT_AUTHORIZE_ALL": { + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", + "Parameters": [], + "Resource Types": "AWS::EC2::ClientVpnEndpoint", + "Trigger type": "Periodic" + }, "EC2_EBS_ENCRYPTION_BY_DEFAULT": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Osaka), Europe (Spain) Region", "Parameters": [], "Trigger type": "Periodic" }, "EC2_IMDSV2_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except Africa (Cape Town), Asia Pacific (Osaka), Europe (Milan) Region", "Parameters": [], + "Resource Types": "AWS::EC2::Instance", "Trigger type": "Configuration changes" }, "EC2_INSTANCE_DETAILED_MONITORING_ENABLED": { "AWS Region": "All supported AWS regions", "Parameters": [], + "Resource Types": "AWS::EC2::Instance", "Trigger type": "Configuration changes" }, "EC2_INSTANCE_MANAGED_BY_SSM": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Israel (Tel Aviv), Europe (Spain) Region", "Parameters": [], + "Resource Types": "AWS::EC2::Instance, AWS::SSM::ManagedInstanceInventory", "Trigger type": "Configuration changes" }, "EC2_INSTANCE_MULTIPLE_ENI_CHECK": { - "AWS Region": "All supported AWS regions except AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Osaka), AWS GovCloud (US-East), AWS GovCloud (US-West) Region", "Parameters": [ { "Name": "NetworkInterfaceIds", @@ -1085,15 +1272,17 @@ "Type": "CSV" } ], + "Resource Types": "AWS::EC2::Instance", "Trigger type": "Configuration changes" }, "EC2_INSTANCE_NO_PUBLIC_IP": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Osaka) Region", "Parameters": [], + "Resource Types": "AWS::EC2::Instance", "Trigger type": "Configuration changes" }, "EC2_INSTANCE_PROFILE_ATTACHED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Europe (Spain), China (Ningxia) Region", "Parameters": [ { "Name": "IamInstanceProfileArnList", @@ -1101,10 +1290,11 @@ "Type": "CSV" } ], + "Resource Types": "AWS::EC2::Instance", "Trigger type": "Configuration changes" }, "EC2_LAST_BACKUP_RECOVERY_POINT_CREATED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "resourceTags", @@ -1129,10 +1319,23 @@ "Type": "String" } ], + "Resource Types": "AWS::EC2::Instance", "Trigger type": "Periodic" }, + "EC2_LAUNCH_TEMPLATE_PUBLIC_IP_DISABLED": { + "AWS Region": "All supported AWS regions except China (Beijing), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", + "Parameters": [ + { + "Name": "exemptedLaunchTemplates", + "Optional": true, + "Type": "CSV" + } + ], + "Resource Types": "AWS::EC2::LaunchTemplate", + "Trigger type": "Configuration changes" + }, "EC2_MANAGEDINSTANCE_APPLICATIONS_BLACKLISTED": { - "AWS Region": "All supported AWS regions except Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Name": "applicationNames", @@ -1145,10 +1348,11 @@ "Type": "String" } ], + "Resource Types": "AWS::SSM::ManagedInstanceInventory", "Trigger type": "Configuration changes" }, "EC2_MANAGEDINSTANCE_APPLICATIONS_REQUIRED": { - "AWS Region": "All supported AWS regions except Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Name": "applicationNames", @@ -1161,15 +1365,17 @@ "Type": "String" } ], + "Resource Types": "AWS::SSM::ManagedInstanceInventory", "Trigger type": "Configuration changes" }, "EC2_MANAGEDINSTANCE_ASSOCIATION_COMPLIANCE_STATUS_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Africa (Cape Town), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::SSM::AssociationCompliance", "Trigger type": "Configuration changes" }, "EC2_MANAGEDINSTANCE_INVENTORY_BLACKLISTED": { - "AWS Region": "All supported AWS regions except Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Name": "inventoryNames", @@ -1182,15 +1388,17 @@ "Type": "String" } ], + "Resource Types": "AWS::SSM::ManagedInstanceInventory", "Trigger type": "Configuration changes" }, "EC2_MANAGEDINSTANCE_PATCH_COMPLIANCE_STATUS_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Middle East (Bahrain), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except Middle East (Bahrain), Asia Pacific (Jakarta), Africa (Cape Town), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::SSM::PatchCompliance", "Trigger type": "Configuration changes" }, "EC2_MANAGEDINSTANCE_PLATFORM_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Name": "platformType", @@ -1213,20 +1421,23 @@ "Type": "String" } ], + "Resource Types": "AWS::SSM::ManagedInstanceInventory", "Trigger type": "Configuration changes" }, "EC2_NO_AMAZON_KEY_PAIR": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::EC2::Instance", "Trigger type": "Configuration changes" }, "EC2_PARAVIRTUAL_INSTANCE_CHECK": { "AWS Region": "Only available in Europe (Ireland), Europe (Frankfurt), South America (Sao Paulo), US East (N. Virginia), Asia Pacific (Tokyo), US West (Oregon), US West (N. California), Asia Pacific (Singapore), Asia Pacific (Sydney) Region", "Parameters": [], + "Resource Types": "AWS::EC2::Instance", "Trigger type": "Configuration changes" }, "EC2_RESOURCES_PROTECTED_BY_BACKUP_PLAN": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "resourceTags", @@ -1264,20 +1475,23 @@ "Type": "String" } ], + "Resource Types": "AWS::EC2::Instance", "Trigger type": "Periodic" }, "EC2_SECURITY_GROUP_ATTACHED_TO_ENI": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Osaka) Region", "Parameters": [], + "Resource Types": "AWS::EC2::SecurityGroup", "Trigger type": "Configuration changes" }, "EC2_SECURITY_GROUP_ATTACHED_TO_ENI_PERIODIC": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::EC2::SecurityGroup", "Trigger type": "Periodic" }, "EC2_STOPPED_INSTANCE": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except Africa (Cape Town), Middle East (UAE), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), Israel (Tel Aviv) Region", "Parameters": [ { "Default": "30", @@ -1289,7 +1503,7 @@ "Trigger type": "Periodic" }, "EC2_TOKEN_HOP_LIMIT_CHECK": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "tokenHopLimit", @@ -1297,11 +1511,13 @@ "Type": "int" } ], + "Resource Types": "AWS::EC2::Instance", "Trigger type": "Configuration changes" }, "EC2_TRANSIT_GATEWAY_AUTO_VPC_ATTACH_DISABLED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Hong Kong), Asia Pacific (Jakarta), Asia Pacific (Osaka), Asia Pacific (Mumbai), Middle East (Bahrain) Region", + "AWS Region": "All supported AWS regions except Middle East (Bahrain), China (Beijing), Asia Pacific (Mumbai), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hong Kong), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::EC2::TransitGateway", "Trigger type": "Configuration changes" }, "EC2_VOLUME_INUSE_CHECK": { @@ -1313,50 +1529,70 @@ "Type": "boolean" } ], + "Resource Types": "AWS::EC2::Volume", "Trigger type": "Configuration changes" }, "ECR_PRIVATE_IMAGE_SCANNING_ENABLED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [], - "Trigger type": "Configuration changes" + "Resource Types": "AWS::ECR::Repository", + "Trigger type": "Periodic" }, "ECR_PRIVATE_LIFECYCLE_POLICY_CONFIGURED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::ECR::Repository", "Trigger type": "Configuration changes" }, "ECR_PRIVATE_TAG_IMMUTABILITY_ENABLED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::ECR::Repository", "Trigger type": "Configuration changes" }, "ECS_AWSVPC_NETWORKING_ENABLED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::ECS::TaskDefinition", "Trigger type": "Configuration changes" }, "ECS_CONTAINERS_NONPRIVILEGED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Asia Pacific (Osaka), China (Ningxia) Region", "Parameters": [], + "Resource Types": "AWS::ECS::TaskDefinition", "Trigger type": "Configuration changes" }, "ECS_CONTAINERS_READONLY_ACCESS": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), China (Ningxia) Region", "Parameters": [], + "Resource Types": "AWS::ECS::TaskDefinition", "Trigger type": "Configuration changes" }, "ECS_CONTAINER_INSIGHTS_ENABLED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), China (Ningxia) Region", "Parameters": [], + "Resource Types": "AWS::ECS::Cluster", "Trigger type": "Configuration changes" }, "ECS_FARGATE_LATEST_PLATFORM_VERSION": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", - "Parameters": [], + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Asia Pacific (Osaka), China (Ningxia) Region", + "Parameters": [ + { + "Name": "latestLinuxVersion", + "Optional": true, + "Type": "String" + }, + { + "Name": "latestWindowsVersion", + "Optional": true, + "Type": "String" + } + ], + "Resource Types": "AWS::ECS::Service", "Trigger type": "Configuration changes" }, "ECS_NO_ENVIRONMENT_SECRETS": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Asia Pacific (Osaka), AWS GovCloud (US-East), AWS GovCloud (US-West), China (Ningxia) Region", "Parameters": [ { "Name": "secretKeys", @@ -1364,30 +1600,35 @@ "Type": "CSV" } ], + "Resource Types": "AWS::ECS::TaskDefinition", "Trigger type": "Configuration changes" }, "ECS_TASK_DEFINITION_LOG_CONFIGURATION": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::ECS::TaskDefinition", "Trigger type": "Configuration changes" }, "ECS_TASK_DEFINITION_MEMORY_HARD_LIMIT": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::ECS::TaskDefinition", "Trigger type": "Configuration changes" }, "ECS_TASK_DEFINITION_NONROOT_USER": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::ECS::TaskDefinition", "Trigger type": "Configuration changes" }, "ECS_TASK_DEFINITION_PID_MODE_CHECK": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Asia Pacific (Osaka), AWS GovCloud (US-East), AWS GovCloud (US-West), China (Ningxia) Region", "Parameters": [], + "Resource Types": "AWS::ECS::TaskDefinition", "Trigger type": "Configuration changes" }, "ECS_TASK_DEFINITION_USER_FOR_HOST_MODE_CHECK": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Middle East (UAE), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv) Region", "Parameters": [ { "Name": "SkipInactiveTaskDefinitions", @@ -1395,10 +1636,11 @@ "Type": "boolean" } ], + "Resource Types": "AWS::ECS::TaskDefinition", "Trigger type": "Configuration changes" }, "EFS_ACCESS_POINT_ENFORCE_ROOT_DIRECTORY": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "approvedDirectories", @@ -1406,10 +1648,11 @@ "Type": "CSV" } ], + "Resource Types": "AWS::EFS::AccessPoint", "Trigger type": "Configuration changes" }, "EFS_ACCESS_POINT_ENFORCE_USER_IDENTITY": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "approvedUids", @@ -1422,10 +1665,11 @@ "Type": "CSV" } ], + "Resource Types": "AWS::EFS::AccessPoint", "Trigger type": "Configuration changes" }, "EFS_ENCRYPTED_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Africa (Cape Town), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Name": "KmsKeyId", @@ -1436,12 +1680,12 @@ "Trigger type": "Periodic" }, "EFS_IN_BACKUP_PLAN": { - "AWS Region": "All supported AWS regions except AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Africa (Cape Town), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [], "Trigger type": "Periodic" }, "EFS_LAST_BACKUP_RECOVERY_POINT_CREATED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "resourceTags", @@ -1466,10 +1710,11 @@ "Type": "String" } ], + "Resource Types": "AWS::EFS::FileSystem", "Trigger type": "Periodic" }, "EFS_RESOURCES_PROTECTED_BY_BACKUP_PLAN": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "resourceTags", @@ -1507,15 +1752,23 @@ "Type": "String" } ], + "Resource Types": "AWS::EFS::FileSystem", "Trigger type": "Periodic" }, "EIP_ATTACHED": { - "AWS Region": "All supported AWS regions", + "AWS Region": "All supported AWS regions except Middle East (UAE) Region", "Parameters": [], + "Resource Types": "AWS::EC2::EIP", "Trigger type": "Configuration changes" }, + "EKS_CLUSTER_LOGGING_ENABLED": { + "AWS Region": "All supported AWS regions except China (Beijing), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", + "Parameters": [], + "Resource Types": "AWS::EKS::Cluster", + "Trigger type": "Periodic" + }, "EKS_CLUSTER_OLDEST_SUPPORTED_VERSION": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "oldestVersionSupported", @@ -1523,10 +1776,11 @@ "Type": "String" } ], + "Resource Types": "AWS::EKS::Cluster", "Trigger type": "Configuration changes" }, "EKS_CLUSTER_SUPPORTED_VERSION": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "oldestVersionSupported", @@ -1534,15 +1788,16 @@ "Type": "String" } ], + "Resource Types": "AWS::EKS::Cluster", "Trigger type": "Configuration changes" }, "EKS_ENDPOINT_NO_PUBLIC_ACCESS": { - "AWS Region": "All supported AWS regions except AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), US West (N. California), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Africa (Cape Town), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), US West (N. California), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [], "Trigger type": "Periodic" }, "EKS_SECRETS_ENCRYPTED": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), US West (N. California), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Africa (Cape Town), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), US West (N. California), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Name": "kmsKeyArns", @@ -1552,8 +1807,26 @@ ], "Trigger type": "Periodic" }, + "ELASTICACHE_AUTO_MINOR_VERSION_UPGRADE_CHECK": { + "AWS Region": "All supported AWS regions except China (Beijing), Middle East (UAE), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), China (Ningxia) Region", + "Parameters": [], + "Resource Types": "AWS::ElastiCache::CacheCluster", + "Trigger type": "Periodic" + }, + "ELASTICACHE_RBAC_AUTH_ENABLED": { + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", + "Parameters": [ + { + "Name": "allowedUserGroupIDs", + "Optional": true, + "Type": "CSV" + } + ], + "Resource Types": "AWS::ElastiCache::ReplicationGroup", + "Trigger type": "Periodic" + }, "ELASTICACHE_REDIS_CLUSTER_AUTOMATIC_BACKUP_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Default": "15", @@ -1562,20 +1835,74 @@ "Type": "int" } ], + "Resource Types": "AWS::ElastiCache::CacheCluster, AWS::ElastiCache::ReplicationGroup", + "Trigger type": "Periodic" + }, + "ELASTICACHE_REPL_GRP_AUTO_FAILOVER_ENABLED": { + "AWS Region": "All supported AWS regions except China (Beijing), Middle East (UAE), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), China (Ningxia) Region", + "Parameters": [], + "Resource Types": "AWS::ElastiCache::ReplicationGroup", + "Trigger type": "Periodic" + }, + "ELASTICACHE_REPL_GRP_ENCRYPTED_AT_REST": { + "AWS Region": "All supported AWS regions except China (Beijing), Middle East (UAE), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), China (Ningxia) Region", + "Parameters": [ + { + "Name": "approvedKMSKeyIds", + "Optional": true, + "Type": "CSV" + } + ], + "Resource Types": "AWS::ElastiCache::ReplicationGroup", + "Trigger type": "Periodic" + }, + "ELASTICACHE_REPL_GRP_ENCRYPTED_IN_TRANSIT": { + "AWS Region": "All supported AWS regions except China (Beijing), Middle East (UAE), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), China (Ningxia) Region", + "Parameters": [], + "Resource Types": "AWS::ElastiCache::ReplicationGroup", + "Trigger type": "Periodic" + }, + "ELASTICACHE_REPL_GRP_REDIS_AUTH_ENABLED": { + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", + "Parameters": [], + "Resource Types": "AWS::ElastiCache::ReplicationGroup", + "Trigger type": "Periodic" + }, + "ELASTICACHE_SUBNET_GROUP_CHECK": { + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", + "Parameters": [], + "Resource Types": "AWS::ElastiCache::CacheCluster", + "Trigger type": "Periodic" + }, + "ELASTICACHE_SUPPORTED_ENGINE_VERSION": { + "AWS Region": "All supported AWS regions except China (Beijing), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", + "Parameters": [ + { + "Name": "latestMemcachedVersion", + "Optional": false, + "Type": "String" + }, + { + "Name": "latestRedisVersion", + "Optional": false, + "Type": "String" + } + ], + "Resource Types": "AWS::ElastiCache::CacheCluster", "Trigger type": "Periodic" }, "ELASTICSEARCH_ENCRYPTED_AT_REST": { - "AWS Region": "All supported AWS regions except China (Ningxia), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [], "Trigger type": "Periodic" }, "ELASTICSEARCH_IN_VPC_ONLY": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [], "Trigger type": "Periodic" }, "ELASTICSEARCH_LOGS_TO_CLOUDWATCH": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Name": "logTypes", @@ -1583,15 +1910,34 @@ "Type": "CSV" } ], + "Resource Types": "AWS::Elasticsearch::Domain", "Trigger type": "Configuration changes" }, "ELASTICSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Africa (Cape Town), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::Elasticsearch::Domain", + "Trigger type": "Configuration changes" + }, + "ELASTIC_BEANSTALK_LOGS_TO_CLOUDWATCH": { + "AWS Region": "All supported AWS regions except Middle East (Bahrain), China (Beijing), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", + "Parameters": [ + { + "Name": "RetentionInDays", + "Optional": true, + "Type": "String" + }, + { + "Name": "DeleteOnTerminate", + "Optional": true, + "Type": "String" + } + ], + "Resource Types": "AWS::ElasticBeanstalk::Environment", "Trigger type": "Configuration changes" }, "ELASTIC_BEANSTALK_MANAGED_UPDATES_ENABLED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Name": "UpdateLevel", @@ -1599,10 +1945,11 @@ "Type": "String" } ], + "Resource Types": "AWS::ElasticBeanstalk::Environment", "Trigger type": "Configuration changes" }, "ELBV2_ACM_CERTIFICATE_REQUIRED": { - "AWS Region": "All supported AWS regions except AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Name": "AcmCertificatesAllowed", @@ -1613,7 +1960,7 @@ "Trigger type": "Periodic" }, "ELBV2_MULTIPLE_AZ": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), China (Ningxia) Region", "Parameters": [ { "Name": "minAvailabilityZones", @@ -1621,20 +1968,23 @@ "Type": "int" } ], + "Resource Types": "AWS::ElasticLoadBalancingV2::LoadBalancer", "Trigger type": "Configuration changes" }, "ELB_ACM_CERTIFICATE_REQUIRED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except Africa (Cape Town), Asia Pacific (Osaka), Europe (Milan), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::ElasticLoadBalancing::LoadBalancer", "Trigger type": "Configuration changes" }, "ELB_CROSS_ZONE_LOAD_BALANCING_ENABLED": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Osaka), Europe (Spain), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::ElasticLoadBalancing::LoadBalancer", "Trigger type": "Configuration changes" }, "ELB_CUSTOM_SECURITY_POLICY_SSL_CHECK": { - "AWS Region": "All supported AWS regions except AWS GovCloud (US-East), Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Africa (Cape Town), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), AWS GovCloud (US-East), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Name": "sslProtocolsAndCiphers", @@ -1642,15 +1992,17 @@ "Type": "String" } ], + "Resource Types": "AWS::ElasticLoadBalancing::LoadBalancer", "Trigger type": "Configuration changes" }, "ELB_DELETION_PROTECTION_ENABLED": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Osaka), Israel (Tel Aviv), Europe (Spain) Region", "Parameters": [], + "Resource Types": "AWS::ElasticLoadBalancingV2::LoadBalancer", "Trigger type": "Configuration changes" }, "ELB_LOGGING_ENABLED": { - "AWS Region": "All supported AWS regions", + "AWS Region": "All supported AWS regions except Asia Pacific (Hyderabad), Europe (Spain) Region", "Parameters": [ { "Name": "s3BucketNames", @@ -1658,10 +2010,11 @@ "Type": "CSV" } ], + "Resource Types": "AWS::ElasticLoadBalancing::LoadBalancer, AWS::ElasticLoadBalancingV2::LoadBalancer", "Trigger type": "Configuration changes" }, "ELB_PREDEFINED_SECURITY_POLICY_SSL_CHECK": { - "AWS Region": "All supported AWS regions except AWS GovCloud (US-East), Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except Africa (Cape Town), Asia Pacific (Osaka), Europe (Milan), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Name": "predefinedPolicyName", @@ -1669,15 +2022,17 @@ "Type": "String" } ], + "Resource Types": "AWS::ElasticLoadBalancing::LoadBalancer", "Trigger type": "Configuration changes" }, "ELB_TLS_HTTPS_LISTENERS_ONLY": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Middle East (UAE), Asia Pacific (Osaka), Europe (Spain), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::ElasticLoadBalancing::LoadBalancer", "Trigger type": "Configuration changes" }, "EMR_KERBEROS_ENABLED": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Name": "TicketLifetimeInHours", @@ -1708,12 +2063,13 @@ "Trigger type": "Periodic" }, "EMR_MASTER_NO_PUBLIC_IP": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Africa (Cape Town), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::EMR::Cluster", "Trigger type": "Periodic" }, "ENCRYPTED_VOLUMES": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except Africa (Cape Town), Asia Pacific (Osaka), Europe (Milan), Israel (Tel Aviv) Region", "Parameters": [ { "Name": "kmsId", @@ -1721,10 +2077,11 @@ "Type": "String" } ], + "Resource Types": "AWS::EC2::Volume", "Trigger type": "Configuration changes" }, "FMS_SHIELD_RESOURCE_POLICY_CHECK": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), Asia Pacific (Jakarta) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), China (Ningxia) Region", "Parameters": [ { "Name": "webACLId", @@ -1757,10 +2114,11 @@ "Type": "boolean" } ], + "Resource Types": "AWS::CloudFront::Distribution, AWS::ElasticLoadBalancingV2::LoadBalancer, AWS::WAFRegional::WebACL, AWS::EC2::EIP, AWS::ElasticLoadBalancing::LoadBalancer, AWS::ShieldRegional::Protection, AWS::Shield::Protection", "Trigger type": "Configuration changes" }, "FMS_WEBACL_RESOURCE_POLICY_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta) Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "webACLId", @@ -1788,10 +2146,11 @@ "Type": "boolean" } ], + "Resource Types": "AWS::CloudFront::Distribution, AWS::ApiGateway::Stage, AWS::ElasticLoadBalancingV2::LoadBalancer, AWS::WAFRegional::WebACL", "Trigger type": "Configuration changes" }, "FMS_WEBACL_RULEGROUP_ASSOCIATION_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta) Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "ruleGroups", @@ -1809,10 +2168,11 @@ "Type": "boolean" } ], + "Resource Types": "AWS::WAF::WebACL, AWS::WAFRegional::WebACL", "Trigger type": "Configuration changes" }, "FSX_LAST_BACKUP_RECOVERY_POINT_CREATED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "resourceTags", @@ -1837,10 +2197,11 @@ "Type": "String" } ], + "Resource Types": "AWS::FSx::FileSystem", "Trigger type": "Periodic" }, "FSX_RESOURCES_PROTECTED_BY_BACKUP_PLAN": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "resourceTags", @@ -1878,10 +2239,11 @@ "Type": "String" } ], + "Resource Types": "AWS::FSx::FileSystem", "Trigger type": "Periodic" }, "GUARDDUTY_ENABLED_CENTRALIZED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Middle East (Bahrain), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except Middle East (Bahrain), China (Beijing), Africa (Cape Town), Middle East (UAE), Asia Pacific (Osaka), Europe (Milan), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "CentralMonitoringAccount", @@ -1892,7 +2254,7 @@ "Trigger type": "Periodic" }, "GUARDDUTY_NON_ARCHIVED_FINDINGS": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Middle East (Bahrain), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except Middle East (Bahrain), China (Beijing), Asia Pacific (Jakarta), Africa (Cape Town), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Default": "30", @@ -1916,7 +2278,7 @@ "Trigger type": "Periodic" }, "IAM_CUSTOMER_POLICY_BLOCKED_KMS_ACTIONS": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Name": "blockedActionsPatterns", @@ -1929,15 +2291,17 @@ "Type": "boolean" } ], + "Resource Types": "AWS::IAM::Policy", "Trigger type": "Configuration changes" }, "IAM_GROUP_HAS_USERS_CHECK": { - "AWS Region": "All supported AWS regions", + "AWS Region": "All supported AWS regions except Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::IAM::Group", "Trigger type": "Configuration changes" }, "IAM_INLINE_POLICY_BLOCKED_KMS_ACTIONS": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Name": "blockedActionsPatterns", @@ -1950,15 +2314,17 @@ "Type": "boolean" } ], + "Resource Types": "AWS::IAM::Group, AWS::IAM::Role, AWS::IAM::User", "Trigger type": "Configuration changes" }, "IAM_NO_INLINE_POLICY_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::IAM::User, AWS::IAM::Role, AWS::IAM::Group", "Trigger type": "Configuration changes" }, "IAM_PASSWORD_POLICY": { - "AWS Region": "All supported AWS regions", + "AWS Region": "All supported AWS regions except Israel (Tel Aviv) Region", "Parameters": [ { "Default": "true", @@ -2006,10 +2372,10 @@ "Trigger type": "Periodic" }, "IAM_POLICY_BLACKLISTED_CHECK": { - "AWS Region": "All supported AWS regions", + "AWS Region": "All supported AWS regions except Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { - "Default": "arn", + "Default": "arn:aws:iam::aws:policy/AdministratorAccess", "Name": "policyArns", "Optional": false, "Type": "CSV" @@ -2020,10 +2386,11 @@ "Type": "CSV" } ], + "Resource Types": "AWS::IAM::User, AWS::IAM::Group, AWS::IAM::Role", "Trigger type": "Configuration changes" }, "IAM_POLICY_IN_USE": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except Africa (Cape Town), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Name": "policyARN", @@ -2039,12 +2406,7 @@ "Trigger type": "Periodic" }, "IAM_POLICY_NO_STATEMENTS_WITH_ADMIN_ACCESS": { - "AWS Region": "All supported AWS regions", - "Parameters": [], - "Trigger type": "Configuration changes" - }, - "IAM_POLICY_NO_STATEMENTS_WITH_FULL_ACCESS": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Name": "excludePermissionBoundaryPolicy", @@ -2052,10 +2414,23 @@ "Type": "boolean" } ], + "Resource Types": "AWS::IAM::Policy", + "Trigger type": "Configuration changes" + }, + "IAM_POLICY_NO_STATEMENTS_WITH_FULL_ACCESS": { + "AWS Region": "All supported AWS regions except Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", + "Parameters": [ + { + "Name": "excludePermissionBoundaryPolicy", + "Optional": true, + "Type": "boolean" + } + ], + "Resource Types": "AWS::IAM::Policy", "Trigger type": "Configuration changes" }, "IAM_ROLE_MANAGED_POLICY_CHECK": { - "AWS Region": "All supported AWS regions", + "AWS Region": "All supported AWS regions except Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Name": "managedPolicyArns", @@ -2063,15 +2438,16 @@ "Type": "CSV" } ], + "Resource Types": "AWS::IAM::Role", "Trigger type": "Configuration changes" }, "IAM_ROOT_ACCESS_KEY_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Middle East (UAE), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [], "Trigger type": "Periodic" }, "IAM_USER_GROUP_MEMBERSHIP_CHECK": { - "AWS Region": "All supported AWS regions", + "AWS Region": "All supported AWS regions except Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Name": "groupNames", @@ -2079,20 +2455,22 @@ "Type": "String" } ], + "Resource Types": "AWS::IAM::User", "Trigger type": "Configuration changes" }, "IAM_USER_MFA_ENABLED": { - "AWS Region": "All supported AWS regions", + "AWS Region": "All supported AWS regions except Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [], "Trigger type": "Periodic" }, "IAM_USER_NO_POLICIES_CHECK": { - "AWS Region": "All supported AWS regions", + "AWS Region": "All supported AWS regions except Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::IAM::User", "Trigger type": "Configuration changes" }, "IAM_USER_UNUSED_CREDENTIALS_CHECK": { - "AWS Region": "All supported AWS regions", + "AWS Region": "All supported AWS regions except Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Default": "90", @@ -2104,12 +2482,13 @@ "Trigger type": "Periodic" }, "INCOMING_SSH_DISABLED": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Africa (Cape Town), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::EC2::SecurityGroup", "Trigger type": "Configuration changes" }, "INSTANCES_IN_VPC": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except Africa (Cape Town), Middle East (UAE), Asia Pacific (Osaka), Europe (Milan), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Name": "vpcId", @@ -2117,10 +2496,11 @@ "Type": "String" } ], + "Resource Types": "AWS::EC2::Instance", "Trigger type": "Configuration changes" }, "INTERNET_GATEWAY_AUTHORIZED_VPC_ONLY": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Europe (Spain) Region", "Parameters": [ { "Name": "AuthorizedVpcIds", @@ -2128,15 +2508,17 @@ "Type": "String" } ], + "Resource Types": "AWS::EC2::InternetGateway", "Trigger type": "Configuration changes" }, "KINESIS_STREAM_ENCRYPTED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::Kinesis::Stream", "Trigger type": "Configuration changes" }, "KMS_CMK_NOT_SCHEDULED_FOR_DELETION": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Hyderabad), Europe (Milan), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Name": "kmsKeyIds", @@ -2144,10 +2526,11 @@ "Type": "String" } ], + "Resource Types": "AWS::KMS::Key", "Trigger type": "Periodic" }, "LAMBDA_CONCURRENCY_CHECK": { - "AWS Region": "All supported AWS regions except China (Ningxia), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Europe (Spain), China (Ningxia) Region", "Parameters": [ { "Name": "ConcurrencyLimitLow", @@ -2160,10 +2543,11 @@ "Type": "String" } ], + "Resource Types": "AWS::Lambda::Function", "Trigger type": "Configuration changes" }, "LAMBDA_DLQ_CHECK": { - "AWS Region": "All supported AWS regions except China (Ningxia), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Europe (Spain), China (Ningxia) Region", "Parameters": [ { "Name": "dlqArns", @@ -2171,15 +2555,17 @@ "Type": "String" } ], + "Resource Types": "AWS::Lambda::Function", "Trigger type": "Configuration changes" }, "LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED": { - "AWS Region": "All supported AWS regions except China (Ningxia), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Europe (Spain), China (Ningxia) Region", "Parameters": [], + "Resource Types": "AWS::Lambda::Function", "Trigger type": "Configuration changes" }, "LAMBDA_FUNCTION_SETTINGS_CHECK": { - "AWS Region": "All supported AWS regions except China (Ningxia), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Osaka), Europe (Spain), China (Ningxia) Region", "Parameters": [ { "Name": "runtime", @@ -2204,10 +2590,11 @@ "Type": "int" } ], + "Resource Types": "AWS::Lambda::Function", "Trigger type": "Configuration changes" }, "LAMBDA_INSIDE_VPC": { - "AWS Region": "All supported AWS regions except China (Ningxia), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Osaka), Europe (Spain), China (Ningxia) Region", "Parameters": [ { "Name": "subnetIds", @@ -2215,10 +2602,11 @@ "Type": "String" } ], + "Resource Types": "AWS::Lambda::Function", "Trigger type": "Configuration changes" }, "LAMBDA_VPC_MULTI_AZ_CHECK": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "availabilityZones", @@ -2226,15 +2614,40 @@ "Type": "int" } ], + "Resource Types": "AWS::Lambda::Function", "Trigger type": "Configuration changes" }, + "MACIE_STATUS_CHECK": { + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", + "Parameters": [], + "Resource Types": "AWS::::Account", + "Trigger type": "Periodic" + }, "MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS": { - "AWS Region": "All supported AWS regions", + "AWS Region": "All supported AWS regions except Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [], "Trigger type": "Periodic" }, + "MQ_AUTOMATIC_MINOR_VERSION_UPGRADE_ENABLED": { + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Africa (Cape Town), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", + "Parameters": [], + "Resource Types": "AWS::AmazonMQ::Broker", + "Trigger type": "Periodic" + }, + "MQ_CLOUDWATCH_AUDIT_LOGGING_ENABLED": { + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Africa (Cape Town), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", + "Parameters": [], + "Resource Types": "AWS::AmazonMQ::Broker", + "Trigger type": "Periodic" + }, + "MQ_NO_PUBLIC_ACCESS": { + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Africa (Cape Town), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", + "Parameters": [], + "Resource Types": "AWS::AmazonMQ::Broker", + "Trigger type": "Periodic" + }, "MULTI_REGION_CLOUD_TRAIL_ENABLED": { - "AWS Region": "All supported AWS regions", + "AWS Region": "All supported AWS regions except Middle East (UAE) Region", "Parameters": [ { "Name": "s3BucketName", @@ -2265,12 +2678,97 @@ "Trigger type": "Periodic" }, "NACL_NO_UNRESTRICTED_SSH_RDP": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West) Region", + "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia) Region", "Parameters": [], + "Resource Types": "AWS::EC2::NetworkAcl", + "Trigger type": "Configuration changes" + }, + "NEPTUNE_CLUSTER_BACKUP_RETENTION_CHECK": { + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", + "Parameters": [ + { + "Name": "minimumBackupRetentionPeriod", + "Optional": true, + "Type": "int" + } + ], + "Resource Types": "AWS::RDS::DBCluster", + "Trigger type": "Configuration changes" + }, + "NEPTUNE_CLUSTER_CLOUDWATCH_LOG_EXPORT_ENABLED": { + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", + "Parameters": [], + "Resource Types": "AWS::RDS::DBCluster", + "Trigger type": "Configuration changes" + }, + "NEPTUNE_CLUSTER_COPY_TAGS_TO_SNAPSHOT_ENABLED": { + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", + "Parameters": [], + "Resource Types": "AWS::RDS::DBCluster", + "Trigger type": "Configuration changes" + }, + "NEPTUNE_CLUSTER_DELETION_PROTECTION_ENABLED": { + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", + "Parameters": [], + "Resource Types": "AWS::RDS::DBCluster", + "Trigger type": "Configuration changes" + }, + "NEPTUNE_CLUSTER_ENCRYPTED": { + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", + "Parameters": [ + { + "Name": "KmsKeyArns", + "Optional": true, + "Type": "CSV" + } + ], + "Resource Types": "AWS::RDS::DBCluster", + "Trigger type": "Configuration changes" + }, + "NEPTUNE_CLUSTER_IAM_DATABASE_AUTHENTICATION": { + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", + "Parameters": [], + "Resource Types": "AWS::RDS::DBCluster", + "Trigger type": "Configuration changes" + }, + "NEPTUNE_CLUSTER_SNAPSHOT_ENCRYPTED": { + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", + "Parameters": [], + "Resource Types": "AWS::RDS::DBClusterSnapshot", + "Trigger type": "Configuration changes" + }, + "NEPTUNE_CLUSTER_SNAPSHOT_PUBLIC_PROHIBITED": { + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", + "Parameters": [], + "Resource Types": "AWS::RDS::DBClusterSnapshot", + "Trigger type": "Configuration changes" + }, + "NETFW_LOGGING_ENABLED": { + "AWS Region": "All supported AWS regions except China (Beijing), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", + "Parameters": [ + { + "Name": "logType", + "Optional": true, + "Type": "String" + } + ], + "Resource Types": "AWS::NetworkFirewall::LoggingConfiguration", + "Trigger type": "Periodic" + }, + "NETFW_MULTI_AZ_ENABLED": { + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", + "Parameters": [ + { + "Name": "availabilityZones", + "Optional": true, + "Type": "int" + } + ], + "Resource Types": "AWS::NetworkFirewall::Firewall", "Trigger type": "Configuration changes" }, "NETFW_POLICY_DEFAULT_ACTION_FRAGMENT_PACKETS": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "statelessFragmentDefaultActions", @@ -2278,10 +2776,11 @@ "Type": "CSV" } ], + "Resource Types": "AWS::NetworkFirewall::FirewallPolicy", "Trigger type": "Configuration changes" }, "NETFW_POLICY_DEFAULT_ACTION_FULL_PACKETS": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "statelessDefaultActions", @@ -2289,25 +2788,29 @@ "Type": "CSV" } ], + "Resource Types": "AWS::NetworkFirewall::FirewallPolicy", "Trigger type": "Configuration changes" }, "NETFW_POLICY_RULE_GROUP_ASSOCIATED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::NetworkFirewall::FirewallPolicy", "Trigger type": "Configuration changes" }, "NETFW_STATELESS_RULE_GROUP_NOT_EMPTY": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::NetworkFirewall::RuleGroup", "Trigger type": "Configuration changes" }, "NLB_CROSS_ZONE_LOAD_BALANCING_ENABLED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::ElasticLoadBalancingV2::LoadBalancer", "Trigger type": "Configuration changes" }, "NO_UNRESTRICTED_ROUTE_TO_IGW": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Europe (Spain), China (Ningxia) Region", "Parameters": [ { "Name": "routeTableIds", @@ -2315,15 +2818,17 @@ "Type": "CSV" } ], + "Resource Types": "AWS::EC2::RouteTable", "Trigger type": "Configuration changes" }, "OPENSEARCH_ACCESS_CONTROL_ENABLED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Africa (Cape Town), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::OpenSearch::Domain", "Trigger type": "Configuration changes" }, "OPENSEARCH_AUDIT_LOGGING_ENABLED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Africa (Cape Town), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "cloudWatchLogsLogGroupArnList", @@ -2331,20 +2836,23 @@ "Type": "CSV" } ], + "Resource Types": "AWS::OpenSearch::Domain", "Trigger type": "Configuration changes" }, "OPENSEARCH_DATA_NODE_FAULT_TOLERANCE": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Africa (Cape Town), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::OpenSearch::Domain", "Trigger type": "Configuration changes" }, "OPENSEARCH_ENCRYPTED_AT_REST": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Africa (Cape Town), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::OpenSearch::Domain", "Trigger type": "Configuration changes" }, "OPENSEARCH_HTTPS_REQUIRED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Africa (Cape Town), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "tlsPolicies", @@ -2352,15 +2860,17 @@ "Type": "CSV" } ], + "Resource Types": "AWS::OpenSearch::Domain", "Trigger type": "Configuration changes" }, "OPENSEARCH_IN_VPC_ONLY": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Africa (Cape Town), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::OpenSearch::Domain", "Trigger type": "Configuration changes" }, "OPENSEARCH_LOGS_TO_CLOUDWATCH": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Africa (Cape Town), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "logTypes", @@ -2368,20 +2878,23 @@ "Type": "CSV" } ], + "Resource Types": "AWS::OpenSearch::Domain", "Trigger type": "Configuration changes" }, "OPENSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Africa (Cape Town), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::OpenSearch::Domain", "Trigger type": "Configuration changes" }, "RDS_AUTOMATIC_MINOR_VERSION_UPGRADE_ENABLED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Osaka), Europe (Spain) Region", "Parameters": [], + "Resource Types": "AWS::RDS::DBInstance", "Trigger type": "Configuration changes" }, "RDS_CLUSTER_DEFAULT_ADMIN_CHECK": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Middle East (Bahrain), South America (Sao Paulo) Region", + "AWS Region": "All supported AWS regions except Middle East (Bahrain), China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), South America (Sao Paulo), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "validAdminUserNames", @@ -2389,30 +2902,41 @@ "Type": "CSV" } ], + "Resource Types": "AWS::RDS::DBCluster", "Trigger type": "Configuration changes" }, "RDS_CLUSTER_DELETION_PROTECTION_ENABLED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), Asia Pacific (Jakarta), Asia Pacific (Osaka), Middle East (Bahrain), South America (Sao Paulo) Region", + "AWS Region": "All supported AWS regions except Middle East (Bahrain), China (Beijing), South America (Sao Paulo), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain) Region", "Parameters": [], + "Resource Types": "AWS::RDS::DBCluster", + "Trigger type": "Configuration changes" + }, + "RDS_CLUSTER_ENCRYPTED_AT_REST": { + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain) Region", + "Parameters": [], + "Resource Types": "AWS::RDS::DBCluster", "Trigger type": "Configuration changes" }, "RDS_CLUSTER_IAM_AUTHENTICATION_ENABLED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka), Middle East (Bahrain), South America (Sao Paulo) Region", + "AWS Region": "All supported AWS regions except Middle East (Bahrain), China (Beijing), South America (Sao Paulo), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia) Region", "Parameters": [], + "Resource Types": "AWS::RDS::DBCluster", "Trigger type": "Configuration changes" }, "RDS_CLUSTER_MULTI_AZ_ENABLED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka), Middle East (Bahrain), South America (Sao Paulo) Region", + "AWS Region": "All supported AWS regions except Middle East (Bahrain), China (Beijing), South America (Sao Paulo), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain) Region", "Parameters": [], + "Resource Types": "AWS::RDS::DBCluster", "Trigger type": "Configuration changes" }, "RDS_DB_SECURITY_GROUP_NOT_ALLOWED": { "AWS Region": "Only available in Europe (Ireland), South America (Sao Paulo), US East (N. Virginia), Asia Pacific (Tokyo), US West (Oregon), US West (N. California), Asia Pacific (Singapore), Asia Pacific (Sydney) Region", "Parameters": [], + "Resource Types": "AWS::RDS::DBSecurityGroup", "Trigger type": "Configuration changes" }, "RDS_ENHANCED_MONITORING_ENABLED": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Osaka), Europe (Spain) Region", "Parameters": [ { "Name": "monitoringInterval", @@ -2420,10 +2944,11 @@ "Type": "int" } ], + "Resource Types": "AWS::RDS::DBInstance", "Trigger type": "Configuration changes" }, "RDS_INSTANCE_DEFAULT_ADMIN_CHECK": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West) Region", + "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia) Region", "Parameters": [ { "Name": "validAdminUserNames", @@ -2431,10 +2956,11 @@ "Type": "CSV" } ], + "Resource Types": "AWS::RDS::DBInstance", "Trigger type": "Configuration changes" }, "RDS_INSTANCE_DELETION_PROTECTION_ENABLED": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Osaka), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Name": "databaseEngines", @@ -2442,25 +2968,28 @@ "Type": "CSV" } ], + "Resource Types": "AWS::RDS::DBInstance", "Trigger type": "Configuration changes" }, "RDS_INSTANCE_IAM_AUTHENTICATION_ENABLED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), Asia Pacific (Hong Kong), Asia Pacific (Jakarta), Asia Pacific (Osaka), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except Africa (Cape Town), Asia Pacific (Hong Kong), Asia Pacific (Osaka), Europe (Spain) Region", "Parameters": [], + "Resource Types": "AWS::RDS::DBInstance", "Trigger type": "Configuration changes" }, "RDS_INSTANCE_PUBLIC_ACCESS_CHECK": { - "AWS Region": "All supported AWS regions", + "AWS Region": "All supported AWS regions except Asia Pacific (Hyderabad), Europe (Spain) Region", "Parameters": [], + "Resource Types": "AWS::RDS::DBInstance", "Trigger type": "Configuration changes" }, "RDS_IN_BACKUP_PLAN": { - "AWS Region": "All supported AWS regions except AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except Africa (Cape Town), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [], "Trigger type": "Periodic" }, "RDS_LAST_BACKUP_RECOVERY_POINT_CREATED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "resourceTags", @@ -2485,10 +3014,11 @@ "Type": "String" } ], + "Resource Types": "AWS::RDS::DBInstance", "Trigger type": "Periodic" }, "RDS_LOGGING_ENABLED": { - "AWS Region": "All supported AWS regions except China (Ningxia), Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except Africa (Cape Town), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Europe (Milan), Europe (Spain) Region", "Parameters": [ { "Name": "additionalLogs", @@ -2496,15 +3026,17 @@ "Type": "StringMap" } ], + "Resource Types": "AWS::RDS::DBInstance", "Trigger type": "Configuration changes" }, "RDS_MULTI_AZ_SUPPORT": { - "AWS Region": "All supported AWS regions", + "AWS Region": "All supported AWS regions except Europe (Spain), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::RDS::DBInstance", "Trigger type": "Configuration changes" }, "RDS_RESOURCES_PROTECTED_BY_BACKUP_PLAN": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "resourceTags", @@ -2542,20 +3074,23 @@ "Type": "String" } ], + "Resource Types": "AWS::RDS::DBInstance", "Trigger type": "Periodic" }, "RDS_SNAPSHOTS_PUBLIC_PROHIBITED": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except Africa (Cape Town), Asia Pacific (Melbourne), Europe (Milan), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::RDS::DBSnapshot, AWS::RDS::DBClusterSnapshot", "Trigger type": "Configuration changes" }, "RDS_SNAPSHOT_ENCRYPTED": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Osaka), Europe (Milan), Israel (Tel Aviv), Europe (Spain) Region", "Parameters": [], + "Resource Types": "AWS::RDS::DBSnapshot, AWS::RDS::DBClusterSnapshot", "Trigger type": "Configuration changes" }, "RDS_STORAGE_ENCRYPTED": { - "AWS Region": "All supported AWS regions", + "AWS Region": "All supported AWS regions except Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Name": "kmsKeyId", @@ -2563,10 +3098,11 @@ "Type": "String" } ], + "Resource Types": "AWS::RDS::DBInstance", "Trigger type": "Configuration changes" }, "REDSHIFT_AUDIT_LOGGING_ENABLED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "bucketNames", @@ -2574,10 +3110,11 @@ "Type": "CSV" } ], + "Resource Types": "AWS::Redshift::Cluster", "Trigger type": "Configuration changes" }, "REDSHIFT_BACKUP_ENABLED": { - "AWS Region": "All supported AWS regions except China (Ningxia), Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Africa (Cape Town), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Europe (Milan), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Name": "MinRetentionPeriod", @@ -2590,10 +3127,11 @@ "Type": "int" } ], + "Resource Types": "AWS::Redshift::Cluster", "Trigger type": "Configuration changes" }, "REDSHIFT_CLUSTER_CONFIGURATION_CHECK": { - "AWS Region": "All supported AWS regions except Middle East (Bahrain) Region", + "AWS Region": "All supported AWS regions except Middle East (Bahrain), Middle East (UAE), Asia Pacific (Hyderabad), Europe (Spain) Region", "Parameters": [ { "Default": "true", @@ -2614,10 +3152,11 @@ "Type": "CSV" } ], + "Resource Types": "AWS::Redshift::Cluster", "Trigger type": "Configuration changes" }, "REDSHIFT_CLUSTER_KMS_ENABLED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Europe (Spain), China (Ningxia) Region", "Parameters": [ { "Name": "kmsKeyArns", @@ -2625,10 +3164,11 @@ "Type": "CSV" } ], + "Resource Types": "AWS::Redshift::Cluster", "Trigger type": "Configuration changes" }, "REDSHIFT_CLUSTER_MAINTENANCESETTINGS_CHECK": { - "AWS Region": "All supported AWS regions except Middle East (Bahrain) Region", + "AWS Region": "All supported AWS regions except Middle East (Bahrain), Asia Pacific (Hyderabad), Europe (Spain) Region", "Parameters": [ { "Default": "true", @@ -2648,15 +3188,17 @@ "Type": "int" } ], + "Resource Types": "AWS::Redshift::Cluster", "Trigger type": "Configuration changes" }, "REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Hyderabad), Europe (Spain) Region", "Parameters": [], + "Resource Types": "AWS::Redshift::Cluster", "Trigger type": "Configuration changes" }, "REDSHIFT_DEFAULT_ADMIN_CHECK": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Israel (Tel Aviv), China (Ningxia) Region", "Parameters": [ { "Name": "validAdminUserNames", @@ -2664,10 +3206,11 @@ "Type": "CSV" } ], + "Resource Types": "AWS::Redshift::Cluster", "Trigger type": "Configuration changes" }, "REDSHIFT_DEFAULT_DB_NAME_CHECK": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), China (Ningxia) Region", "Parameters": [ { "Name": "validDatabaseNames", @@ -2675,16 +3218,19 @@ "Type": "CSV" } ], + "Resource Types": "AWS::Redshift::Cluster", "Trigger type": "Configuration changes" }, "REDSHIFT_ENHANCED_VPC_ROUTING_ENABLED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Europe (Spain) Region", "Parameters": [], + "Resource Types": "AWS::Redshift::Cluster", "Trigger type": "Configuration changes" }, "REDSHIFT_REQUIRE_TLS_SSL": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Europe (Milan), Europe (Spain) Region", "Parameters": [], + "Resource Types": "AWS::Redshift::Cluster", "Trigger type": "Configuration changes" }, "REQUIRED_TAGS": { @@ -2752,10 +3298,11 @@ "Type": "CSV" } ], + "Resource Types": "AWS::ACM::Certificate, AWS::AutoScaling::AutoScalingGroup, AWS::CloudFormation::Stack, AWS::CodeBuild::Project, AWS::DynamoDB::Table, AWS::EC2::CustomerGateway, AWS::EC2::Instance, AWS::EC2::InternetGateway, AWS::EC2::NetworkAcl, AWS::EC2::NetworkInterface, AWS::EC2::RouteTable, AWS::EC2::SecurityGroup, AWS::EC2::Subnet, AWS::EC2::Volume, AWS::EC2::VPC, AWS::EC2::VPNConnection, AWS::EC2::VPNGateway, AWS::ElasticLoadBalancing::LoadBalancer, AWS::ElasticLoadBalancingV2::LoadBalancer, AWS::RDS::DBInstance, AWS::RDS::DBSecurityGroup, AWS::RDS::DBSnapshot, AWS::RDS::DBSubnetGroup, AWS::RDS::EventSubscription, AWS::Redshift::Cluster, AWS::Redshift::ClusterParameterGroup, AWS::Redshift::ClusterSecurityGroup, AWS::Redshift::ClusterSnapshot, AWS::Redshift::ClusterSubnetGroup, AWS::S3::Bucket", "Trigger type": "Configuration changes" }, "RESTRICTED_INCOMING_TRAFFIC": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except Africa (Cape Town), Middle East (UAE), Asia Pacific (Osaka), Europe (Milan), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Default": "20", @@ -2786,22 +3333,28 @@ "Name": "blockedPort5", "Optional": true, "Type": "int" + }, + { + "Name": "blockedPorts", + "Optional": true, + "Type": "CSV" } ], + "Resource Types": "AWS::EC2::SecurityGroup", "Trigger type": "Configuration changes" }, "ROOT_ACCOUNT_HARDWARE_MFA_ENABLED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Middle East (UAE), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), China (Ningxia) Region", "Parameters": [], "Trigger type": "Periodic" }, "ROOT_ACCOUNT_MFA_ENABLED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Middle East (UAE), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), China (Ningxia) Region", "Parameters": [], "Trigger type": "Periodic" }, "S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Middle East (Bahrain) Region", + "AWS Region": "All supported AWS regions except Middle East (Bahrain), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Default": "True", @@ -2828,10 +3381,11 @@ "Type": "String" } ], + "Resource Types": "AWS::S3::AccountPublicAccessBlock", "Trigger type": "Configuration changes (current status not checked, only evaluated when changes generate new events)" }, "S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "IgnorePublicAcls", @@ -2854,15 +3408,17 @@ "Type": "String" } ], + "Resource Types": "AWS::::Account", "Trigger type": "Periodic" }, "S3_BUCKET_ACL_PROHIBITED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West) Region", + "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia) Region", "Parameters": [], + "Resource Types": "AWS::S3::Bucket", "Trigger type": "Configuration changes" }, "S3_BUCKET_BLACKLISTED_ACTIONS_PROHIBITED": { - "AWS Region": "All supported AWS regions", + "AWS Region": "All supported AWS regions except Asia Pacific (Hyderabad), Europe (Spain) Region", "Parameters": [ { "Name": "blacklistedActionPattern", @@ -2870,10 +3426,11 @@ "Type": "CSV" } ], + "Resource Types": "AWS::S3::Bucket", "Trigger type": "Configuration changes" }, "S3_BUCKET_DEFAULT_LOCK_ENABLED": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Osaka), Europe (Spain) Region", "Parameters": [ { "Name": "mode", @@ -2881,10 +3438,11 @@ "Type": "String" } ], + "Resource Types": "AWS::S3::Bucket", "Trigger type": "Configuration changes" }, "S3_BUCKET_LEVEL_PUBLIC_ACCESS_PROHIBITED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Osaka), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Name": "excludedPublicBuckets", @@ -2892,10 +3450,11 @@ "Type": "CSV" } ], + "Resource Types": "AWS::S3::Bucket", "Trigger type": "Configuration changes" }, "S3_BUCKET_LOGGING_ENABLED": { - "AWS Region": "All supported AWS regions", + "AWS Region": "All supported AWS regions except Europe (Spain) Region", "Parameters": [ { "Name": "targetBucket", @@ -2908,10 +3467,11 @@ "Type": "String" } ], + "Resource Types": "AWS::S3::Bucket", "Trigger type": "Configuration changes" }, "S3_BUCKET_POLICY_GRANTEE_CHECK": { - "AWS Region": "All supported AWS regions", + "AWS Region": "All supported AWS regions except Asia Pacific (Hyderabad), Europe (Spain) Region", "Parameters": [ { "Name": "awsPrincipals", @@ -2939,10 +3499,11 @@ "Type": "CSV" } ], + "Resource Types": "AWS::S3::Bucket", "Trigger type": "Configuration changes" }, "S3_BUCKET_POLICY_NOT_MORE_PERMISSIVE": { - "AWS Region": "All supported AWS regions", + "AWS Region": "All supported AWS regions except Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Name": "controlPolicy", @@ -2950,31 +3511,43 @@ "Type": "String" } ], + "Resource Types": "AWS::S3::Bucket", "Trigger type": "Configuration changes" }, "S3_BUCKET_PUBLIC_READ_PROHIBITED": { "AWS Region": "All supported AWS regions", "Parameters": [], + "Resource Types": "AWS::S3::Bucket", "Trigger type": "Configuration changes and Periodic" }, "S3_BUCKET_PUBLIC_WRITE_PROHIBITED": { "AWS Region": "All supported AWS regions", "Parameters": [], + "Resource Types": "AWS::S3::Bucket", "Trigger type": "Configuration changes and Periodic" }, "S3_BUCKET_REPLICATION_ENABLED": { - "AWS Region": "All supported AWS regions", - "Parameters": [], + "AWS Region": "All supported AWS regions except Europe (Spain) Region", + "Parameters": [ + { + "Name": "ReplicationType", + "Optional": true, + "Type": "String" + } + ], + "Resource Types": "AWS::S3::Bucket", "Trigger type": "Configuration changes" }, "S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED": { - "AWS Region": "All supported AWS regions", + "AWS Region": "All supported AWS regions except Europe (Spain) Region", "Parameters": [], + "Resource Types": "AWS::S3::Bucket", "Trigger type": "Configuration changes" }, "S3_BUCKET_SSL_REQUESTS_ONLY": { - "AWS Region": "All supported AWS regions", + "AWS Region": "All supported AWS regions except Europe (Spain) Region", "Parameters": [], + "Resource Types": "AWS::S3::Bucket", "Trigger type": "Configuration changes" }, "S3_BUCKET_VERSIONING_ENABLED": { @@ -2986,10 +3559,11 @@ "Type": "String" } ], + "Resource Types": "AWS::S3::Bucket", "Trigger type": "Configuration changes" }, "S3_DEFAULT_ENCRYPTION_KMS": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Hyderabad), Asia Pacific (Osaka), Europe (Spain) Region", "Parameters": [ { "Name": "kmsKeyArns", @@ -2997,10 +3571,11 @@ "Type": "CSV" } ], + "Resource Types": "AWS::S3::Bucket", "Trigger type": "Configuration changes" }, "S3_EVENT_NOTIFICATIONS_ENABLED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), China (Ningxia) Region", "Parameters": [ { "Name": "destinationArn", @@ -3013,10 +3588,11 @@ "Type": "CSV" } ], + "Resource Types": "AWS::S3::Bucket", "Trigger type": "Configuration changes" }, "S3_LAST_BACKUP_RECOVERY_POINT_CREATED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "resourceTags", @@ -3041,10 +3617,11 @@ "Type": "String" } ], + "Resource Types": "AWS::S3::Bucket", "Trigger type": "Periodic" }, "S3_LIFECYCLE_POLICY_CHECK": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), China (Ningxia) Region", "Parameters": [ { "Name": "targetTransitionDays", @@ -3072,10 +3649,11 @@ "Type": "CSV" } ], + "Resource Types": "AWS::S3::Bucket", "Trigger type": "Configuration changes" }, "S3_RESOURCES_PROTECTED_BY_BACKUP_PLAN": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "resourceTags", @@ -3113,10 +3691,11 @@ "Type": "String" } ], + "Resource Types": "AWS::S3::Bucket", "Trigger type": "Periodic" }, "S3_VERSION_LIFECYCLE_POLICY_CHECK": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West) Region", + "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia) Region", "Parameters": [ { "Name": "bucketNames", @@ -3124,10 +3703,11 @@ "Type": "CSV" } ], + "Resource Types": "AWS::S3::Bucket", "Trigger type": "Configuration changes" }, "SAGEMAKER_ENDPOINT_CONFIGURATION_KMS_KEY_CONFIGURED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Africa (Cape Town), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "kmsKeyArns", @@ -3137,8 +3717,20 @@ ], "Trigger type": "Periodic" }, + "SAGEMAKER_NOTEBOOK_INSTANCE_INSIDE_VPC": { + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", + "Parameters": [ + { + "Name": "SubnetIds", + "Optional": true, + "Type": "CSV" + } + ], + "Resource Types": "AWS::SageMaker::NotebookInstance", + "Trigger type": "Configuration changes" + }, "SAGEMAKER_NOTEBOOK_INSTANCE_KMS_KEY_CONFIGURED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Africa (Cape Town), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "kmsKeyArns", @@ -3148,29 +3740,42 @@ ], "Trigger type": "Periodic" }, + "SAGEMAKER_NOTEBOOK_INSTANCE_ROOT_ACCESS_CHECK": { + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", + "Parameters": [], + "Resource Types": "AWS::SageMaker::NotebookInstance", + "Trigger type": "Configuration changes" + }, "SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Africa (Cape Town), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [], "Trigger type": "Periodic" }, "SECRETSMANAGER_ROTATION_ENABLED_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "maximumAllowedRotationFrequency", "Optional": true, "Type": "int" + }, + { + "Name": "maximumAllowedRotationFrequencyInHours", + "Optional": true, + "Type": "int" } ], + "Resource Types": "AWS::SecretsManager::Secret", "Trigger type": "Configuration changes" }, "SECRETSMANAGER_SCHEDULED_ROTATION_SUCCESS_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions", "Parameters": [], + "Resource Types": "AWS::SecretsManager::Secret", "Trigger type": "Configuration changes" }, "SECRETSMANAGER_SECRET_PERIODIC_ROTATION": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "maxDaysSinceRotation", @@ -3181,7 +3786,7 @@ "Trigger type": "Periodic" }, "SECRETSMANAGER_SECRET_UNUSED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "unusedForDays", @@ -3192,7 +3797,7 @@ "Trigger type": "Periodic" }, "SECRETSMANAGER_USING_CMK": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia) Region", "Parameters": [ { "Name": "kmsKeyArns", @@ -3200,15 +3805,22 @@ "Type": "CSV" } ], + "Resource Types": "AWS::SecretsManager::Secret", "Trigger type": "Configuration changes" }, "SECURITYHUB_ENABLED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Africa (Cape Town), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [], "Trigger type": "Periodic" }, + "SECURITY_ACCOUNT_INFORMATION_PROVIDED": { + "AWS Region": "All supported AWS regions except China (Beijing), AWS GovCloud (US-East), AWS GovCloud (US-West), China (Ningxia) Region", + "Parameters": [], + "Resource Types": "AWS::::Account", + "Trigger type": "Periodic" + }, "SERVICE_VPC_ENDPOINT_ENABLED": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Osaka), Israel (Tel Aviv) Region", "Parameters": [ { "Name": "serviceName", @@ -3218,6 +3830,12 @@ ], "Trigger type": "Periodic" }, + "SES_MALWARE_SCANNING_ENABLED": { + "AWS Region": "Only available in Europe (Ireland), US East (N. Virginia), US West (Oregon) Region", + "Parameters": [], + "Resource Types": "AWS::SES::ReceiptRule", + "Trigger type": "Periodic" + }, "SHIELD_ADVANCED_ENABLED_AUTORENEW": { "AWS Region": "Only available in US East (N. Virginia) Region", "Parameters": [], @@ -3229,7 +3847,7 @@ "Trigger type": "Periodic" }, "SNS_ENCRYPTED_KMS": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Middle East (UAE), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Name": "kmsKeyIds", @@ -3237,53 +3855,39 @@ "Type": "CSV" } ], + "Resource Types": "AWS::SNS::Topic", "Trigger type": "Configuration changes" }, "SNS_TOPIC_MESSAGE_DELIVERY_NOTIFICATION_ENABLED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::SNS::Topic", "Trigger type": "Configuration changes" }, "SSM_DOCUMENT_NOT_PUBLIC": { - "AWS Region": "All supported AWS regions", + "AWS Region": "All supported AWS regions except Israel (Tel Aviv) Region", "Parameters": [], "Trigger type": "Periodic" }, - "STORAGEGATEWAY_LAST_BACKUP_RECOVERY_POINT_CREATED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "STEP_FUNCTIONS_STATE_MACHINE_LOGGING_ENABLED": { + "AWS Region": "All supported AWS regions except China (Beijing), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { - "Name": "resourceTags", + "Name": "cloudWatchLogGroupArns", "Optional": true, - "Type": "String" + "Type": "CSV" }, { - "Name": "resourceId", - "Optional": true, - "Type": "String" - }, - { - "Default": "1", - "Name": "recoveryPointAgeValue", - "Optional": true, - "Type": "int" - }, - { - "Default": "days", - "Name": "recoveryPointAgeUnit", + "Name": "logLevel", "Optional": true, "Type": "String" } ], - "Trigger type": "Periodic" - }, - "SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", - "Parameters": [], + "Resource Types": "AWS::StepFunctions::StateMachine", "Trigger type": "Configuration changes" }, - "VIRTUALMACHINE_LAST_BACKUP_RECOVERY_POINT_CREATED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "STORAGEGATEWAY_LAST_BACKUP_RECOVERY_POINT_CREATED": { + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "resourceTags", @@ -3308,10 +3912,11 @@ "Type": "String" } ], + "Resource Types": "AWS::StorageGateway::Volume", "Trigger type": "Periodic" }, - "VIRTUALMACHINE_RESOURCES_PROTECTED_BY_BACKUP_PLAN": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "STORAGEGATEWAY_RESOURCES_PROTECTED_BY_BACKUP_PLAN": { + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "resourceTags", @@ -3349,15 +3954,94 @@ "Type": "String" } ], + "Resource Types": "AWS::StorageGateway::Volume", + "Trigger type": "Periodic" + }, + "SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED": { + "AWS Region": "All supported AWS regions except Asia Pacific (Osaka) Region", + "Parameters": [], + "Resource Types": "AWS::EC2::Subnet", + "Trigger type": "Configuration changes" + }, + "VIRTUALMACHINE_LAST_BACKUP_RECOVERY_POINT_CREATED": { + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", + "Parameters": [ + { + "Name": "resourceTags", + "Optional": true, + "Type": "String" + }, + { + "Name": "resourceId", + "Optional": true, + "Type": "String" + }, + { + "Default": "1", + "Name": "recoveryPointAgeValue", + "Optional": true, + "Type": "int" + }, + { + "Default": "days", + "Name": "recoveryPointAgeUnit", + "Optional": true, + "Type": "String" + } + ], + "Resource Types": "AWS::BackupGateway::VirtualMachine", + "Trigger type": "Periodic" + }, + "VIRTUALMACHINE_RESOURCES_PROTECTED_BY_BACKUP_PLAN": { + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", + "Parameters": [ + { + "Name": "resourceTags", + "Optional": true, + "Type": "String" + }, + { + "Name": "resourceId", + "Optional": true, + "Type": "String" + }, + { + "Name": "crossRegionList", + "Optional": true, + "Type": "String" + }, + { + "Name": "crossAccountList", + "Optional": true, + "Type": "String" + }, + { + "Name": "maxRetentionDays", + "Optional": true, + "Type": "int" + }, + { + "Name": "minRetentionDays", + "Optional": true, + "Type": "int" + }, + { + "Name": "backupVaultLockCheck", + "Optional": true, + "Type": "String" + } + ], + "Resource Types": "AWS::BackupGateway::VirtualMachine", "Trigger type": "Periodic" }, "VPC_DEFAULT_SECURITY_GROUP_CLOSED": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta) Region", + "AWS Region": "All supported AWS regions", "Parameters": [], + "Resource Types": "AWS::EC2::SecurityGroup", "Trigger type": "Configuration changes" }, "VPC_FLOW_LOGS_ENABLED": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta) Region", + "AWS Region": "All supported AWS regions except Israel (Tel Aviv) Region", "Parameters": [ { "Name": "trafficType", @@ -3368,12 +4052,13 @@ "Trigger type": "Periodic" }, "VPC_NETWORK_ACL_UNUSED_CHECK": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Osaka) Region", "Parameters": [], + "Resource Types": "AWS::EC2::NetworkAcl", "Trigger type": "Configuration changes" }, "VPC_PEERING_DNS_RESOLUTION_CHECK": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "vpcIds", @@ -3381,10 +4066,11 @@ "Type": "CSV" } ], + "Resource Types": "AWS::EC2::VPCPeeringConnection", "Trigger type": "Configuration changes" }, "VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv) Region", "Parameters": [ { "Name": "authorizedTcpPorts", @@ -3397,15 +4083,17 @@ "Type": "String" } ], + "Resource Types": "AWS::EC2::SecurityGroup", "Trigger type": "Configuration changes" }, "VPC_VPN_2_TUNNELS_UP": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), Asia Pacific (Jakarta), Asia Pacific (Osaka), Middle East (Bahrain) Region", + "AWS Region": "All supported AWS regions except Middle East (Bahrain), China (Beijing), Asia Pacific (Osaka), Israel (Tel Aviv), China (Ningxia) Region", "Parameters": [], + "Resource Types": "AWS::EC2::VPNConnection", "Trigger type": "Configuration changes" }, "WAFV2_LOGGING_ENABLED": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Africa (Cape Town), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "KinesisFirehoseDeliveryStreamArns", @@ -3415,6 +4103,18 @@ ], "Trigger type": "Periodic" }, + "WAFV2_RULEGROUP_NOT_EMPTY": { + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", + "Parameters": [], + "Resource Types": "AWS::WAFv2::RuleGroup", + "Trigger type": "Configuration changes" + }, + "WAFV2_WEBACL_NOT_EMPTY": { + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), AWS GovCloud (US-East), AWS GovCloud (US-West), Europe (Spain), China (Ningxia), Europe (Zurich) Region", + "Parameters": [], + "Resource Types": "AWS::WAFv2::WebACL", + "Trigger type": "Configuration changes" + }, "WAF_CLASSIC_LOGGING_ENABLED": { "AWS Region": "Only available in US East (N. Virginia) Region", "Parameters": [ @@ -3429,31 +4129,37 @@ "WAF_GLOBAL_RULEGROUP_NOT_EMPTY": { "AWS Region": "Only available in US East (N. Virginia) Region", "Parameters": [], + "Resource Types": "AWS::WAF::RuleGroup", "Trigger type": "Configuration changes" }, "WAF_GLOBAL_RULE_NOT_EMPTY": { "AWS Region": "Only available in US East (N. Virginia) Region", "Parameters": [], + "Resource Types": "AWS::WAF::Rule", "Trigger type": "Configuration changes" }, "WAF_GLOBAL_WEBACL_NOT_EMPTY": { "AWS Region": "Only available in US East (N. Virginia) Region", "Parameters": [], + "Resource Types": "AWS::WAF::WebACL", "Trigger type": "Configuration changes" }, "WAF_REGIONAL_RULEGROUP_NOT_EMPTY": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::WAFRegional::RuleGroup", "Trigger type": "Configuration changes" }, "WAF_REGIONAL_RULE_NOT_EMPTY": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::WAFRegional::Rule", "Trigger type": "Configuration changes" }, "WAF_REGIONAL_WEBACL_NOT_EMPTY": { - "AWS Region": "All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [], + "Resource Types": "AWS::WAFRegional::WebACL", "Trigger type": "Configuration changes" } } diff --git a/scripts/pull_down_aws_managed_rules.py b/scripts/pull_down_aws_managed_rules.py index f43b33707..66cf5ab5d 100755 --- a/scripts/pull_down_aws_managed_rules.py +++ b/scripts/pull_down_aws_managed_rules.py @@ -1,19 +1,22 @@ #!/usr/bin/env python -"""Download markdown files with AWS managed ConfigRule info and convert to JSON. +"""Scrape web-based docs for AWS managed ConfigRule info and convert to JSON. Invocation: ./pull_down_aws_managed_rules.py + - Install ../requirements-tests.txt packages to ensure the lxml package + is installed. - Execute from the moto/scripts directory. - - To track download progress, use the "-v" command line switch. - - MANAGED_RULES_OUTPUT_FILENAME is the variable containing the name of - the file that will be overwritten when this script is run. + - To track progress, use the "-v" command line switch. + - MANAGED_RULES_OUTPUT_FILENAME is the variable with the output filename. + The file is overwritten when this script is successfully run. - NOTE: This script takes a while to download all the files. + NOTE: This script takes a while to scrape all the web pages. The + scraping could be parallelized, but since this script might only be + run once every couple of months, it wasn't worth the complexity. Summary: - The first markdown file is read to obtain the names of markdown files - for all the AWS managed config rules. Then each of those markdown files - are read and info is extracted with the final results written to a JSON - file. + An initial web page is parsed to obtain the links for all the other + docs for AWS managed config rules. Each of those links are parsed + and the needed info is written to a JSON file. The JSON output will look as follows: @@ -31,6 +34,7 @@ Summary: } ], "Trigger type": "Periodic" + "Resource type: "AWS::IAM::User" }, }, ... @@ -40,98 +44,118 @@ Summary: import argparse import json -import re import sys +from lxml import html import requests MANAGED_RULES_OUTPUT_FILENAME = "../moto/config/resources/aws_managed_rules.json" -AWS_MARKDOWN_URL_START = "https://raw.githubusercontent.com/awsdocs/aws-config-developer-guide/main/doc_source/" +AWS_CONFIG_MANAGED_RULES_URL_START = ( + "https://docs.aws.amazon.com/config/latest/developerguide/" +) -LIST_OF_MARKDOWNS_URL = "managed-rules-by-aws-config.md" +LIST_OF_RULES_URL = "managed-rules-by-aws-config.html" -def extract_param_info(line): - """Return dict containing parameter info extracted from line.""" - # Examples of parameter definitions: - # maxAccessKeyAgeType: intDefault: 90 - # IgnorePublicAcls \(Optional\)Type: StringDefault: True - # MasterAccountId \(Optional\)Type: String - # endpointConfigurationTypesType: String +def extract_param_info(page_content): + """Return dict containing parameter info extracted from page. - values = re.split(r":\s?", line) - name = values[0] - param_type = values[1] + The info for all (not each) parameters is contained within a "dl" tag, + with "dt" tags providing the details. A "dt" tag without a colon + provides the parameter name and indicates that the "dt" tags that follow + provide details for that parameter up until the next "dt" tag without a + colon or the end of the "dl" tag. + """ + dl_tags = page_content.xpath('//div[@class="variablelist"]//dl') + if len(dl_tags) > 1: + print( + f"ERROR: Found {len(dl_tags)} 'dl' tags for parameters; " + "only expecting one. Ignoring extra 'dl' tag.", + file=sys.stderr + ) - # If there is no Optional keyword, then sometimes there - # isn't a space between the parameter name and "Type". - name = re.sub("Type$", "", name) + dt_tags = dl_tags[0].xpath(".//dt") - # Sometimes there isn't a space between the type and the - # word "Default". - if "Default" in param_type: - param_type = re.sub("Default$", "", param_type) + all_params = [] + param_details = {} + for dt_tag in dt_tags: + text = dt_tag.text_content() + if not text or text == "None": + continue - optional = False - if "Optional" in line: - optional = True - # Remove "Optional" from the line. - name = name.split()[0] + # If a colon is NOT present, this is the parameter name and not + # a key, value pair. + if ": " not in text: + # If parameter info has been collected, save it and start a + # collection for this new parameter. + if param_details: + all_params.append(param_details) + param_details = {} + if "Optional" in text: + text = text.split()[0] + param_details["Optional"] = True + else: + param_details["Optional"] = False + param_details["Name"] = text + continue - param_info = { - "Name": name, - "Optional": optional, - "Type": param_type, - } + key, value = text.split(": ") + param_details[key] = value - # A default value isn't always provided. - if len(values) > 2: - param_info["Default"] = values[2] + # Collect the last parameter found. + if param_details: + all_params.append(param_details) - return param_info + return all_params -def extract_managed_rule_info(lines): - """Return dict of qualifiers/rules extracted from a markdown file.""" +def extract_managed_rule_info(page_content): + """Return dict of qualifiers/rules extracted from web page. + + An example of the html that's being processed: + +
+ ... + +

access-keys-rotated

+

Identifier: ACCESS_KEYS_ROTATED

+

Resource Types: AWS::IAM::User

+

Trigger type: Periodic

+

AWS Region: All supported AWS regions except Middle East (UAE), + Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Israel (Tel Aviv), + Europe (Spain), Europe (Zurich) Region

+

Parameters:

+
+
+
maxAccessKeyAge
+
Type: int
+
Default: 90
+
+

Maximum number of days without rotation. Default 90.

+
+
+ + ... +
+ """ rule_info = {} - label_pattern = re.compile(r"(?:\*\*)(?P