import type { Construct } from 'constructs'; import type { ConfigRuleReference, IConfigRuleRef } from './config.generated'; import * as events from '../../aws-events'; import type * as lambda from '../../aws-lambda'; import type { IResource } from '../../core'; import { Resource } from '../../core'; /** * Interface representing an AWS Config rule */ export interface IRule extends IResource, IConfigRuleRef { /** * The name of the rule. * * @attribute */ readonly configRuleName: string; /** * Defines an EventBridge event rule which triggers for rule events. Use * `rule.addEventPattern(pattern)` to specify a filter. */ onEvent(id: string, options?: events.OnEventOptions): events.Rule; /** * Defines a EventBridge event rule which triggers for rule compliance events. */ onComplianceChange(id: string, options?: events.OnEventOptions): events.Rule; /** * Defines a EventBridge event rule which triggers for rule re-evaluation status events. */ onReEvaluationStatus(id: string, options?: events.OnEventOptions): events.Rule; } /** * The mode of evaluation for the rule. */ export declare class EvaluationMode { readonly modes: string[]; /** * Evaluate resources that have already been deployed */ static readonly DETECTIVE: EvaluationMode; /** * Evaluate resources before they have been deployed */ static readonly PROACTIVE: EvaluationMode; /** * Evaluate resources that have already been deployed and before they have been deployed */ static readonly DETECTIVE_AND_PROACTIVE: EvaluationMode; /** * @param modes The modes of evaluation for the rule */ protected constructor(modes: string[]); } /** * A new or imported rule. */ declare abstract class RuleBase extends Resource implements IRule { abstract readonly configRuleName: string; /** * Defines an EventBridge event rule which triggers for rule events. Use * `rule.addEventPattern(pattern)` to specify a filter. */ onEvent(id: string, options?: events.OnEventOptions): events.Rule; /** * Defines an EventBridge event rule which triggers for rule compliance events. */ onComplianceChange(id: string, options?: events.OnEventOptions): events.Rule; /** * Defines an EventBridge event rule which triggers for rule re-evaluation status events. */ onReEvaluationStatus(id: string, options?: events.OnEventOptions): events.Rule; get configRuleRef(): ConfigRuleReference; } /** * A new managed or custom rule. */ declare abstract class RuleNew extends RuleBase { /** * Imports an existing rule. * * @param configRuleName the name of the rule */ static fromConfigRuleName(scope: Construct, id: string, configRuleName: string): IRule; /** * The arn of the rule. */ abstract readonly configRuleArn: string; /** * The id of the rule. */ abstract readonly configRuleId: string; /** * The compliance status of the rule. */ abstract readonly configRuleComplianceType: string; protected ruleScope?: RuleScope; protected isManaged?: boolean; protected isCustomWithChanges?: boolean; get configRuleRef(): ConfigRuleReference; } /** * Determines which resources trigger an evaluation of an AWS Config rule. */ export declare class RuleScope { /** restricts scope of changes to a specific resource type or resource identifier */ static fromResource(resourceType: ResourceType, resourceId?: string): RuleScope; /** restricts scope of changes to specific resource types */ static fromResources(resourceTypes: ResourceType[]): RuleScope; /** restricts scope of changes to a specific tag */ static fromTag(key: string, value?: string): RuleScope; /** Resource types that will trigger evaluation of a rule */ readonly resourceTypes?: ResourceType[]; /** ID of the only AWS resource that will trigger evaluation of a rule */ readonly resourceId?: string; /** tag key applied to resources that will trigger evaluation of a rule */ readonly key?: string; /** tag value applied to resources that will trigger evaluation of a rule */ readonly value?: string; private constructor(); } /** * The maximum frequency at which the AWS Config rule runs evaluations. */ export declare enum MaximumExecutionFrequency { /** * 1 hour. */ ONE_HOUR = "One_Hour", /** * 3 hours. */ THREE_HOURS = "Three_Hours", /** * 6 hours. */ SIX_HOURS = "Six_Hours", /** * 12 hours. */ TWELVE_HOURS = "Twelve_Hours", /** * 24 hours. */ TWENTY_FOUR_HOURS = "TwentyFour_Hours" } /** * Construction properties for a new rule. */ export interface RuleProps { /** * A name for the AWS Config rule. * * @default - CloudFormation generated name */ readonly configRuleName?: string; /** * A description about this AWS Config rule. * * @default - No description */ readonly description?: string; /** * Input parameter values that are passed to the AWS Config rule. * * @default - No input parameters */ readonly inputParameters?: { [key: string]: any; }; /** * The maximum frequency at which the AWS Config rule runs evaluations. * * @default MaximumExecutionFrequency.TWENTY_FOUR_HOURS */ readonly maximumExecutionFrequency?: MaximumExecutionFrequency; /** * Defines which resources trigger an evaluation for an AWS Config rule. * * @default - evaluations for the rule are triggered when any resource in the recording group changes. */ readonly ruleScope?: RuleScope; /** * The modes the AWS Config rule can be evaluated in. The valid values are distinct objects. * * @default - Detective evaluation mode only */ readonly evaluationModes?: EvaluationMode; } /** * Construction properties for a ManagedRule. */ export interface ManagedRuleProps extends RuleProps { /** * The identifier of the AWS managed rule. * * @see https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html */ readonly identifier: string; } /** * A new managed rule. * * @resource AWS::Config::ConfigRule */ export declare class ManagedRule extends RuleNew { /** Uniquely identifies this class. */ static readonly PROPERTY_INJECTION_ID: string; /** @attribute */ readonly configRuleName: string; /** @attribute */ readonly configRuleArn: string; /** @attribute */ readonly configRuleId: string; /** @attribute */ readonly configRuleComplianceType: string; constructor(scope: Construct, id: string, props: ManagedRuleProps); } /** * Construction properties for a CustomRule. */ export interface CustomRuleProps extends RuleProps { /** * The Lambda function to run. */ readonly lambdaFunction: lambda.IFunction; /** * Whether to run the rule on configuration changes. * * @default false */ readonly configurationChanges?: boolean; /** * Whether to run the rule on a fixed frequency. * * @default false */ readonly periodic?: boolean; } /** * A new custom rule. * * @resource AWS::Config::ConfigRule */ export declare class CustomRule extends RuleNew { /** Uniquely identifies this class. */ static readonly PROPERTY_INJECTION_ID: string; /** @attribute */ readonly configRuleName: string; /** @attribute */ readonly configRuleArn: string; /** @attribute */ readonly configRuleId: string; /** @attribute */ readonly configRuleComplianceType: string; constructor(scope: Construct, id: string, props: CustomRuleProps); } /** * Construction properties for a CustomPolicy. */ export interface CustomPolicyProps extends RuleProps { /** * The policy definition containing the logic for your AWS Config Custom Policy rule. */ readonly policyText: string; /** * The boolean expression for enabling debug logging for your AWS Config Custom Policy rule. * * @default false */ readonly enableDebugLog?: boolean; } /** * A new custom policy. * * @resource AWS::Config::ConfigRule */ export declare class CustomPolicy extends RuleNew { /** * Uniquely identifies this class. */ static readonly PROPERTY_INJECTION_ID: string; /** @attribute */ readonly configRuleName: string; /** @attribute */ readonly configRuleArn: string; /** @attribute */ readonly configRuleId: string; /** @attribute */ readonly configRuleComplianceType: string; constructor(scope: Construct, id: string, props: CustomPolicyProps); } /** * Managed rules that are supported by AWS Config. * @see https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html */ export declare class ManagedRuleIdentifiers { /** * Checks that the inline policies attached to your AWS Identity and Access Management users, * roles, and groups do not allow blocked actions on all AWS Key Management Service keys. * @see https://docs.aws.amazon.com/config/latest/developerguide/iam-inline-policy-blocked-kms-actions.html */ static readonly IAM_INLINE_POLICY_BLOCKED_KMS_ACTIONS = "IAM_INLINE_POLICY_BLOCKED_KMS_ACTIONS"; /** * Checks that the managed AWS Identity and Access Management policies that you create do not * allow blocked actions on all AWS AWS KMS keys. * @see https://docs.aws.amazon.com/config/latest/developerguide/iam-customer-policy-blocked-kms-actions.html */ static readonly IAM_CUSTOMER_POLICY_BLOCKED_KMS_ACTIONS = "IAM_CUSTOMER_POLICY_BLOCKED_KMS_ACTIONS"; /** * Checks whether the active access keys are rotated within the number of days specified in maxAccessKeyAge. * @see https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html */ static readonly ACCESS_KEYS_ROTATED = "ACCESS_KEYS_ROTATED"; /** * Checks whether AWS account is part of AWS Organizations. * @see https://docs.aws.amazon.com/config/latest/developerguide/account-part-of-organizations.html */ static readonly ACCOUNT_PART_OF_ORGANIZATIONS = "ACCOUNT_PART_OF_ORGANIZATIONS"; /** * Checks whether ACM Certificates in your account are marked for expiration within the specified number of days. * @see https://docs.aws.amazon.com/config/latest/developerguide/acm-certificate-expiration-check.html */ static readonly ACM_CERTIFICATE_EXPIRATION_CHECK = "ACM_CERTIFICATE_EXPIRATION_CHECK"; /** * Checks if an Application Load Balancer (ALB) is configured with a user defined desync mitigation mode. * @see https://docs.aws.amazon.com/config/latest/developerguide/alb-desync-mode-check.html */ static readonly ALB_DESYNC_MODE_CHECK = "ALB_DESYNC_MODE_CHECK"; /** * Checks if rule evaluates Application Load Balancers (ALBs) to ensure they are configured to drop http headers. * @see https://docs.aws.amazon.com/config/latest/developerguide/alb-http-drop-invalid-header-enabled.html */ static readonly ALB_HTTP_DROP_INVALID_HEADER_ENABLED = "ALB_HTTP_DROP_INVALID_HEADER_ENABLED"; /** * Checks whether HTTP to HTTPS redirection is configured on all HTTP listeners of Application Load Balancer. * @see https://docs.aws.amazon.com/config/latest/developerguide/alb-http-to-https-redirection-check.html */ static readonly ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK = "ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK"; /** * Checks if Web Application Firewall (WAF) is enabled on Application Load Balancers (ALBs). * @see https://docs.aws.amazon.com/config/latest/developerguide/alb-waf-enabled.html */ static readonly ALB_WAF_ENABLED = "ALB_WAF_ENABLED"; /** * Checks if Amazon API Gateway V2 stages have access logging enabled. * @see https://docs.aws.amazon.com/config/latest/developerguide/api-gwv2-access-logs-enabled.html */ static readonly API_GWV2_ACCESS_LOGS_ENABLED = "API_GWV2_ACCESS_LOGS_ENABLED"; /** * Checks if Amazon API Gatewayv2 API routes have an authorization type set. * @see https://docs.aws.amazon.com/config/latest/developerguide/api-gwv2-authorization-type-configured.html */ static readonly API_GWV2_AUTHORIZATION_TYPE_CONFIGURED = "API_GWV2_AUTHORIZATION_TYPE_CONFIGURED"; /** * Checks if an Amazon API Gateway API stage is using an AWS WAF Web ACL. * @see https://docs.aws.amazon.com/config/latest/developerguide/api-gw-associated-with-waf.html */ static readonly API_GW_ASSOCIATED_WITH_WAF = "API_GW_ASSOCIATED_WITH_WAF"; /** * Checks that all methods in Amazon API Gateway stages have caching enabled and encrypted. * @see https://docs.aws.amazon.com/config/latest/developerguide/api-gw-cache-enabled-and-encrypted.html */ static readonly API_GW_CACHE_ENABLED_AND_ENCRYPTED = "API_GW_CACHE_ENABLED_AND_ENCRYPTED"; /** * Checks that Amazon API Gateway APIs are of the type specified in the rule parameter endpointConfigurationType. * @see https://docs.aws.amazon.com/config/latest/developerguide/api-gw-endpoint-type-check.html */ static readonly API_GW_ENDPOINT_TYPE_CHECK = "API_GW_ENDPOINT_TYPE_CHECK"; /** * Checks that all methods in Amazon API Gateway stage has logging enabled. * @see https://docs.aws.amazon.com/config/latest/developerguide/api-gw-execution-logging-enabled.html */ static readonly API_GW_EXECUTION_LOGGING_ENABLED = "API_GW_EXECUTION_LOGGING_ENABLED"; /** * Checks if a REST API stage uses an Secure Sockets Layer (SSL) certificate. * @see https://docs.aws.amazon.com/config/latest/developerguide/api-gw-ssl-enabled.html */ static readonly API_GW_SSL_ENABLED = "API_GW_SSL_ENABLED"; /** * Checks if AWS X-Ray tracing is enabled on Amazon API Gateway REST APIs. * @see https://docs.aws.amazon.com/config/latest/developerguide/api-gw-xray-enabled.html */ static readonly API_GW_XRAY_ENABLED = "API_GW_XRAY_ENABLED"; /** * Checks whether running instances are using specified AMIs. * @see https://docs.aws.amazon.com/config/latest/developerguide/approved-amis-by-id.html */ static readonly APPROVED_AMIS_BY_ID = "APPROVED_AMIS_BY_ID"; /** * Checks whether running instances are using specified AMIs. * @see https://docs.aws.amazon.com/config/latest/developerguide/approved-amis-by-tag.html */ static readonly APPROVED_AMIS_BY_TAG = "APPROVED_AMIS_BY_TAG"; /** * Checks if a recovery point was created for Amazon Aurora DB clusters. * @see https://docs.aws.amazon.com/config/latest/developerguide/aurora-last-backup-recovery-point-created.html */ static readonly AURORA_LAST_BACKUP_RECOVERY_POINT_CREATED = "AURORA_LAST_BACKUP_RECOVERY_POINT_CREATED"; /** * Checks if an Amazon Aurora MySQL cluster has backtracking enabled. * @see https://docs.aws.amazon.com/config/latest/developerguide/aurora-mysql-backtracking-enabled.html */ static readonly AURORA_MYSQL_BACKTRACKING_ENABLED = "AURORA_MYSQL_BACKTRACKING_ENABLED"; /** * Checks if Amazon Aurora DB clusters are protected by a backup plan. * @see https://docs.aws.amazon.com/config/latest/developerguide/aurora-resources-protected-by-backup-plan.html */ static readonly AURORA_RESOURCES_PROTECTED_BY_BACKUP_PLAN = "AURORA_RESOURCES_PROTECTED_BY_BACKUP_PLAN"; /** * Checks if Capacity Rebalancing is enabled for Amazon EC2 Auto Scaling groups that use multiple instance types. * @see https://docs.aws.amazon.com/config/latest/developerguide/autoscaling-capacity-rebalancing.html */ static readonly AUTOSCALING_CAPACITY_REBALANCING = "AUTOSCALING_CAPACITY_REBALANCING"; /** * Checks whether your Auto Scaling groups that are associated with a load balancer are using * Elastic Load Balancing health checks. * @see https://docs.aws.amazon.com/config/latest/developerguide/autoscaling-group-elb-healthcheck-required.html */ static readonly AUTOSCALING_GROUP_ELB_HEALTHCHECK_REQUIRED = "AUTOSCALING_GROUP_ELB_HEALTHCHECK_REQUIRED"; /** * Checks whether only IMDSv2 is enabled. * @see https://docs.aws.amazon.com/config/latest/developerguide/autoscaling-launchconfig-requires-imdsv2.html */ static readonly AUTOSCALING_LAUNCHCONFIG_REQUIRES_IMDSV2 = "AUTOSCALING_LAUNCHCONFIG_REQUIRES_IMDSV2"; /** * Checks the number of network hops that the metadata token can travel. * @see https://docs.aws.amazon.com/config/latest/developerguide/autoscaling-launch-config-hop-limit.html */ static readonly AUTOSCALING_LAUNCH_CONFIG_HOP_LIMIT = "AUTOSCALING_LAUNCH_CONFIG_HOP_LIMIT"; /** * Checks if Amazon EC2 Auto Scaling groups have public IP addresses enabled through Launch Configurations. * @see https://docs.aws.amazon.com/config/latest/developerguide/autoscaling-launch-config-public-ip-disabled.html */ static readonly AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED = "AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED"; /** * Checks if an Amazon Elastic Compute Cloud (EC2) Auto Scaling group is created from an EC2 launch template. * @see https://docs.aws.amazon.com/config/latest/developerguide/autoscaling-launch-template.html */ static readonly AUTOSCALING_LAUNCH_TEMPLATE = "AUTOSCALING_LAUNCH_TEMPLATE"; /** * Checks if the Auto Scaling group spans multiple Availability Zones. * @see https://docs.aws.amazon.com/config/latest/developerguide/autoscaling-multiple-az.html */ static readonly AUTOSCALING_MULTIPLE_AZ = "AUTOSCALING_MULTIPLE_AZ"; /** * Checks if an Amazon Elastic Compute Cloud (Amazon EC2) Auto Scaling group uses multiple instance types. * @see https://docs.aws.amazon.com/config/latest/developerguide/autoscaling-multiple-instance-types.html */ static readonly AUTOSCALING_MULTIPLE_INSTANCE_TYPES = "AUTOSCALING_MULTIPLE_INSTANCE_TYPES"; /** * Checks if a backup plan has a backup rule that satisfies the required frequency and retention period. * @see https://docs.aws.amazon.com/config/latest/developerguide/backup-plan-min-frequency-and-min-retention-check.html */ static readonly BACKUP_PLAN_MIN_FREQUENCY_AND_MIN_RETENTION_CHECK = "BACKUP_PLAN_MIN_FREQUENCY_AND_MIN_RETENTION_CHECK"; /** * Checks if a recovery point is encrypted. * @see https://docs.aws.amazon.com/config/latest/developerguide/backup-recovery-point-encrypted.html */ static readonly BACKUP_RECOVERY_POINT_ENCRYPTED = "BACKUP_RECOVERY_POINT_ENCRYPTED"; /** * Checks if a backup vault has an attached resource-based policy which prevents deletion of recovery points. * @see https://docs.aws.amazon.com/config/latest/developerguide/backup-recovery-point-manual-deletion-disabled.html */ static readonly BACKUP_RECOVERY_POINT_MANUAL_DELETION_DISABLED = "BACKUP_RECOVERY_POINT_MANUAL_DELETION_DISABLED"; /** * Checks if a recovery point expires no earlier than after the specified period. * @see https://docs.aws.amazon.com/config/latest/developerguide/backup-recovery-point-minimum-retention-check.html */ static readonly BACKUP_RECOVERY_POINT_MINIMUM_RETENTION_CHECK = "BACKUP_RECOVERY_POINT_MINIMUM_RETENTION_CHECK"; /** * Checks if an AWS Elastic Beanstalk environment is configured for enhanced health reporting. * @see https://docs.aws.amazon.com/config/latest/developerguide/beanstalk-enhanced-health-reporting-enabled.html */ static readonly BEANSTALK_ENHANCED_HEALTH_REPORTING_ENABLED = "BEANSTALK_ENHANCED_HEALTH_REPORTING_ENABLED"; /** * Checks if Classic Load Balancers (CLB) are configured with a user defined Desync mitigation mode. * @see https://docs.aws.amazon.com/config/latest/developerguide/clb-desync-mode-check.html */ static readonly CLB_DESYNC_MODE_CHECK = "CLB_DESYNC_MODE_CHECK"; /** * Checks if a Classic Load Balancer spans multiple Availability Zones (AZs). * @see https://docs.aws.amazon.com/config/latest/developerguide/clb-multiple-az.html */ static readonly CLB_MULTIPLE_AZ = "CLB_MULTIPLE_AZ"; /** * Checks whether an AWS CloudFormation stack's actual configuration differs, or has drifted, * from it's expected configuration. * @see https://docs.aws.amazon.com/config/latest/developerguide/cloudformation-stack-drift-detection-check.html */ static readonly CLOUDFORMATION_STACK_DRIFT_DETECTION_CHECK = "CLOUDFORMATION_STACK_DRIFT_DETECTION_CHECK"; /** * Checks whether your CloudFormation stacks are sending event notifications to an SNS topic. * @see https://docs.aws.amazon.com/config/latest/developerguide/cloudformation-stack-notification-check.html */ static readonly CLOUDFORMATION_STACK_NOTIFICATION_CHECK = "CLOUDFORMATION_STACK_NOTIFICATION_CHECK"; /** * Checks if Amazon CloudFront distributions are configured to capture information from * Amazon Simple Storage Service (Amazon S3) server access logs. * @see https://docs.aws.amazon.com/config/latest/developerguide/cloudfront-accesslogs-enabled.html */ static readonly CLOUDFRONT_ACCESSLOGS_ENABLED = "CLOUDFRONT_ACCESSLOGS_ENABLED"; /** * Checks if Amazon CloudFront distributions are associated with either WAF or WAFv2 web access control lists (ACLs). * @see https://docs.aws.amazon.com/config/latest/developerguide/cloudfront-associated-with-waf.html */ static readonly CLOUDFRONT_ASSOCIATED_WITH_WAF = "CLOUDFRONT_ASSOCIATED_WITH_WAF"; /** * Checks if the certificate associated with an Amazon CloudFront distribution is the default Secure Sockets Layer (SSL) certificate. * @see https://docs.aws.amazon.com/config/latest/developerguide/cloudfront-custom-ssl-certificate.html */ static readonly CLOUDFRONT_CUSTOM_SSL_CERTIFICATE = "CLOUDFRONT_CUSTOM_SSL_CERTIFICATE"; /** * Checks if an Amazon CloudFront distribution is configured to return a specific object that is the default root object. * @see https://docs.aws.amazon.com/config/latest/developerguide/cloudfront-default-root-object-configured.html */ static readonly CLOUDFRONT_DEFAULT_ROOT_OBJECT_CONFIGURED = "CLOUDFRONT_DEFAULT_ROOT_OBJECT_CONFIGURED"; /** * Checks if CloudFront distributions are using deprecated SSL protocols for HTTPS communication between * CloudFront edge locations and custom origins. * @see https://docs.aws.amazon.com/config/latest/developerguide/cloudfront-no-deprecated-ssl-protocols.html */ static readonly CLOUDFRONT_NO_DEPRECATED_SSL_PROTOCOLS = "CLOUDFRONT_NO_DEPRECATED_SSL_PROTOCOLS"; /** * Checks that Amazon CloudFront distribution with Amazon S3 Origin type has Origin Access Identity (OAI) configured. * @see https://docs.aws.amazon.com/config/latest/developerguide/cloudfront-origin-access-identity-enabled.html */ static readonly CLOUDFRONT_ORIGIN_ACCESS_IDENTITY_ENABLED = "CLOUDFRONT_ORIGIN_ACCESS_IDENTITY_ENABLED"; /** * Checks whether an origin group is configured for the distribution of at least 2 origins in the * origin group for Amazon CloudFront. * @see https://docs.aws.amazon.com/config/latest/developerguide/cloudfront-origin-failover-enabled.html */ static readonly CLOUDFRONT_ORIGIN_FAILOVER_ENABLED = "CLOUDFRONT_ORIGIN_FAILOVER_ENABLED"; /** * Checks if Amazon CloudFront distributions are using a minimum security policy and cipher suite of TLSv1.2 or * greater for viewer connections. * @see https://docs.aws.amazon.com/config/latest/developerguide/cloudfront-security-policy-check.html */ static readonly CLOUDFRONT_SECURITY_POLICY_CHECK = "CLOUDFRONT_SECURITY_POLICY_CHECK"; /** * Checks if Amazon CloudFront distributions are using a custom SSL certificate and are configured * to use SNI to serve HTTPS requests. * @see https://docs.aws.amazon.com/config/latest/developerguide/cloudfront-sni-enabled.html */ static readonly CLOUDFRONT_SNI_ENABLED = "CLOUDFRONT_SNI_ENABLED"; /** * Checks if Amazon CloudFront distributions are encrypting traffic to custom origins. * @see https://docs.aws.amazon.com/config/latest/developerguide/cloudfront-traffic-to-origin-encrypted.html */ static readonly CLOUDFRONT_TRAFFIC_TO_ORIGIN_ENCRYPTED = "CLOUDFRONT_TRAFFIC_TO_ORIGIN_ENCRYPTED"; /** * Checks whether your Amazon CloudFront distributions use HTTPS (directly or via a redirection). * @see https://docs.aws.amazon.com/config/latest/developerguide/cloudfront-viewer-policy-https.html */ static readonly CLOUDFRONT_VIEWER_POLICY_HTTPS = "CLOUDFRONT_VIEWER_POLICY_HTTPS"; /** * Checks whether AWS CloudTrail trails are configured to send logs to Amazon CloudWatch Logs. * @see https://docs.aws.amazon.com/config/latest/developerguide/cloud-trail-cloud-watch-logs-enabled.html */ static readonly CLOUD_TRAIL_CLOUD_WATCH_LOGS_ENABLED = "CLOUD_TRAIL_CLOUD_WATCH_LOGS_ENABLED"; /** * Checks whether AWS CloudTrail is enabled in your AWS account. * @see https://docs.aws.amazon.com/config/latest/developerguide/cloudtrail-enabled.html */ static readonly CLOUD_TRAIL_ENABLED = "CLOUD_TRAIL_ENABLED"; /** * Checks whether AWS CloudTrail is configured to use the server side encryption (SSE) * AWS Key Management Service (AWS KMS) customer master key (CMK) encryption. * @see https://docs.aws.amazon.com/config/latest/developerguide/cloud-trail-encryption-enabled.html */ static readonly CLOUD_TRAIL_ENCRYPTION_ENABLED = "CLOUD_TRAIL_ENCRYPTION_ENABLED"; /** * Checks whether AWS CloudTrail creates a signed digest file with logs. * @see https://docs.aws.amazon.com/config/latest/developerguide/cloud-trail-log-file-validation-enabled.html */ static readonly CLOUD_TRAIL_LOG_FILE_VALIDATION_ENABLED = "CLOUD_TRAIL_LOG_FILE_VALIDATION_ENABLED"; /** * Checks whether at least one AWS CloudTrail trail is logging Amazon S3 data events for all S3 buckets. * @see https://docs.aws.amazon.com/config/latest/developerguide/cloudtrail-s3-dataevents-enabled.html */ static readonly CLOUDTRAIL_S3_DATAEVENTS_ENABLED = "CLOUDTRAIL_S3_DATAEVENTS_ENABLED"; /** * Checks that there is at least one AWS CloudTrail trail defined with security best practices. * @see https://docs.aws.amazon.com/config/latest/developerguide/cloudtrail-security-trail-enabled.html */ static readonly CLOUDTRAIL_SECURITY_TRAIL_ENABLED = "CLOUDTRAIL_SECURITY_TRAIL_ENABLED"; /** * Checks whether CloudWatch alarms have at least one alarm action, one INSUFFICIENT_DATA action, * or one OK action enabled. * @see https://docs.aws.amazon.com/config/latest/developerguide/cloudwatch-alarm-action-check.html */ static readonly CLOUDWATCH_ALARM_ACTION_CHECK = "CLOUDWATCH_ALARM_ACTION_CHECK"; /** * Checks if Amazon CloudWatch alarms actions are in enabled state. * @see https://docs.aws.amazon.com/config/latest/developerguide/cloudwatch-alarm-action-enabled-check.html */ static readonly CLOUDWATCH_ALARM_ACTION_ENABLED_CHECK = "CLOUDWATCH_ALARM_ACTION_ENABLED_CHECK"; /** * Checks whether the specified resource type has a CloudWatch alarm for the specified metric. * @see https://docs.aws.amazon.com/config/latest/developerguide/cloudwatch-alarm-resource-check.html */ static readonly CLOUDWATCH_ALARM_RESOURCE_CHECK = "CLOUDWATCH_ALARM_RESOURCE_CHECK"; /** * Checks whether CloudWatch alarms with the given metric name have the specified settings. * @see https://docs.aws.amazon.com/config/latest/developerguide/cloudwatch-alarm-settings-check.html */ static readonly CLOUDWATCH_ALARM_SETTINGS_CHECK = "CLOUDWATCH_ALARM_SETTINGS_CHECK"; /** * Checks whether a log group in Amazon CloudWatch Logs is encrypted with * a AWS Key Management Service (KMS) managed Customer Master Keys (CMK). * @see https://docs.aws.amazon.com/config/latest/developerguide/cloudwatch-log-group-encrypted.html */ static readonly CLOUDWATCH_LOG_GROUP_ENCRYPTED = "CLOUDWATCH_LOG_GROUP_ENCRYPTED"; /** * Checks that key rotation is enabled for each key and matches to the key ID of the * customer created customer master key (CMK). * @see https://docs.aws.amazon.com/config/latest/developerguide/cmk-backing-key-rotation-enabled.html */ static readonly CMK_BACKING_KEY_ROTATION_ENABLED = "CMK_BACKING_KEY_ROTATION_ENABLED"; /** * Checks if an AWS CodeBuild project has encryption enabled for all of its artifacts. * @see https://docs.aws.amazon.com/config/latest/developerguide/codebuild-project-artifact-encryption.html */ static readonly CODEBUILD_PROJECT_ARTIFACT_ENCRYPTION = "CODEBUILD_PROJECT_ARTIFACT_ENCRYPTION"; /** * Checks if an AWS CodeBuild project environment has privileged mode enabled. * @see https://docs.aws.amazon.com/config/latest/developerguide/codebuild-project-environment-privileged-check.html */ static readonly CODEBUILD_PROJECT_ENVIRONMENT_PRIVILEGED_CHECK = "CODEBUILD_PROJECT_ENVIRONMENT_PRIVILEGED_CHECK"; /** * Checks whether the project contains environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. * @see https://docs.aws.amazon.com/config/latest/developerguide/codebuild-project-envvar-awscred-check.html */ static readonly CODEBUILD_PROJECT_ENVVAR_AWSCRED_CHECK = "CODEBUILD_PROJECT_ENVVAR_AWSCRED_CHECK"; /** * Checks if an AWS CodeBuild project environment has at least one log option enabled. * @see https://docs.aws.amazon.com/config/latest/developerguide/codebuild-project-logging-enabled.html */ static readonly CODEBUILD_PROJECT_LOGGING_ENABLED = "CODEBUILD_PROJECT_LOGGING_ENABLED"; /** * Checks if a AWS CodeBuild project configured with Amazon S3 Logs has encryption enabled for its logs. * @see https://docs.aws.amazon.com/config/latest/developerguide/codebuild-project-s3-logs-encrypted.html */ static readonly CODEBUILD_PROJECT_S3_LOGS_ENCRYPTED = "CODEBUILD_PROJECT_S3_LOGS_ENCRYPTED"; /** * Checks whether the GitHub or Bitbucket source repository URL contains either personal access tokens * or user name and password. * @see https://docs.aws.amazon.com/config/latest/developerguide/codebuild-project-source-repo-url-check.html */ static readonly CODEBUILD_PROJECT_SOURCE_REPO_URL_CHECK = "CODEBUILD_PROJECT_SOURCE_REPO_URL_CHECK"; /** * Checks if the deployment group is configured with automatic deployment rollback and * deployment monitoring with alarms attached. * @see https://docs.aws.amazon.com/config/latest/developerguide/codedeploy-auto-rollback-monitor-enabled.html */ static readonly CODEDEPLOY_AUTO_ROLLBACK_MONITOR_ENABLED = "CODEDEPLOY_AUTO_ROLLBACK_MONITOR_ENABLED"; /** * Checks if the deployment group for EC2/On-Premises Compute Platform is configured with * a minimum healthy hosts fleet percentage or host count greater than or equal to the input threshold. * @see https://docs.aws.amazon.com/config/latest/developerguide/codedeploy-ec2-minimum-healthy-hosts-configured.html */ static readonly CODEDEPLOY_EC2_MINIMUM_HEALTHY_HOSTS_CONFIGURED = "CODEDEPLOY_EC2_MINIMUM_HEALTHY_HOSTS_CONFIGURED"; /** * Checks if the deployment group for Lambda Compute Platform is not using the default deployment configuration. * @see https://docs.aws.amazon.com/config/latest/developerguide/codedeploy-lambda-allatonce-traffic-shift-disabled.html */ static readonly CODEDEPLOY_LAMBDA_ALLATONCE_TRAFFIC_SHIFT_DISABLED = "CODEDEPLOY_LAMBDA_ALLATONCE_TRAFFIC_SHIFT_DISABLED"; /** * Checks whether the first deployment stage of the AWS CodePipeline performs more than one deployment. * @see https://docs.aws.amazon.com/config/latest/developerguide/codepipeline-deployment-count-check.html */ static readonly CODEPIPELINE_DEPLOYMENT_COUNT_CHECK = "CODEPIPELINE_DEPLOYMENT_COUNT_CHECK"; /** * Checks whether each stage in the AWS CodePipeline deploys to more than N times the number of * the regions the AWS CodePipeline has deployed in all the previous combined stages, * where N is the region fanout number. * @see https://docs.aws.amazon.com/config/latest/developerguide/codepipeline-region-fanout-check.html */ static readonly CODEPIPELINE_REGION_FANOUT_CHECK = "CODEPIPELINE_REGION_FANOUT_CHECK"; /** * Checks whether Amazon CloudWatch LogGroup retention period is set to specific number of days. * @see https://docs.aws.amazon.com/config/latest/developerguide/cw-loggroup-retention-period-check.html */ static readonly CW_LOGGROUP_RETENTION_PERIOD_CHECK = "CW_LOGGROUP_RETENTION_PERIOD_CHECK"; /** * Checks that DynamoDB Accelerator (DAX) clusters are encrypted. * @see https://docs.aws.amazon.com/config/latest/developerguide/dax-encryption-enabled.html */ static readonly DAX_ENCRYPTION_ENABLED = "DAX_ENCRYPTION_ENABLED"; /** * Checks whether RDS DB instances have backups enabled. * @see https://docs.aws.amazon.com/config/latest/developerguide/db-instance-backup-enabled.html */ static readonly RDS_DB_INSTANCE_BACKUP_ENABLED = "DB_INSTANCE_BACKUP_ENABLED"; /** * Checks instances for specified tenancy. * @see https://docs.aws.amazon.com/config/latest/developerguide/desired-instance-tenancy.html */ static readonly EC2_DESIRED_INSTANCE_TENANCY = "DESIRED_INSTANCE_TENANCY"; /** * Checks whether your EC2 instances are of the specified instance types. * @see https://docs.aws.amazon.com/config/latest/developerguide/desired-instance-type.html */ static readonly EC2_DESIRED_INSTANCE_TYPE = "DESIRED_INSTANCE_TYPE"; /** * Checks whether AWS Database Migration Service replication instances are public. * @see https://docs.aws.amazon.com/config/latest/developerguide/dms-replication-not-public.html */ static readonly DMS_REPLICATION_NOT_PUBLIC = "DMS_REPLICATION_NOT_PUBLIC"; /** * Checks whether Auto Scaling or On-Demand is enabled on your DynamoDB tables and/or global secondary indexes. * @see https://docs.aws.amazon.com/config/latest/developerguide/dynamodb-autoscaling-enabled.html */ static readonly DYNAMODB_AUTOSCALING_ENABLED = "DYNAMODB_AUTOSCALING_ENABLED"; /** * Checks whether Amazon DynamoDB table is present in AWS Backup plans. * @see https://docs.aws.amazon.com/config/latest/developerguide/dynamodb-in-backup-plan.html */ static readonly DYNAMODB_IN_BACKUP_PLAN = "DYNAMODB_IN_BACKUP_PLAN"; /** * Checks if a recovery point was created for Amazon DynamoDB Tables within the specified period. * @see https://docs.aws.amazon.com/config/latest/developerguide/dynamodb-last-backup-recovery-point-created.html */ static readonly DYNAMODB_LAST_BACKUP_RECOVERY_POINT_CREATED = "DYNAMODB_LAST_BACKUP_RECOVERY_POINT_CREATED"; /** * Checks that point in time recovery (PITR) is enabled for Amazon DynamoDB tables. * @see https://docs.aws.amazon.com/config/latest/developerguide/dynamodb-pitr-enabled.html */ static readonly DYNAMODB_PITR_ENABLED = "DYNAMODB_PITR_ENABLED"; /** * Checks if Amazon DynamoDB tables are protected by a backup plan. * @see https://docs.aws.amazon.com/config/latest/developerguide/dynamodb-resources-protected-by-backup-plan.html */ static readonly DYNAMODB_RESOURCES_PROTECTED_BY_BACKUP_PLAN = "DYNAMODB_RESOURCES_PROTECTED_BY_BACKUP_PLAN"; /** * Checks whether Amazon DynamoDB table is encrypted with AWS Key Management Service (KMS). * @see https://docs.aws.amazon.com/config/latest/developerguide/dynamodb-table-encrypted-kms.html */ static readonly DYNAMODB_TABLE_ENCRYPTED_KMS = "DYNAMODB_TABLE_ENCRYPTED_KMS"; /** * Checks whether the Amazon DynamoDB tables are encrypted and checks their status. * @see https://docs.aws.amazon.com/config/latest/developerguide/dynamodb-table-encryption-enabled.html */ static readonly DYNAMODB_TABLE_ENCRYPTION_ENABLED = "DYNAMODB_TABLE_ENCRYPTION_ENABLED"; /** * Checks whether provisioned DynamoDB throughput is approaching the maximum limit for your account. * @see https://docs.aws.amazon.com/config/latest/developerguide/dynamodb-throughput-limit-check.html */ static readonly DYNAMODB_THROUGHPUT_LIMIT_CHECK = "DYNAMODB_THROUGHPUT_LIMIT_CHECK"; /** * Checks if Amazon Elastic Block Store (Amazon EBS) volumes are added in backup plans of AWS Backup. * @see https://docs.aws.amazon.com/config/latest/developerguide/ebs-in-backup-plan.html */ static readonly EBS_IN_BACKUP_PLAN = "EBS_IN_BACKUP_PLAN"; /** * Checks whether Amazon Elastic File System (Amazon EFS) file systems are added * in the backup plans of AWS Backup. * @see https://docs.aws.amazon.com/config/latest/developerguide/efs-in-backup-plan.html */ static readonly EFS_IN_BACKUP_PLAN = "EFS_IN_BACKUP_PLAN"; /** * Check that Amazon Elastic Block Store (EBS) encryption is enabled by default. * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-ebs-encryption-by-default.html */ static readonly EC2_EBS_ENCRYPTION_BY_DEFAULT = "EC2_EBS_ENCRYPTION_BY_DEFAULT"; /** * Checks whether EBS optimization is enabled for your EC2 instances that can be EBS-optimized. * @see https://docs.aws.amazon.com/config/latest/developerguide/ebs-optimized-instance.html */ static readonly EBS_OPTIMIZED_INSTANCE = "EBS_OPTIMIZED_INSTANCE"; /** * Checks if Amazon Elastic Block Store (Amazon EBS) volumes are protected by a backup plan. * @see https://docs.aws.amazon.com/config/latest/developerguide/ebs-resources-protected-by-backup-plan.html */ static readonly EBS_RESOURCES_PROTECTED_BY_BACKUP_PLAN = "EBS_RESOURCES_PROTECTED_BY_BACKUP_PLAN"; /** * Checks whether Amazon Elastic Block Store snapshots are not publicly restorable. * @see https://docs.aws.amazon.com/config/latest/developerguide/ebs-snapshot-public-restorable-check.html */ static readonly EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK = "EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK"; /** * Checks whether detailed monitoring is enabled for EC2 instances. * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-instance-detailed-monitoring-enabled.html */ static readonly EC2_INSTANCE_DETAILED_MONITORING_ENABLED = "EC2_INSTANCE_DETAILED_MONITORING_ENABLED"; /** * Checks whether the Amazon EC2 instances in your account are managed by AWS Systems Manager. * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-instance-managed-by-systems-manager.html */ static readonly EC2_INSTANCE_MANAGED_BY_SSM = "EC2_INSTANCE_MANAGED_BY_SSM"; /** * Checks if an Amazon Elastic Compute Cloud (Amazon EC2) instance has an Identity and Access * Management (IAM) profile attached to it. This rule is NON_COMPLIANT if no IAM profile is * attached to the Amazon EC2 instance. * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-instance-profile-attached.html */ static readonly EC2_INSTANCE_PROFILE_ATTACHED = "EC2_INSTANCE_PROFILE_ATTACHED"; /** * Checks if Amazon Elastic Compute Cloud (Amazon EC2) uses multiple ENIs (Elastic Network Interfaces) * or Elastic Fabric Adapters (EFAs). * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-instance-multiple-eni-check.html */ static readonly EC2_INSTANCE_MULTIPLE_ENI_CHECK = "EC2_INSTANCE_MULTIPLE_ENI_CHECK"; /** * Checks whether Amazon Elastic Compute Cloud (Amazon EC2) instances have a public IP association. * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-instance-no-public-ip.html */ static readonly EC2_INSTANCE_NO_PUBLIC_IP = "EC2_INSTANCE_NO_PUBLIC_IP"; /** * Checks if a recovery point was created for Amazon Elastic Compute Cloud (Amazon EC2) instances. * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-last-backup-recovery-point-created.html */ static readonly EC2_LAST_BACKUP_RECOVERY_POINT_CREATED = "EC2_LAST_BACKUP_RECOVERY_POINT_CREATED"; /** * Checks whether your EC2 instances belong to a virtual private cloud (VPC). * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-instances-in-vpc.html */ static readonly EC2_INSTANCES_IN_VPC = "INSTANCES_IN_VPC"; /** * Checks that none of the specified applications are installed on the instance. * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-managedinstance-applications-blacklisted.html */ static readonly EC2_MANAGED_INSTANCE_APPLICATIONS_BLOCKED = "EC2_MANAGEDINSTANCE_APPLICATIONS_BLACKLISTED"; /** * Checks whether all of the specified applications are installed on the instance. * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-managedinstance-applications-required.html */ static readonly EC2_MANAGED_INSTANCE_APPLICATIONS_REQUIRED = "EC2_MANAGEDINSTANCE_APPLICATIONS_REQUIRED"; /** * Checks whether the compliance status of AWS Systems Manager association compliance is COMPLIANT * or NON_COMPLIANT after the association execution on the instance. * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-managedinstance-association-compliance-status-check.html */ static readonly EC2_MANAGED_INSTANCE_ASSOCIATION_COMPLIANCE_STATUS_CHECK = "EC2_MANAGEDINSTANCE_ASSOCIATION_COMPLIANCE_STATUS_CHECK"; /** * Checks whether instances managed by AWS Systems Manager are configured to collect blocked inventory types. * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-managedinstance-inventory-blacklisted.html */ static readonly EC2_MANAGED_INSTANCE_INVENTORY_BLOCKED = "EC2_MANAGEDINSTANCE_INVENTORY_BLACKLISTED"; /** * Checks whether the compliance status of the Amazon EC2 Systems Manager patch compliance is * COMPLIANT or NON_COMPLIANT after the patch installation on the instance. * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-managedinstance-patch-compliance-status-check.html */ static readonly EC2_MANAGED_INSTANCE_PATCH_COMPLIANCE_STATUS_CHECK = "EC2_MANAGEDINSTANCE_PATCH_COMPLIANCE_STATUS_CHECK"; /** * Checks whether EC2 managed instances have the desired configurations. * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-managedinstance-platform-check.html */ static readonly EC2_MANAGED_INSTANCE_PLATFORM_CHECK = "EC2_MANAGEDINSTANCE_PLATFORM_CHECK"; /** * Checks if running Amazon Elastic Compute Cloud (EC2) instances are launched using amazon key pairs. * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-no-amazon-key-pair.html */ static readonly EC2_NO_AMAZON_KEY_PAIR = "EC2_NO_AMAZON_KEY_PAIR"; /** * Checks if the virtualization type of an EC2 instance is paravirtual. * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-paravirtual-instance-check.html */ static readonly EC2_PARAVIRTUAL_INSTANCE_CHECK = "EC2_PARAVIRTUAL_INSTANCE_CHECK"; /** * Checks if Amazon Elastic Compute Cloud (Amazon EC2) instances are protected by a backup plan. * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-resources-protected-by-backup-plan.html */ static readonly EC2_RESOURCES_PROTECTED_BY_BACKUP_PLAN = "EC2_RESOURCES_PROTECTED_BY_BACKUP_PLAN"; /** * Checks that security groups are attached to Amazon Elastic Compute Cloud (Amazon EC2) instances * or to an elastic network interface. * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-security-group-attached-to-eni.html */ static readonly EC2_SECURITY_GROUP_ATTACHED_TO_ENI = "EC2_SECURITY_GROUP_ATTACHED_TO_ENI"; /** * Checks if non-default security groups are attached to Elastic network interfaces (ENIs). * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-security-group-attached-to-eni-periodic.html */ static readonly EC2_SECURITY_GROUP_ATTACHED_TO_ENI_PERIODIC = "EC2_SECURITY_GROUP_ATTACHED_TO_ENI_PERIODIC"; /** * Checks whether there are instances stopped for more than the allowed number of days. * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-stopped-instance.html */ static readonly EC2_STOPPED_INSTANCE = "EC2_STOPPED_INSTANCE"; /** * Checks if an Amazon Elastic Compute Cloud (EC2) instance metadata * has a specified token hop limit that is below the desired limit. * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-token-hop-limit-check.html */ static readonly EC2_TOKEN_HOP_LIMIT_CHECK = "EC2_TOKEN_HOP_LIMIT_CHECK"; /** * Checks if Amazon Elastic Compute Cloud (Amazon EC2) Transit Gateways have 'AutoAcceptSharedAttachments' enabled. * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-transit-gateway-auto-vpc-attach-disabled.html */ static readonly EC2_TRANSIT_GATEWAY_AUTO_VPC_ATTACH_DISABLED = "EC2_TRANSIT_GATEWAY_AUTO_VPC_ATTACH_DISABLED"; /** * Checks whether EBS volumes are attached to EC2 instances. * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-volume-inuse-check.html */ static readonly EC2_VOLUME_INUSE_CHECK = "EC2_VOLUME_INUSE_CHECK"; /** * Checks if a private Amazon Elastic Container Registry (ECR) repository has image scanning enabled. * @see https://docs.aws.amazon.com/config/latest/developerguide/ecr-private-image-scanning-enabled.html */ static readonly ECR_PRIVATE_IMAGE_SCANNING_ENABLED = "ECR_PRIVATE_IMAGE_SCANNING_ENABLED"; /** * Checks if a private Amazon Elastic Container Registry (ECR) repository has at least one lifecycle policy configured. * @see https://docs.aws.amazon.com/config/latest/developerguide/ecr-private-lifecycle-policy-configured.html */ static readonly ECR_PRIVATE_LIFECYCLE_POLICY_CONFIGURED = "ECR_PRIVATE_LIFECYCLE_POLICY_CONFIGURED"; /** * Checks if a private Amazon Elastic Container Registry (ECR) repository has tag immutability enabled. * @see https://docs.aws.amazon.com/config/latest/developerguide/ecr-private-tag-immutability-enabled.html */ static readonly ECR_PRIVATE_TAG_IMMUTABILITY_ENABLED = "ECR_PRIVATE_TAG_IMMUTABILITY_ENABLED"; /** * Checks if the networking mode for active ECSTaskDefinitions is set to ‘awsvpc’. * @see https://docs.aws.amazon.com/config/latest/developerguide/ecs-awsvpc-networking-enabled.html */ static readonly ECS_AWSVPC_NETWORKING_ENABLED = "ECS_AWSVPC_NETWORKING_ENABLED"; /** * Checks if the privileged parameter in the container definition of ECSTaskDefinitions is set to ‘true’. * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-instances-in-vpc.html */ static readonly ECS_CONTAINERS_NONPRIVILEGED = "ECS_CONTAINERS_NONPRIVILEGED"; /** * Checks if Amazon Elastic Container Service (Amazon ECS) Containers only have read-only access to its root filesystems. * @see https://docs.aws.amazon.com/config/latest/developerguide/ecs-containers-readonly-access.html */ static readonly ECS_CONTAINERS_READONLY_ACCESS = "ECS_CONTAINERS_READONLY_ACCESS"; /** * Checks if Amazon Elastic Container Service clusters have container insights enabled. * @see https://docs.aws.amazon.com/config/latest/developerguide/ecs-container-insights-enabled.html */ static readonly ECS_CONTAINER_INSIGHTS_ENABLED = "ECS_CONTAINER_INSIGHTS_ENABLED"; /** * Checks if Amazon Elastic Container Service (ECS) Fargate Services * is running on the latest Fargate platform version. * @see https://docs.aws.amazon.com/config/latest/developerguide/ecs-fargate-latest-platform-version.html */ static readonly ECS_FARGATE_LATEST_PLATFORM_VERSION = "ECS_FARGATE_LATEST_PLATFORM_VERSION"; /** * Checks if secrets are passed as container environment variables. * @see https://docs.aws.amazon.com/config/latest/developerguide/ecs-no-environment-secrets.html */ static readonly ECS_NO_ENVIRONMENT_SECRETS = "ECS_NO_ENVIRONMENT_SECRETS"; /** * Checks if logConfiguration is set on active ECS Task Definitions. * @see https://docs.aws.amazon.com/config/latest/developerguide/ecs-task-definition-log-configuration.html */ static readonly ECS_TASK_DEFINITION_LOG_CONFIGURATION = "ECS_TASK_DEFINITION_LOG_CONFIGURATION"; /** * Checks if Amazon Elastic Container Service (ECS) task definitions have a set memory limit for its container definitions. * @see https://docs.aws.amazon.com/config/latest/developerguide/ecs-task-definition-memory-hard-limit.html */ static readonly ECS_TASK_DEFINITION_MEMORY_HARD_LIMIT = "ECS_TASK_DEFINITION_MEMORY_HARD_LIMIT"; /** * Checks if ECSTaskDefinitions specify a user * for Amazon Elastic Container Service (Amazon ECS) EC2 launch type containers to run on. * @see https://docs.aws.amazon.com/config/latest/developerguide/ecs-task-definition-nonroot-user.html */ static readonly ECS_TASK_DEFINITION_NONROOT_USER = "ECS_TASK_DEFINITION_NONROOT_USER"; /** * Checks if ECSTaskDefinitions are configured to share a host’s process namespace * with its Amazon Elastic Container Service (Amazon ECS) containers. * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-stopped-instance.html */ static readonly ECS_TASK_DEFINITION_PID_MODE_CHECK = "ECS_TASK_DEFINITION_PID_MODE_CHECK"; /** * Checks if an Amazon Elastic Container Service (Amazon ECS) task definition * with host networking mode has 'privileged' or 'user' container definitions. * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-volume-inuse-check.html */ static readonly EC2_VOLUME_IECS_TASK_DEFINITION_USER_FOR_HOST_MODE_CHECKNUSE_CHECK = "ECS_TASK_DEFINITION_USER_FOR_HOST_MODE_CHECK"; /** * Checks if Amazon Elastic File System (Amazon EFS) access points are configured to enforce a root directory. * @see https://docs.aws.amazon.com/config/latest/developerguide/efs-access-point-enforce-root-directory.html */ static readonly EFS_ACCESS_POINT_ENFORCE_ROOT_DIRECTORY = "EFS_ACCESS_POINT_ENFORCE_ROOT_DIRECTORY"; /** * Checks if Amazon Elastic File System (Amazon EFS) access points are configured to enforce a user identity. * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-volume-inuse-check.html */ static readonly EFS_ACCESS_POINT_ENFORCE_USER_IDENTITY = "EFS_ACCESS_POINT_ENFORCE_USER_IDENTITY"; /** * hecks whether Amazon Elastic File System (Amazon EFS) is configured to encrypt the file data * using AWS Key Management Service (AWS KMS). * @see https://docs.aws.amazon.com/config/latest/developerguide/efs-encrypted-check.html */ static readonly EFS_ENCRYPTED_CHECK = "EFS_ENCRYPTED_CHECK"; /** * Checks if a recovery point was created for Amazon Elastic File System (Amazon EFS) File Systems. * @see https://docs.aws.amazon.com/config/latest/developerguide/efs-last-backup-recovery-point-created.html */ static readonly EFS_LAST_BACKUP_RECOVERY_POINT_CREATED = "EFS_LAST_BACKUP_RECOVERY_POINT_CREATED"; /** * Checks if Amazon Elastic File System (Amazon EFS) File Systems are protected by a backup plan. * @see https://docs.aws.amazon.com/config/latest/developerguide/efs-resources-protected-by-backup-plan.html */ static readonly EFS_RESOURCES_PROTECTED_BY_BACKUP_PLAN = "EFS_RESOURCES_PROTECTED_BY_BACKUP_PLAN"; /** * Checks whether all Elastic IP addresses that are allocated to a VPC are attached to * EC2 instances or in-use elastic network interfaces (ENIs). * @see https://docs.aws.amazon.com/config/latest/developerguide/eip-attached.html */ static readonly EIP_ATTACHED = "EIP_ATTACHED"; /** * Checks whether Amazon Elasticsearch Service (Amazon ES) domains have encryption * at rest configuration enabled. * @see https://docs.aws.amazon.com/config/latest/developerguide/elasticsearch-encrypted-at-rest.html */ static readonly ELASTICSEARCH_ENCRYPTED_AT_REST = "ELASTICSEARCH_ENCRYPTED_AT_REST"; /** * Checks whether Amazon Elasticsearch Service (Amazon ES) domains are in * Amazon Virtual Private Cloud (Amazon VPC). * @see https://docs.aws.amazon.com/config/latest/developerguide/elasticsearch-in-vpc-only.html */ static readonly ELASTICSEARCH_IN_VPC_ONLY = "ELASTICSEARCH_IN_VPC_ONLY"; /** * Check if the Amazon ElastiCache Redis clusters have automatic backup turned on. * @see https://docs.aws.amazon.com/config/latest/developerguide/elasticache-redis-cluster-automatic-backup-check.html */ static readonly ELASTICACHE_REDIS_CLUSTER_AUTOMATIC_BACKUP_CHECK = "ELASTICACHE_REDIS_CLUSTER_AUTOMATIC_BACKUP_CHECK"; /** * Checks whether your Amazon Elastic Compute Cloud (Amazon EC2) instance metadata version * is configured with Instance Metadata Service Version 2 (IMDSv2). * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-imdsv2-check.html */ static readonly EC2_IMDSV2_CHECK = "EC2_IMDSV2_CHECK"; /** * Checks if an Amazon Elastic Kubernetes Service (EKS) cluster is running the oldest supported version. * @see https://docs.aws.amazon.com/config/latest/developerguide/eks-cluster-oldest-supported-version.html */ static readonly EKS_CLUSTER_OLDEST_SUPPORTED_VERSION = "EKS_CLUSTER_OLDEST_SUPPORTED_VERSION"; /** * Checks if an Amazon Elastic Kubernetes Service (EKS) cluster is running a supported Kubernetes version. * @see https://docs.aws.amazon.com/config/latest/developerguide/eks-cluster-supported-version.html */ static readonly EKS_CLUSTER_SUPPORTED_VERSION = "EKS_CLUSTER_SUPPORTED_VERSION"; /** * Checks whether Amazon Elastic Kubernetes Service (Amazon EKS) endpoint is not publicly accessible. * @see https://docs.aws.amazon.com/config/latest/developerguide/eks-endpoint-no-public-access.html */ static readonly EKS_ENDPOINT_NO_PUBLIC_ACCESS = "EKS_ENDPOINT_NO_PUBLIC_ACCESS"; /** * Checks whether Amazon Elastic Kubernetes Service clusters are configured to have Kubernetes * secrets encrypted using AWS Key Management Service (KMS) keys. * @see https://docs.aws.amazon.com/config/latest/developerguide/eks-secrets-encrypted.html */ static readonly EKS_SECRETS_ENCRYPTED = "EKS_SECRETS_ENCRYPTED"; /** * Check that Amazon ElasticSearch Service nodes are encrypted end to end. * @see https://docs.aws.amazon.com/config/latest/developerguide/elasticsearch-node-to-node-encryption-check.html */ static readonly ELASTICSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK = "ELASTICSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK"; /** * Checks if managed platform updates in an AWS Elastic Beanstalk environment is enabled. * @see https://docs.aws.amazon.com/config/latest/developerguide/elastic-beanstalk-managed-updates-enabled.html */ static readonly ELASTIC_BEANSTALK_MANAGED_UPDATES_ENABLED = "ELASTIC_BEANSTALK_MANAGED_UPDATES_ENABLED"; /** * Checks if Application Load Balancers and Network Load Balancers * have listeners that are configured to use certificates from AWS Certificate Manager (ACM). * @see https://docs.aws.amazon.com/config/latest/developerguide/elbv2-acm-certificate-required.html */ static readonly ELBV2_ACM_CERTIFICATE_REQUIRED = "ELBV2_ACM_CERTIFICATE_REQUIRED"; /** * Checks if an Elastic Load Balancer V2 (Application, Network, or Gateway Load Balancer) * has registered instances from multiple Availability Zones (AZ's). * @see https://docs.aws.amazon.com/config/latest/developerguide/elbv2-multiple-az.html */ static readonly ELBV2_MULTIPLE_AZ = "ELBV2_MULTIPLE_AZ"; /** * Checks if cross-zone load balancing is enabled for the Classic Load Balancers (CLBs). * @see https://docs.aws.amazon.com/config/latest/developerguide/elb-cross-zone-load-balancing-enabled.html */ static readonly ELB_CROSS_ZONE_LOAD_BALANCING_ENABLED = "ELB_CROSS_ZONE_LOAD_BALANCING_ENABLED"; /** * Checks whether your Classic Load Balancer is configured with SSL or HTTPS listeners. * @see https://docs.aws.amazon.com/config/latest/developerguide/elb-tls-https-listeners-only.html */ static readonly ELB_TLS_HTTPS_LISTENERS_ONLY = "ELB_TLS_HTTPS_LISTENERS_ONLY"; /** * Checks whether the Classic Load Balancers use SSL certificates provided by AWS Certificate Manager. * @see https://docs.aws.amazon.com/config/latest/developerguide/elb-acm-certificate-required.html */ static readonly ELB_ACM_CERTIFICATE_REQUIRED = "ELB_ACM_CERTIFICATE_REQUIRED"; /** * Checks whether your Classic Load Balancer SSL listeners are using a custom policy. * @see https://docs.aws.amazon.com/config/latest/developerguide/elb-custom-security-policy-ssl-check.html */ static readonly ELB_CUSTOM_SECURITY_POLICY_SSL_CHECK = "ELB_CUSTOM_SECURITY_POLICY_SSL_CHECK"; /** * Checks whether Elastic Load Balancing has deletion protection enabled. * @see https://docs.aws.amazon.com/config/latest/developerguide/elb-deletion-protection-enabled.html */ static readonly ELB_DELETION_PROTECTION_ENABLED = "ELB_DELETION_PROTECTION_ENABLED"; /** * Checks whether the Application Load Balancer and the Classic Load Balancer have logging enabled. * @see https://docs.aws.amazon.com/config/latest/developerguide/elb-logging-enabled.html */ static readonly ELB_LOGGING_ENABLED = "ELB_LOGGING_ENABLED"; /** * Checks whether your Classic Load Balancer SSL listeners are using a predefined policy. * @see https://docs.aws.amazon.com/config/latest/developerguide/elb-predefined-security-policy-ssl-check.html */ static readonly ELB_PREDEFINED_SECURITY_POLICY_SSL_CHECK = "ELB_PREDEFINED_SECURITY_POLICY_SSL_CHECK"; /** * Checks that Amazon EMR clusters have Kerberos enabled. * @see https://docs.aws.amazon.com/config/latest/developerguide/emr-kerberos-enabled.html */ static readonly EMR_KERBEROS_ENABLED = "EMR_KERBEROS_ENABLED"; /** * Checks whether Amazon Elastic MapReduce (EMR) clusters' master nodes have public IPs. * @see https://docs.aws.amazon.com/config/latest/developerguide/emr-master-no-public-ip.html */ static readonly EMR_MASTER_NO_PUBLIC_IP = "EMR_MASTER_NO_PUBLIC_IP"; /** * Checks whether the EBS volumes that are in an attached state are encrypted. * @see https://docs.aws.amazon.com/config/latest/developerguide/encrypted-volumes.html */ static readonly EBS_ENCRYPTED_VOLUMES = "ENCRYPTED_VOLUMES"; /** * Checks whether the security groups associated inScope resources are compliant with the * master security groups at each rule level based on allowSecurityGroup and denySecurityGroup flag. * @see https://docs.aws.amazon.com/config/latest/developerguide/fms-security-group-audit-policy-check.html * * @deprecated Inactive managed rule * */ static readonly FMS_SECURITY_GROUP_AUDIT_POLICY_CHECK = "FMS_SECURITY_GROUP_AUDIT_POLICY_CHECK"; /** * Checks whether AWS Firewall Manager created security groups content is the same as the master security groups. * @see https://docs.aws.amazon.com/config/latest/developerguide/fms-security-group-content-check.html * * @deprecated Inactive managed rule * */ static readonly FMS_SECURITY_GROUP_CONTENT_CHECK = "FMS_SECURITY_GROUP_CONTENT_CHECK"; /** * Checks whether Amazon EC2 or an elastic network interface is associated with AWS Firewall Manager security groups. * @see https://docs.aws.amazon.com/config/latest/developerguide/fms-security-group-resource-association-check.html * * @deprecated Inactive managed rule * */ static readonly FMS_SECURITY_GROUP_RESOURCE_ASSOCIATION_CHECK = "FMS_SECURITY_GROUP_RESOURCE_ASSOCIATION_CHECK"; /** * Checks whether an Application Load Balancer, Amazon CloudFront distributions, * Elastic Load Balancer or Elastic IP has AWS Shield protection. * @see https://docs.aws.amazon.com/config/latest/developerguide/fms-shield-resource-policy-check.html */ static readonly FMS_SHIELD_RESOURCE_POLICY_CHECK = "FMS_SHIELD_RESOURCE_POLICY_CHECK"; /** * Checks whether the web ACL is associated with an Application Load Balancer, API Gateway stage, * or Amazon CloudFront distributions. * @see https://docs.aws.amazon.com/config/latest/developerguide/fms-webacl-resource-policy-check.html */ static readonly FMS_WEBACL_RESOURCE_POLICY_CHECK = "FMS_WEBACL_RESOURCE_POLICY_CHECK"; /** * Checks that the rule groups associate with the web ACL at the correct priority. * The correct priority is decided by the rank of the rule groups in the ruleGroups parameter. * @see https://docs.aws.amazon.com/config/latest/developerguide/fms-webacl-rulegroup-association-check.html */ static readonly FMS_WEBACL_RULEGROUP_ASSOCIATION_CHECK = "FMS_WEBACL_RULEGROUP_ASSOCIATION_CHECK"; /** * Checks if a recovery point was created for Amazon FSx File Systems. * @see https://docs.aws.amazon.com/config/latest/developerguide/fsx-last-backup-recovery-point-created.html */ static readonly FSX_LAST_BACKUP_RECOVERY_POINT_CREATED = "FSX_LAST_BACKUP_RECOVERY_POINT_CREATED"; /** * Checks if Amazon FSx File Systems are protected by a backup plan. * @see https://docs.aws.amazon.com/config/latest/developerguide/fsx-resources-protected-by-backup-plan.html */ static readonly FSX_RESOURCES_PROTECTED_BY_BACKUP_PLAN = "FSX_RESOURCES_PROTECTED_BY_BACKUP_PLAN"; /** * Checks whether Amazon GuardDuty is enabled in your AWS account and region. If you provide an AWS account for centralization, * the rule evaluates the Amazon GuardDuty results in the centralized account. * @see https://docs.aws.amazon.com/config/latest/developerguide/guardduty-enabled-centralized.html */ static readonly GUARDDUTY_ENABLED_CENTRALIZED = "GUARDDUTY_ENABLED_CENTRALIZED"; /** * Checks whether the Amazon GuardDuty has findings that are non archived. * @see https://docs.aws.amazon.com/config/latest/developerguide/guardduty-non-archived-findings.html */ static readonly GUARDDUTY_NON_ARCHIVED_FINDINGS = "GUARDDUTY_NON_ARCHIVED_FINDINGS"; /** * Checks that inline policy feature is not in use. * @see https://docs.aws.amazon.com/config/latest/developerguide/iam-no-inline-policy-check.html */ static readonly IAM_NO_INLINE_POLICY_CHECK = "IAM_NO_INLINE_POLICY_CHECK"; /** * Checks whether IAM groups have at least one IAM user. * @see https://docs.aws.amazon.com/config/latest/developerguide/iam-group-has-users-check.html */ static readonly IAM_GROUP_HAS_USERS_CHECK = "IAM_GROUP_HAS_USERS_CHECK"; /** * Checks whether the account password policy for IAM users meets the specified requirements * indicated in the parameters. * @see https://docs.aws.amazon.com/config/latest/developerguide/iam-password-policy.html */ static readonly IAM_PASSWORD_POLICY = "IAM_PASSWORD_POLICY"; /** * Checks whether for each IAM resource, a policy ARN in the input parameter is attached to the IAM resource. * @see https://docs.aws.amazon.com/config/latest/developerguide/iam-policy-blacklisted-check.html */ static readonly IAM_POLICY_BLOCKED_CHECK = "IAM_POLICY_BLACKLISTED_CHECK"; /** * Checks whether the IAM policy ARN is attached to an IAM user, or an IAM group with one or more IAM users, * or an IAM role with one or more trusted entity. * @see https://docs.aws.amazon.com/config/latest/developerguide/iam-policy-in-use.html */ static readonly IAM_POLICY_IN_USE = "IAM_POLICY_IN_USE"; /** * Checks the IAM policies that you create for Allow statements that grant permissions to all actions on all resources. * @see https://docs.aws.amazon.com/config/latest/developerguide/iam-policy-no-statements-with-admin-access.html */ static readonly IAM_POLICY_NO_STATEMENTS_WITH_ADMIN_ACCESS = "IAM_POLICY_NO_STATEMENTS_WITH_ADMIN_ACCESS"; /** * Checks if AWS Identity and Access Management (IAM) policies that you create grant permissions to all actions on individual AWS resources. * @see https://docs.aws.amazon.com/config/latest/developerguide/iam-policy-no-statements-with-full-access.html */ static readonly IAM_POLICY_NO_STATEMENTS_WITH_FULL_ACCESS = "IAM_POLICY_NO_STATEMENTS_WITH_FULL_ACCESS"; /** * Checks that AWS Identity and Access Management (IAM) policies in a list of policies are attached to all AWS roles. * @see https://docs.aws.amazon.com/config/latest/developerguide/iam-role-managed-policy-check.html */ static readonly IAM_ROLE_MANAGED_POLICY_CHECK = "IAM_ROLE_MANAGED_POLICY_CHECK"; /** * Checks whether the root user access key is available. * @see https://docs.aws.amazon.com/config/latest/developerguide/iam-root-access-key-check.html */ static readonly IAM_ROOT_ACCESS_KEY_CHECK = "IAM_ROOT_ACCESS_KEY_CHECK"; /** * Checks whether IAM users are members of at least one IAM group. * @see https://docs.aws.amazon.com/config/latest/developerguide/iam-user-group-membership-check.html */ static readonly IAM_USER_GROUP_MEMBERSHIP_CHECK = "IAM_USER_GROUP_MEMBERSHIP_CHECK"; /** * Checks whether the AWS Identity and Access Management users have multi-factor authentication (MFA) enabled. * @see https://docs.aws.amazon.com/config/latest/developerguide/iam-user-mfa-enabled.html */ static readonly IAM_USER_MFA_ENABLED = "IAM_USER_MFA_ENABLED"; /** * Checks that none of your IAM users have policies attached. IAM users must inherit permissions from IAM groups or roles. * @see https://docs.aws.amazon.com/config/latest/developerguide/iam-user-no-policies-check.html */ static readonly IAM_USER_NO_POLICIES_CHECK = "IAM_USER_NO_POLICIES_CHECK"; /** * Checks whether your AWS Identity and Access Management (IAM) users have passwords or * active access keys that have not been used within the specified number of days you provided. * @see https://docs.aws.amazon.com/config/latest/developerguide/iam-user-unused-credentials-check.html */ static readonly IAM_USER_UNUSED_CREDENTIALS_CHECK = "IAM_USER_UNUSED_CREDENTIALS_CHECK"; /** * Checks that Internet gateways (IGWs) are only attached to an authorized Amazon Virtual Private Cloud (VPCs). * @see https://docs.aws.amazon.com/config/latest/developerguide/internet-gateway-authorized-vpc-only.html */ static readonly INTERNET_GATEWAY_AUTHORIZED_VPC_ONLY = "INTERNET_GATEWAY_AUTHORIZED_VPC_ONLY"; /** * Checks if Amazon Kinesis streams are encrypted at rest with server-side encryption. * @see https://docs.aws.amazon.com/config/latest/developerguide/kinesis-stream-encrypted.html */ static readonly KINESIS_STREAM_ENCRYPTED = "KINESIS_STREAM_ENCRYPTED"; /** * Checks whether customer master keys (CMKs) are not scheduled for deletion in AWS Key Management Service (KMS). * @see https://docs.aws.amazon.com/config/latest/developerguide/kms-cmk-not-scheduled-for-deletion.html */ static readonly KMS_CMK_NOT_SCHEDULED_FOR_DELETION = "KMS_CMK_NOT_SCHEDULED_FOR_DELETION"; /** * Checks whether the AWS Lambda function is configured with function-level concurrent execution limit. * @see https://docs.aws.amazon.com/config/latest/developerguide/lambda-concurrency-check.html */ static readonly LAMBDA_CONCURRENCY_CHECK = "LAMBDA_CONCURRENCY_CHECK"; /** * Checks whether an AWS Lambda function is configured with a dead-letter queue. * @see https://docs.aws.amazon.com/config/latest/developerguide/lambda-dlq-check.html */ static readonly LAMBDA_DLQ_CHECK = "LAMBDA_DLQ_CHECK"; /** * Checks whether the AWS Lambda function policy attached to the Lambda resource prohibits public access. * @see https://docs.aws.amazon.com/config/latest/developerguide/lambda-function-public-access-prohibited.html */ static readonly LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED = "LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED"; /** * Checks that the lambda function settings for runtime, role, timeout, and memory size match the expected values. * @see https://docs.aws.amazon.com/config/latest/developerguide/lambda-function-settings-check.html */ static readonly LAMBDA_FUNCTION_SETTINGS_CHECK = "LAMBDA_FUNCTION_SETTINGS_CHECK"; /** * Checks whether an AWS Lambda function is in an Amazon Virtual Private Cloud. * @see https://docs.aws.amazon.com/config/latest/developerguide/lambda-inside-vpc.html */ static readonly LAMBDA_INSIDE_VPC = "LAMBDA_INSIDE_VPC"; /** * Checks if Lambda has more than 1 availability zone associated. * @see https://docs.aws.amazon.com/config/latest/developerguide/lambda-vpc-multi-az-check.html */ static readonly LAMBDA_VPC_MULTI_AZ_CHECK = "LAMBDA_VPC_MULTI_AZ_CHECK"; /** * Checks whether AWS Multi-Factor Authentication (MFA) is enabled for all IAM users that use a console password. * @see https://docs.aws.amazon.com/config/latest/developerguide/mfa-enabled-for-iam-console-access.html */ static readonly MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS = "MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS"; /** * Checks that there is at least one multi-region AWS CloudTrail. * @see https://docs.aws.amazon.com/config/latest/developerguide/multi-region-cloudtrail-enabled.html */ static readonly CLOUDTRAIL_MULTI_REGION_ENABLED = "MULTI_REGION_CLOUD_TRAIL_ENABLED"; /** * Checks if default ports for SSH/RDP ingress traffic for network access control lists (NACLs) is unrestricted. * @see https://docs.aws.amazon.com/config/latest/developerguide/nacl-no-unrestricted-ssh-rdp.html */ static readonly NACL_NO_UNRESTRICTED_SSH_RDP = "NACL_NO_UNRESTRICTED_SSH_RDP"; /** * Checks if an AWS Network Firewall policy is configured with a user defined stateless default action for fragmented packets. * @see https://docs.aws.amazon.com/config/latest/developerguide/netfw-policy-default-action-fragment-packets.html */ static readonly NETFW_POLICY_DEFAULT_ACTION_FRAGMENT_PACKETS = "NETFW_POLICY_DEFAULT_ACTION_FRAGMENT_PACKETS"; /** * Checks if an AWS Network Firewall policy is configured with a user defined default stateless action for full packets. * @see https://docs.aws.amazon.com/config/latest/developerguide/netfw-policy-default-action-full-packets.html */ static readonly NETFW_POLICY_DEFAULT_ACTION_FULL_PACKETS = "NETFW_POLICY_DEFAULT_ACTION_FULL_PACKETS"; /** * Check AWS Network Firewall policy is associated with stateful OR stateless rule groups. * @see https://docs.aws.amazon.com/config/latest/developerguide/netfw-policy-rule-group-associated.html */ static readonly NETFW_POLICY_RULE_GROUP_ASSOCIATED = "NETFW_POLICY_RULE_GROUP_ASSOCIATED"; /** * Checks if a Stateless Network Firewall Rule Group contains rules. * @see https://docs.aws.amazon.com/config/latest/developerguide/netfw-stateless-rule-group-not-empty.html */ static readonly NETFW_STATELESS_RULE_GROUP_NOT_EMPTY = "NETFW_STATELESS_RULE_GROUP_NOT_EMPTY"; /** * Checks if cross-zone load balancing is enabled on Network Load Balancers (NLBs). * @see https://docs.aws.amazon.com/config/latest/developerguide/nlb-cross-zone-load-balancing-enabled.html */ static readonly NLB_CROSS_ZONE_LOAD_BALANCING_ENABLED = "NLB_CROSS_ZONE_LOAD_BALANCING_ENABLED"; /** * Checks if Amazon OpenSearch Service domains have fine-grained access control enabled. * @see https://docs.aws.amazon.com/config/latest/developerguide/opensearch-access-control-enabled.html */ static readonly OPENSEARCH_ACCESS_CONTROL_ENABLED = "OPENSEARCH_ACCESS_CONTROL_ENABLED"; /** * Checks if Amazon OpenSearch Service domains have audit logging enabled. * @see https://docs.aws.amazon.com/config/latest/developerguide/opensearch-audit-logging-enabled.html */ static readonly OPENSEARCH_AUDIT_LOGGING_ENABLED = "OPENSEARCH_AUDIT_LOGGING_ENABLED"; /** * Checks if Amazon OpenSearch Service domains are configured with at least three data nodes and zoneAwarenessEnabled is true. * @see https://docs.aws.amazon.com/config/latest/developerguide/opensearch-data-node-fault-tolerance.html */ static readonly OPENSEARCH_DATA_NODE_FAULT_TOLERANCE = "OPENSEARCH_DATA_NODE_FAULT_TOLERANCE"; /** * Checks if Amazon OpenSearch Service domains have encryption at rest configuration enabled. * @see https://docs.aws.amazon.com/config/latest/developerguide/opensearch-encrypted-at-rest.html */ static readonly OPENSEARCH_ENCRYPTED_AT_REST = "OPENSEARCH_ENCRYPTED_AT_REST"; /** * Checks whether connections to OpenSearch domains are using HTTPS. * @see https://docs.aws.amazon.com/config/latest/developerguide/opensearch-https-required.html */ static readonly OPENSEARCH_HTTPS_REQUIRED = "OPENSEARCH_HTTPS_REQUIRED"; /** * Checks if Amazon OpenSearch Service domains are in an Amazon Virtual Private Cloud (VPC). * @see https://docs.aws.amazon.com/config/latest/developerguide/opensearch-in-vpc-only.html */ static readonly OPENSEARCH_IN_VPC_ONLY = "OPENSEARCH_IN_VPC_ONLY"; /** * Checks if Amazon OpenSearch Service domains are configured to send logs to Amazon CloudWatch Logs. * @see https://docs.aws.amazon.com/config/latest/developerguide/opensearch-logs-to-cloudwatch.html */ static readonly OPENSEARCH_LOGS_TO_CLOUDWATCH = "OPENSEARCH_LOGS_TO_CLOUDWATCH"; /** * Check if Amazon OpenSearch Service nodes are encrypted end to end. * @see https://docs.aws.amazon.com/config/latest/developerguide/opensearch-node-to-node-encryption-check.html */ static readonly OPENSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK = "OPENSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK"; /** * Checks if Amazon Relational Database Service (RDS) database instances are configured for automatic minor version upgrades. * @see https://docs.aws.amazon.com/config/latest/developerguide/rds-automatic-minor-version-upgrade-enabled.html */ static readonly RDS_AUTOMATIC_MINOR_VERSION_UPGRADE_ENABLED = "RDS_AUTOMATIC_MINOR_VERSION_UPGRADE_ENABLED"; /** * Checks if an Amazon Relational Database Service (Amazon RDS) database cluster has changed the admin username from its default value. * @see https://docs.aws.amazon.com/config/latest/developerguide/rds-cluster-default-admin-check.html */ static readonly RDS_CLUSTER_DEFAULT_ADMIN_CHECK = "RDS_CLUSTER_DEFAULT_ADMIN_CHECK"; /** * Checks if an Amazon Relational Database Service (Amazon RDS) cluster has deletion protection enabled. * @see https://docs.aws.amazon.com/config/latest/developerguide/rds-cluster-deletion-protection-enabled.html */ static readonly RDS_CLUSTER_DELETION_PROTECTION_ENABLED = "RDS_CLUSTER_DELETION_PROTECTION_ENABLED"; /** * Checks if an Amazon RDS Cluster has AWS Identity and Access Management (IAM) authentication enabled. * @see https://docs.aws.amazon.com/config/latest/developerguide/rds-cluster-iam-authentication-enabled.html */ static readonly RDS_CLUSTER_IAM_AUTHENTICATION_ENABLED = "RDS_CLUSTER_IAM_AUTHENTICATION_ENABLED"; /** * Checks if Multi-AZ replication is enabled on Amazon Aurora and Hermes clusters managed by Amazon Relational Database Service (Amazon RDS). * @see https://docs.aws.amazon.com/config/latest/developerguide/rds-cluster-multi-az-enabled.html */ static readonly RDS_CLUSTER_MULTI_AZ_ENABLED = "RDS_CLUSTER_MULTI_AZ_ENABLED"; /** * Checks if an Amazon Relational Database Service (Amazon RDS) database has changed the admin username from its default value. * @see https://docs.aws.amazon.com/config/latest/developerguide/rds-instance-default-admin-check.html */ static readonly RDS_INSTANCE_DEFAULT_ADMIN_CHECK = "RDS_INSTANCE_DEFAULT_ADMIN_CHECK"; /** *Checks if there are any Amazon Relational Database Service (RDS) DB security groups that are not the default DB security group. * @see https://docs.aws.amazon.com/config/latest/developerguide/rds-db-security-group-not-allowed.html */ static readonly RDS_DB_SECURITY_GROUP_NOT_ALLOWED = "RDS_DB_SECURITY_GROUP_NOT_ALLOWED"; /** * Checks if an Amazon Relational Database Service (Amazon RDS) instance has deletion protection enabled. * @see https://docs.aws.amazon.com/config/latest/developerguide/rds-instance-deletion-protection-enabled.html */ static readonly RDS_INSTANCE_DELETION_PROTECTION_ENABLED = "RDS_INSTANCE_DELETION_PROTECTION_ENABLED"; /** * Checks if an Amazon RDS instance has AWS Identity and Access Management (IAM) authentication enabled. * @see https://docs.aws.amazon.com/config/latest/developerguide/rds-instance-iam-authentication-enabled.html */ static readonly RDS_INSTANCE_IAM_AUTHENTICATION_ENABLED = "RDS_INSTANCE_IAM_AUTHENTICATION_ENABLED"; /** * Checks that respective logs of Amazon Relational Database Service (Amazon RDS) are enabled. * @see https://docs.aws.amazon.com/config/latest/developerguide/rds-logging-enabled.html */ static readonly RDS_LOGGING_ENABLED = "RDS_LOGGING_ENABLED"; /** * Checks that Amazon Redshift automated snapshots are enabled for clusters. * @see https://docs.aws.amazon.com/config/latest/developerguide/redshift-backup-enabled.html */ static readonly REDSHIFT_BACKUP_ENABLED = "REDSHIFT_BACKUP_ENABLED"; /** * Checks whether enhanced monitoring is enabled for Amazon Relational Database Service (Amazon RDS) instances. * @see https://docs.aws.amazon.com/config/latest/developerguide/rds-enhanced-monitoring-enabled.html */ static readonly RDS_ENHANCED_MONITORING_ENABLED = "RDS_ENHANCED_MONITORING_ENABLED"; /** * Checks whether Amazon Relational Database Service (Amazon RDS) DB snapshots are encrypted. * @see https://docs.aws.amazon.com/config/latest/developerguide/rds-snapshot-encrypted.html */ static readonly RDS_SNAPSHOT_ENCRYPTED = "RDS_SNAPSHOT_ENCRYPTED"; /** * Checks whether Amazon Redshift clusters require TLS/SSL encryption to connect to SQL clients. * @see https://docs.aws.amazon.com/config/latest/developerguide/redshift-require-tls-ssl.html */ static readonly REDSHIFT_REQUIRE_TLS_SSL = "REDSHIFT_REQUIRE_TLS_SSL"; /** * Checks whether Amazon RDS database is present in back plans of AWS Backup. * @see https://docs.aws.amazon.com/config/latest/developerguide/rds-in-backup-plan.html */ static readonly RDS_IN_BACKUP_PLAN = "RDS_IN_BACKUP_PLAN"; /** * Checks if a recovery point was created for Amazon Relational Database Service (Amazon RDS). * @see https://docs.aws.amazon.com/config/latest/developerguide/rds-last-backup-recovery-point-created.html */ static readonly RDS_LAST_BACKUP_RECOVERY_POINT_CREATED = "RDS_LAST_BACKUP_RECOVERY_POINT_CREATED"; /** * Check whether the Amazon Relational Database Service instances are not publicly accessible. * @see https://docs.aws.amazon.com/config/latest/developerguide/rds-instance-public-access-check.html */ static readonly RDS_INSTANCE_PUBLIC_ACCESS_CHECK = "RDS_INSTANCE_PUBLIC_ACCESS_CHECK"; /** * Checks whether high availability is enabled for your RDS DB instances. * @see https://docs.aws.amazon.com/config/latest/developerguide/rds-multi-az-support.html */ static readonly RDS_MULTI_AZ_SUPPORT = "RDS_MULTI_AZ_SUPPORT"; /** * Checks if Amazon Relational Database Service (Amazon RDS) instances are protected by a backup plan. * @see https://docs.aws.amazon.com/config/latest/developerguide/rds-resources-protected-by-backup-plan.html */ static readonly RDS_RESOURCES_PROTECTED_BY_BACKUP_PLAN = "RDS_RESOURCES_PROTECTED_BY_BACKUP_PLAN"; /** * Checks if Amazon Relational Database Service (Amazon RDS) snapshots are public. * @see https://docs.aws.amazon.com/config/latest/developerguide/rds-snapshots-public-prohibited.html */ static readonly RDS_SNAPSHOTS_PUBLIC_PROHIBITED = "RDS_SNAPSHOTS_PUBLIC_PROHIBITED"; /** * Checks whether storage encryption is enabled for your RDS DB instances. * @see https://docs.aws.amazon.com/config/latest/developerguide/rds-storage-encrypted.html */ static readonly RDS_STORAGE_ENCRYPTED = "RDS_STORAGE_ENCRYPTED"; /** * Checks if Amazon Redshift clusters are logging audits to a specific bucket. * @see https://docs.aws.amazon.com/config/latest/developerguide/redshift-audit-logging-enabled.html */ static readonly REDSHIFT_AUDIT_LOGGING_ENABLED = "REDSHIFT_AUDIT_LOGGING_ENABLED"; /** * Checks whether Amazon Redshift clusters have the specified settings. * @see https://docs.aws.amazon.com/config/latest/developerguide/redshift-cluster-configuration-check.html */ static readonly REDSHIFT_CLUSTER_CONFIGURATION_CHECK = "REDSHIFT_CLUSTER_CONFIGURATION_CHECK"; /** * Checks if Amazon Redshift clusters are using a specified AWS Key Management Service (AWS KMS) key for encryption. * @see https://docs.aws.amazon.com/config/latest/developerguide/redshift-cluster-kms-enabled.html */ static readonly REDSHIFT_CLUSTER_KMS_ENABLED = "REDSHIFT_CLUSTER_KMS_ENABLED"; /** * Checks whether Amazon Redshift clusters have the specified maintenance settings. * @see https://docs.aws.amazon.com/config/latest/developerguide/redshift-cluster-maintenancesettings-check.html */ static readonly REDSHIFT_CLUSTER_MAINTENANCE_SETTINGS_CHECK = "REDSHIFT_CLUSTER_MAINTENANCESETTINGS_CHECK"; /** * Checks whether Amazon Redshift clusters are not publicly accessible. * @see https://docs.aws.amazon.com/config/latest/developerguide/redshift-cluster-public-access-check.html */ static readonly REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK = "REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK"; /** * Checks if an Amazon Redshift cluster has changed the admin username from its default value. * @see https://docs.aws.amazon.com/config/latest/developerguide/redshift-default-admin-check.html */ static readonly REDSHIFT_DEFAULT_ADMIN_CHECK = "REDSHIFT_DEFAULT_ADMIN_CHECK"; /** * Checks if a Redshift cluster has changed its database name from the default value. * @see https://docs.aws.amazon.com/config/latest/developerguide/redshift-default-db-name-check.html */ static readonly REDSHIFT_DEFAULT_DB_NAME_CHECK = "REDSHIFT_DEFAULT_DB_NAME_CHECK"; /** * Checks if Amazon Redshift cluster has 'enhancedVpcRouting' enabled. * @see https://docs.aws.amazon.com/config/latest/developerguide/redshift-enhanced-vpc-routing-enabled.html */ static readonly REDSHIFT_ENHANCED_VPC_ROUTING_ENABLED = "REDSHIFT_ENHANCED_VPC_ROUTING_ENABLED"; /** * Checks whether your resources have the tags that you specify. * For example, you can check whether your Amazon EC2 instances have the CostCenter tag. * @see https://docs.aws.amazon.com/config/latest/developerguide/required-tags.html */ static readonly REQUIRED_TAGS = "REQUIRED_TAGS"; /** * Checks whether the security groups in use do not allow unrestricted incoming TCP traffic to the specified ports. * @see https://docs.aws.amazon.com/config/latest/developerguide/restricted-common-ports.html */ static readonly EC2_SECURITY_GROUPS_RESTRICTED_INCOMING_TRAFFIC = "RESTRICTED_INCOMING_TRAFFIC"; /** * Checks whether the incoming SSH traffic for the security groups is accessible. * @see https://docs.aws.amazon.com/config/latest/developerguide/restricted-ssh.html */ static readonly EC2_SECURITY_GROUPS_INCOMING_SSH_DISABLED = "INCOMING_SSH_DISABLED"; /** * Checks whether your AWS account is enabled to use multi-factor authentication (MFA) hardware * device to sign in with root credentials. * @see https://docs.aws.amazon.com/config/latest/developerguide/root-account-hardware-mfa-enabled.html */ static readonly ROOT_ACCOUNT_HARDWARE_MFA_ENABLED = "ROOT_ACCOUNT_HARDWARE_MFA_ENABLED"; /** * Checks whether users of your AWS account require a multi-factor authentication (MFA) device * to sign in with root credentials. * @see https://docs.aws.amazon.com/config/latest/developerguide/root-account-mfa-enabled.html */ static readonly ROOT_ACCOUNT_MFA_ENABLED = "ROOT_ACCOUNT_MFA_ENABLED"; /** * Checks whether Amazon Simple Storage Service (Amazon S3) bucket has lock enabled, by default. * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-default-lock-enabled.html */ static readonly S3_BUCKET_DEFAULT_LOCK_ENABLED = "S3_BUCKET_DEFAULT_LOCK_ENABLED"; /** * Checks whether the Amazon Simple Storage Service (Amazon S3) buckets are encrypted * with AWS Key Management Service (AWS KMS). * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-default-encryption-kms.html */ static readonly S3_DEFAULT_ENCRYPTION_KMS = "S3_DEFAULT_ENCRYPTION_KMS"; /** * Checks that AWS Security Hub is enabled for an AWS account. * @see https://docs.aws.amazon.com/config/latest/developerguide/securityhub-enabled.html */ static readonly SECURITYHUB_ENABLED = "SECURITYHUB_ENABLED"; /** * Checks whether Amazon SNS topic is encrypted with AWS Key Management Service (AWS KMS). * @see https://docs.aws.amazon.com/config/latest/developerguide/sns-encrypted-kms.html */ static readonly SNS_ENCRYPTED_KMS = "SNS_ENCRYPTED_KMS"; /** * Checks if Amazon Simple Notification Service (SNS) logging is enabled * for the delivery status of notification messages sent to a topic for the endpoints. * @see https://docs.aws.amazon.com/config/latest/developerguide/sns-topic-message-delivery-notification-enabled.html */ static readonly SNS_TOPIC_MESSAGE_DELIVERY_NOTIFICATION_ENABLED = "SNS_TOPIC_MESSAGE_DELIVERY_NOTIFICATION_ENABLED"; /** * Checks if AWS Systems Manager documents owned by the account are public. * @see https://docs.aws.amazon.com/config/latest/developerguide/ssm-document-not-public.html */ static readonly SSM_DOCUMENT_NOT_PUBLIC = "SSM_DOCUMENT_NOT_PUBLIC"; /** * Checks if a recovery point was created for AWS Storage Gateway volumes. * @see https://docs.aws.amazon.com/config/latest/developerguide/storagegateway-last-backup-recovery-point-created.html */ static readonly STORAGEGATEWAY_LAST_BACKUP_RECOVERY_POINT_CREATED = "STORAGEGATEWAY_LAST_BACKUP_RECOVERY_POINT_CREATED"; /** * hecks if Amazon Virtual Private Cloud (Amazon VPC) subnets are assigned a public IP address. * @see https://docs.aws.amazon.com/config/latest/developerguide/subnet-auto-assign-public-ip-disabled.html */ static readonly SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED = "SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED"; /** * Checks whether the required public access block settings are configured from account level. * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-account-level-public-access-blocks.html */ static readonly S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS = "S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS"; /** * Checks if the required public access block settings are configured from account level. * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-account-level-public-access-blocks-periodic.html */ static readonly S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC = "S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC"; /** * Checks if Amazon Simple Storage Service (Amazon S3) Buckets allow user permissions through access control lists (ACLs). * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-acl-prohibited.html */ static readonly S3_BUCKET_ACL_PROHIBITED = "S3_BUCKET_ACL_PROHIBITED"; /** * Checks if the Amazon Simple Storage Service bucket policy does not allow blacklisted bucket-level * and object-level actions on resources in the bucket for principals from other AWS accounts. * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-blacklisted-actions-prohibited.html */ static readonly S3_BUCKET_BLOCKED_ACTIONS_PROHIBITED = "S3_BUCKET_BLACKLISTED_ACTIONS_PROHIBITED"; /** * Checks if Amazon Simple Storage Service (Amazon S3) buckets are publicly accessible. * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-level-public-access-prohibited.html */ static readonly S3_BUCKET_LEVEL_PUBLIC_ACCESS_PROHIBITED = "S3_BUCKET_LEVEL_PUBLIC_ACCESS_PROHIBITED"; /** * Checks whether logging is enabled for your S3 buckets. * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-logging-enabled.html */ static readonly S3_BUCKET_LOGGING_ENABLED = "S3_BUCKET_LOGGING_ENABLED"; /** * Checks that the access granted by the Amazon S3 bucket is restricted by any of the AWS principals, federated users, * service principals, IP addresses, or VPCs that you provide. * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-policy-grantee-check.html */ static readonly S3_BUCKET_POLICY_GRANTEE_CHECK = "S3_BUCKET_POLICY_GRANTEE_CHECK"; /** * Checks if your Amazon Simple Storage Service bucket policies do not allow other inter-account permissions * than the control Amazon S3 bucket policy that you provide. * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-policy-not-more-permissive.html */ static readonly S3_BUCKET_POLICY_NOT_MORE_PERMISSIVE = "S3_BUCKET_POLICY_NOT_MORE_PERMISSIVE"; /** * Checks if your Amazon S3 buckets do not allow public read access. * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-public-read-prohibited.html */ static readonly S3_BUCKET_PUBLIC_READ_PROHIBITED = "S3_BUCKET_PUBLIC_READ_PROHIBITED"; /** * Checks that your Amazon S3 buckets do not allow public write access. * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-public-write-prohibited.html */ static readonly S3_BUCKET_PUBLIC_WRITE_PROHIBITED = "S3_BUCKET_PUBLIC_WRITE_PROHIBITED"; /** * Checks whether S3 buckets have cross-region replication enabled. * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-replication-enabled.html */ static readonly S3_BUCKET_REPLICATION_ENABLED = "S3_BUCKET_REPLICATION_ENABLED"; /** * Checks that your Amazon S3 bucket either has Amazon S3 default encryption enabled or that the * S3 bucket policy explicitly denies put-object requests without server side encryption that * uses AES-256 or AWS Key Management Service. * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-server-side-encryption-enabled.html */ static readonly S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED = "S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED"; /** * Checks whether S3 buckets have policies that require requests to use Secure Socket Layer (SSL). * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-ssl-requests-only.html */ static readonly S3_BUCKET_SSL_REQUESTS_ONLY = "S3_BUCKET_SSL_REQUESTS_ONLY"; /** * Checks whether versioning is enabled for your S3 buckets. * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-versioning-enabled.html */ static readonly S3_BUCKET_VERSIONING_ENABLED = "S3_BUCKET_VERSIONING_ENABLED"; /** * Checks if Amazon S3 Events Notifications are enabled on an S3 bucket. * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-event-notifications-enabled.html */ static readonly S3_EVENT_NOTIFICATIONS_ENABLED = "S3_EVENT_NOTIFICATIONS_ENABLED"; /** * Checks if a recovery point was created for Amazon Simple Storage Service (Amazon S3). * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-last-backup-recovery-point-created.html */ static readonly S3_LAST_BACKUP_RECOVERY_POINT_CREATED = "S3_LAST_BACKUP_RECOVERY_POINT_CREATED"; /** * Checks if a lifecycle rule is configured for an Amazon Simple Storage Service (Amazon S3) bucket. * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-lifecycle-policy-check.html */ static readonly S3_LIFECYCLE_POLICY_CHECK = "S3_LIFECYCLE_POLICY_CHECK"; /** * Checks if Amazon Simple Storage Service (Amazon S3) buckets are protected by a backup plan. * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-resources-protected-by-backup-plan.html */ static readonly S3_RESOURCES_PROTECTED_BY_BACKUP_PLAN = "S3_RESOURCES_PROTECTED_BY_BACKUP_PLAN"; /** * Checks if Amazon Simple Storage Service (Amazon S3) version enabled buckets have lifecycle policy configured. * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-version-lifecycle-policy-check.html */ static readonly S3_VERSION_LIFECYCLE_POLICY_CHECK = "S3_VERSION_LIFECYCLE_POLICY_CHECK"; /** * Checks whether AWS Key Management Service (KMS) key is configured for an Amazon SageMaker endpoint configuration. * @see https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-endpoint-configuration-kms-key-configured.html */ static readonly SAGEMAKER_ENDPOINT_CONFIGURATION_KMS_KEY_CONFIGURED = "SAGEMAKER_ENDPOINT_CONFIGURATION_KMS_KEY_CONFIGURED"; /** * Check whether an AWS Key Management Service (KMS) key is configured for SageMaker notebook instance. * @see https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-notebook-instance-kms-key-configured.html */ static readonly SAGEMAKER_NOTEBOOK_INSTANCE_KMS_KEY_CONFIGURED = "SAGEMAKER_NOTEBOOK_INSTANCE_KMS_KEY_CONFIGURED"; /** * Checks whether direct internet access is disabled for an Amazon SageMaker notebook instance. * @see https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-notebook-no-direct-internet-access.html */ static readonly SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS = "SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS"; /** * Checks whether AWS Secrets Manager secret has rotation enabled. * @see https://docs.aws.amazon.com/config/latest/developerguide/secretsmanager-rotation-enabled-check.html */ static readonly SECRETSMANAGER_ROTATION_ENABLED_CHECK = "SECRETSMANAGER_ROTATION_ENABLED_CHECK"; /** * Checks whether AWS Secrets Manager secret rotation has rotated successfully as per the rotation schedule. * @see https://docs.aws.amazon.com/config/latest/developerguide/secretsmanager-scheduled-rotation-success-check.html */ static readonly SECRETSMANAGER_SCHEDULED_ROTATION_SUCCESS_CHECK = "SECRETSMANAGER_SCHEDULED_ROTATION_SUCCESS_CHECK"; /** * Checks if AWS Secrets Manager secrets have been rotated in the past specified number of days. * @see https://docs.aws.amazon.com/config/latest/developerguide/secretsmanager-secret-periodic-rotation.html */ static readonly SECRETSMANAGER_SECRET_PERIODIC_ROTATION = "SECRETSMANAGER_SECRET_PERIODIC_ROTATION"; /** * Checks if AWS Secrets Manager secrets have been accessed within a specified number of days. * @see https://docs.aws.amazon.com/config/latest/developerguide/secretsmanager-secret-unused.html */ static readonly SECRETSMANAGER_SECRET_UNUSED = "SECRETSMANAGER_SECRET_UNUSED"; /** * Checks if all secrets in AWS Secrets Manager are encrypted using the AWS managed key (aws/secretsmanager) * or a customer managed key that was created in AWS Key Management Service (AWS KMS). * @see https://docs.aws.amazon.com/config/latest/developerguide/secretsmanager-using-cmk.html */ static readonly SECRETSMANAGER_USING_CMK = "SECRETSMANAGER_USING_CMK"; /** * Checks whether Service Endpoint for the service provided in rule parameter is created for each Amazon VPC. * @see https://docs.aws.amazon.com/config/latest/developerguide/service-vpc-endpoint-enabled.html */ static readonly SERVICE_VPC_ENDPOINT_ENABLED = "SERVICE_VPC_ENDPOINT_ENABLED"; /** * Checks whether EBS volumes are attached to EC2 instances. * @see https://docs.aws.amazon.com/config/latest/developerguide/shield-advanced-enabled-autorenew.html */ static readonly SHIELD_ADVANCED_ENABLED_AUTO_RENEW = "SHIELD_ADVANCED_ENABLED_AUTORENEW"; /** * Verify that DDoS response team (DRT) can access AWS account. * @see https://docs.aws.amazon.com/config/latest/developerguide/shield-drt-access.html */ static readonly SHIELD_DRT_ACCESS = "SHIELD_DRT_ACCESS"; /** * Checks if a recovery point was created for AWS Backup-Gateway VirtualMachines. * @see https://docs.aws.amazon.com/config/latest/developerguide/virtualmachine-last-backup-recovery-point-created.html */ static readonly VIRTUALMACHINE_LAST_BACKUP_RECOVERY_POINT_CREATED = "VIRTUALMACHINE_LAST_BACKUP_RECOVERY_POINT_CREATED"; /** * Checks if AWS Backup-Gateway VirtualMachines are protected by a backup plan. * @see https://docs.aws.amazon.com/config/latest/developerguide/virtualmachine-resources-protected-by-backup-plan.html */ static readonly VIRTUALMACHINE_RESOURCES_PROTECTED_BY_BACKUP_PLAN = "VIRTUALMACHINE_RESOURCES_PROTECTED_BY_BACKUP_PLAN"; /** * Checks that the default security group of any Amazon Virtual Private Cloud (VPC) does not * allow inbound or outbound traffic. The rule returns NOT_APPLICABLE if the security group * is not default. * @see https://docs.aws.amazon.com/config/latest/developerguide/vpc-default-security-group-closed.html */ static readonly VPC_DEFAULT_SECURITY_GROUP_CLOSED = "VPC_DEFAULT_SECURITY_GROUP_CLOSED"; /** * Checks whether Amazon Virtual Private Cloud flow logs are found and enabled for Amazon VPC. * @see https://docs.aws.amazon.com/config/latest/developerguide/vpc-flow-logs-enabled.html */ static readonly VPC_FLOW_LOGS_ENABLED = "VPC_FLOW_LOGS_ENABLED"; /** * Checks if there are unused network access control lists (network ACLs). * @see https://docs.aws.amazon.com/config/latest/developerguide/vpc-network-acl-unused-check.html */ static readonly VPC_NETWORK_ACL_UNUSED_CHECK = "VPC_NETWORK_ACL_UNUSED_CHECK"; /** * Checks if DNS resolution from accepter/requester VPC to private IP is enabled. * @see https://docs.aws.amazon.com/config/latest/developerguide/vpc-peering-dns-resolution-check.html */ static readonly VPC_PEERING_DNS_RESOLUTION_CHECK = "VPC_PEERING_DNS_RESOLUTION_CHECK"; /** * Checks whether the security group with 0.0.0.0/0 of any Amazon Virtual Private Cloud (Amazon VPC) * allows only specific inbound TCP or UDP traffic. * @see https://docs.aws.amazon.com/config/latest/developerguide/vpc-sg-open-only-to-authorized-ports.html */ static readonly VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS = "VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS"; /** * Checks that both AWS Virtual Private Network tunnels provided by AWS Site-to-Site VPN are in * UP status. * @see https://docs.aws.amazon.com/config/latest/developerguide/vpc-vpn-2-tunnels-up.html */ static readonly VPC_VPN_2_TUNNELS_UP = "VPC_VPN_2_TUNNELS_UP"; /** * Checks if logging is enabled on AWS Web Application Firewall (WAF) classic global web ACLs. * @see https://docs.aws.amazon.com/config/latest/developerguide/waf-classic-logging-enabled.html */ static readonly WAF_CLASSIC_LOGGING_ENABLED = "WAF_CLASSIC_LOGGING_ENABLED"; /** * Checks whether logging is enabled on AWS Web Application Firewall (WAFV2) regional and global * web access control list (ACLs). * @see https://docs.aws.amazon.com/config/latest/developerguide/wafv2-logging-enabled.html */ static readonly WAFV2_LOGGING_ENABLED = "WAFV2_LOGGING_ENABLED"; /** * Checks if an AWS WAF Classic rule group contains any rules. * @see https://docs.aws.amazon.com/config/latest/developerguide/waf-global-rulegroup-not-empty.html */ static readonly WAF_GLOBAL_RULEGROUP_NOT_EMPTY = "WAF_GLOBAL_RULEGROUP_NOT_EMPTY"; /** * Checks if an AWS WAF global rule contains any conditions. * @see https://docs.aws.amazon.com/config/latest/developerguide/waf-global-rule-not-empty.html */ static readonly WAF_GLOBAL_RULE_NOT_EMPTY = "WAF_GLOBAL_RULE_NOT_EMPTY"; /** * Checks whether a WAF Global Web ACL contains any WAF rules or rule groups. * @see https://docs.aws.amazon.com/config/latest/developerguide/waf-global-webacl-not-empty.html */ static readonly WAF_GLOBAL_WEBACL_NOT_EMPTY = "WAF_GLOBAL_WEBACL_NOT_EMPTY"; /** * Checks if WAF Regional rule groups contain any rules. * @see https://docs.aws.amazon.com/config/latest/developerguide/waf-regional-rulegroup-not-empty.html */ static readonly WAF_REGIONAL_RULEGROUP_NOT_EMPTY = "WAF_REGIONAL_RULEGROUP_NOT_EMPTY"; /** * Checks whether WAF regional rule contains conditions. * @see https://docs.aws.amazon.com/config/latest/developerguide/waf-regional-rule-not-empty.html */ static readonly WAF_REGIONAL_RULE_NOT_EMPTY = "WAF_REGIONAL_RULE_NOT_EMPTY"; /** * Checks if a WAF regional Web ACL contains any WAF rules or rule groups. * @see https://docs.aws.amazon.com/config/latest/developerguide/waf-regional-webacl-not-empty.html */ static readonly WAF_REGIONAL_WEBACL_NOT_EMPTY = "WAF_REGIONAL_WEBACL_NOT_EMPTY"; private constructor(); } /** * Resources types that are supported by AWS Config * @see https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html */ export declare class ResourceType { /** API Gateway Stage */ static readonly APIGATEWAY_STAGE: ResourceType; /** API Gatewayv2 Stage */ static readonly APIGATEWAYV2_STAGE: ResourceType; /** API Gateway REST API */ static readonly APIGATEWAY_REST_API: ResourceType; /** API Gatewayv2 API */ static readonly APIGATEWAYV2_API: ResourceType; /** Amazon CloudFront Distribution */ static readonly CLOUDFRONT_DISTRIBUTION: ResourceType; /** Amazon CloudFront streaming distribution */ static readonly CLOUDFRONT_STREAMING_DISTRIBUTION: ResourceType; /** Amazon CloudWatch Alarm */ static readonly CLOUDWATCH_ALARM: ResourceType; /** Amazon CloudWatch RUM */ static readonly CLOUDWATCH_RUM_APP_MONITOR: ResourceType; /** Amazon DynamoDB Table */ static readonly DYNAMODB_TABLE: ResourceType; /** Elastic Block Store (EBS) volume */ static readonly EBS_VOLUME: ResourceType; /** EC2 host */ static readonly EC2_HOST: ResourceType; /** EC2 Elastic IP */ static readonly EC2_EIP: ResourceType; /** EC2 instance */ static readonly EC2_INSTANCE: ResourceType; /** EC2 Network Interface */ static readonly EC2_NETWORK_INTERFACE: ResourceType; /** EC2 security group */ static readonly EC2_SECURITY_GROUP: ResourceType; /** EC2 NAT gateway */ static readonly EC2_NAT_GATEWAY: ResourceType; /** EC2 Egress only internet gateway */ static readonly EC2_EGRESS_ONLY_INTERNET_GATEWAY: ResourceType; /** EC2 flow log */ static readonly EC2_FLOW_LOG: ResourceType; /** EC2 transit gateway */ static readonly EC2_TRANSIT_GATEWAY: ResourceType; /** EC2 transit gateway attachment */ static readonly EC2_TRANSIT_GATEWAY_ATTACHMENT: ResourceType; /** EC2 transit gateway route table */ static readonly EC2_TRANSIT_GATEWAY_ROUTE_TABLE: ResourceType; /** EC2 VPC endpoint */ static readonly EC2_VPC_ENDPOINT: ResourceType; /** EC2 VPC endpoint service */ static readonly EC2_VPC_ENDPOINT_SERVICE: ResourceType; /** EC2 VPC peering connection */ static readonly EC2_VPC_PEERING_CONNECTION: ResourceType; /** EC2 registered HA instance */ static readonly EC2_REGISTERED_HA_INSTANCE: ResourceType; /** EC2 launch template */ static readonly EC2_LAUNCH_TEMPLATE: ResourceType; /** EC2 Network Insights Access Scope Analysis */ static readonly EC2_NETWORK_INSIGHTS_ACCESS_SCOPE_ANALYSIS: ResourceType; /** EC2 Image Builder ContainerRecipe */ static readonly IMAGEBUILDER_CONTAINER_RECIPE: ResourceType; /** EC2 Image Builder DistributionConfiguration */ static readonly IMAGEBUILDER_DISTRIBUTION_CONFIGURATION: ResourceType; /** EC2 Image Builder InfrastructureConfiguration */ static readonly IMAGEBUILDER_INFRASTRUCTURE_CONFIGURATION: ResourceType; /** Amazon ECR repository */ static readonly ECR_REPOSITORY: ResourceType; /** Amazon ECR registry policy */ static readonly ECR_REGISTRY_POLICY: ResourceType; /** Amazon ECR public repository */ static readonly ECR_PUBLIC_REPOSITORY: ResourceType; /** Amazon ECS cluster */ static readonly ECS_CLUSTER: ResourceType; /** Amazon ECS task definition */ static readonly ECS_TASK_DEFINITION: ResourceType; /** Amazon ECS service */ static readonly ECS_SERVICE: ResourceType; /** Amazon EFS file system */ static readonly EFS_FILE_SYSTEM: ResourceType; /** Amazon EFS access point */ static readonly EFS_ACCESS_POINT: ResourceType; /** Amazon Elastic Kubernetes Service cluster */ static readonly EKS_CLUSTER: ResourceType; /** Amazon Elastic Kubernetes Service identity provider config */ static readonly EKS_IDENTITY_PROVIDER_CONFIG: ResourceType; /** Amazon Elastic Kubernetes Service addon */ static readonly EKS_ADDON: ResourceType; /** Amazon EMR security configuration */ static readonly EMR_SECURITY_CONFIGURATION: ResourceType; /** Amazon EventBridge EventBus */ static readonly EVENTBRIDGE_EVENTBUS: ResourceType; /** Amazon EventBridge Api Destination */ static readonly EVENTBRIDGE_API_DESTINATION: ResourceType; /** Amazon EventBridge Archive */ static readonly EVENTBRIDGE_ARCHIVE: ResourceType; /** Amazon EventBridge Endpoint */ static readonly EVENTBRIDGE_ENDPOINT: ResourceType; /** Amazon EventBridge EventSchemas registry */ static readonly EVENTSCHEMAS_REGISTRY: ResourceType; /** Amazon EventBridge EventSchemas registry policy */ static readonly EVENTSCHEMAS_REGISTRY_POLICY: ResourceType; /** Amazon EventBridge EventSchemas discoverer */ static readonly EVENTSCHEMAS_DISCOVERER: ResourceType; /** AWS FraudDetector label */ static readonly FRAUDDETECTOR_LABEL: ResourceType; /** AWS FraudDetector entity type */ static readonly FRAUDDETECTOR_ENTITY_TYPE: ResourceType; /** AWS FraudDetector variable */ static readonly FRAUDDETECTOR_VARIABLE: ResourceType; /** AWS FraudDetector outcome */ static readonly FRAUDDETECTOR_OUTCOME: ResourceType; /** Amazon GuardDuty detector */ static readonly GUARDDUTY_DETECTOR: ResourceType; /** Amazon GuardDuty Threat Intel Set */ static readonly GUARDDUTY_THREAT_INTEL_SET: ResourceType; /** Amazon GuardDuty IP Set */ static readonly GUARDDUTY_IP_SET: ResourceType; /** Amazon GuardDuty Filter */ static readonly GUARDDUTY_FILTER: ResourceType; /** Amazon ElasticSearch domain */ static readonly ELASTICSEARCH_DOMAIN: ResourceType; /** Amazon Interactive Video Service (IVS) channel */ static readonly IVS_CHANNEL: ResourceType; /** Amazon Interactive Video Service (IVS) recording configuration */ static readonly IVS_RECORDING_CONFIGURATION: ResourceType; /** Amazon Interactive Video Service (IVS) playback key pair */ static readonly IVS_PLAYBACK_KEYPAIR: ResourceType; /** Amazon OpenSearch domain */ static readonly OPENSEARCH_DOMAIN: ResourceType; /** Amazon QLDB ledger */ static readonly QLDB_LEDGER: ResourceType; /** Amazon Kinesis stream */ static readonly KINESIS_STREAM: ResourceType; /** Amazon Kinesis stream consumer */ static readonly KINESIS_STREAM_CONSUMER: ResourceType; /** Amazon Kinesis Analytics V2 application */ static readonly KINESIS_ANALYTICS_V2_APPLICATION: ResourceType; /** Amazon Lightsail Certificate */ static readonly LIGHTSAIL_CERTIFICATE: ResourceType; /** Amazon Lightsail Disk */ static readonly LIGHTSAIL_DISK: ResourceType; /** AWS Lightsail bucket */ static readonly LIGHTSAIL_BUCKET: ResourceType; /** AWS Lightsail static IP */ static readonly LIGHTSAIL_STATIC_IP: ResourceType; /** Amazon MQ broker */ static readonly AMAZON_MQ_BROKER: ResourceType; /** Amazon MSK cluster */ static readonly MSK_CLUSTER: ResourceType; /** Amazon Redshift cluster */ static readonly REDSHIFT_CLUSTER: ResourceType; /** Amazon Redshift cluster parameter group */ static readonly REDSHIFT_CLUSTER_PARAMETER_GROUP: ResourceType; /** Amazon Redshift cluster security group */ static readonly REDSHIFT_CLUSTER_SECURITY_GROUP: ResourceType; /** Amazon Redshift cluster snapshot */ static readonly REDSHIFT_CLUSTER_SNAPSHOT: ResourceType; /** Amazon Redshift cluster subnet group */ static readonly REDSHIFT_CLUSTER_SUBNET_GROUP: ResourceType; /** Amazon Redshift event subscription */ static readonly REDSHIFT_EVENT_SUBSCRIPTION: ResourceType; /** Amazon RDS database instance */ static readonly RDS_DB_INSTANCE: ResourceType; /** Amazon RDS database security group */ static readonly RDS_DB_SECURITY_GROUP: ResourceType; /** Amazon RDS database snapshot */ static readonly RDS_DB_SNAPSHOT: ResourceType; /** Amazon RDS database subnet group */ static readonly RDS_DB_SUBNET_GROUP: ResourceType; /** Amazon RDS event subscription */ static readonly RDS_EVENT_SUBSCRIPTION: ResourceType; /** Amazon RDS database cluster */ static readonly RDS_DB_CLUSTER: ResourceType; /** Amazon RDS database cluster snapshot */ static readonly RDS_DB_CLUSTER_SNAPSHOT: ResourceType; /** Amazon RDS global cluster */ static readonly RDS_GLOBAL_CLUSTER: ResourceType; /** Amazon Route53 Hosted Zone */ static readonly ROUTE53_HOSTED_ZONE: ResourceType; /** Amazon Route53 Health Check */ static readonly ROUTE53_HEALTH_CHECK: ResourceType; /** Amazon Route53 resolver resolver endpoint */ static readonly ROUTE53_RESOLVER_RESOLVER_ENDPOINT: ResourceType; /** Amazon Route53 resolver resolver rule */ static readonly ROUTE53_RESOLVER_RESOLVER_RULE: ResourceType; /** Amazon Route53 resolver resolver rule association */ static readonly ROUTE53_RESOLVER_RESOLVER_RULE_ASSOCIATION: ResourceType; /** Amazon Route 53 Application Recovery Controller Cell */ static readonly ROUTE53_RECOVERY_READINESS_CELL: ResourceType; /** Amazon Route 53 Application Recovery Controller Readiness Check */ static readonly ROUTE53_RECOVERY_READINESS_READINESS_CHECK: ResourceType; /** Amazon Route53 recovery readiness recovery group */ static readonly ROUTE53_RECOVERY_READINESS_RECOVERY_GROUP: ResourceType; /** Amazon SQS queue */ static readonly SQS_QUEUE: ResourceType; /** Amazon SNS topic */ static readonly SNS_TOPIC: ResourceType; /** Amazon S3 bucket */ static readonly S3_BUCKET: ResourceType; /** Amazon S3 Multi-Region Access Point */ static readonly S3_MULTIREGION_ACCESS_POINT: ResourceType; /** Amazon SageMaker code repository */ static readonly SAGEMAKER_CODE_REPOSITORY: ResourceType; /** Amazon SageMaker model */ static readonly SAGEMAKER_MODEL: ResourceType; /** Amazon SageMaker notebook instance */ static readonly SAGEMAKER_NOTEBOOK_INSTANCE: ResourceType; /** Amazon SageMaker workteam */ static readonly SAGEMAKER_WORKTEAM: ResourceType; /** Amazon SES Configuration Set */ static readonly SES_CONFIGURATION_SET: ResourceType; /** Amazon SES Contact List */ static readonly SES_CONTACT_LIST: ResourceType; /** Amazon SES Template */ static readonly SES_TEMPLATE: ResourceType; /** Amazon SES ReceiptFilter */ static readonly SES_RECEIPT_FILTER: ResourceType; /** Amazon SES ReceiptRuleSet */ static readonly SES_RECEIPT_RECEIPT_RULE_SET: ResourceType; /** Amazon S3 account public access block */ static readonly S3_ACCOUNT_PUBLIC_ACCESS_BLOCK: ResourceType; /** Amazon EC2 customer gateway */ static readonly EC2_CUSTOMER_GATEWAY: ResourceType; /** Amazon EC2 internet gateway */ static readonly EC2_INTERNET_GATEWAY: ResourceType; /** Amazon EC2 network ACL */ static readonly EC2_NETWORK_ACL: ResourceType; /** Amazon EC2 route table */ static readonly EC2_ROUTE_TABLE: ResourceType; /** Amazon EC2 subnet table */ static readonly EC2_SUBNET: ResourceType; /** Amazon EC2 VPC */ static readonly EC2_VPC: ResourceType; /** Amazon EC2 VPN connection */ static readonly EC2_VPN_CONNECTION: ResourceType; /** Amazon EC2 VPN gateway */ static readonly EC2_VPN_GATEWAY: ResourceType; /** AWS Auto Scaling group */ static readonly AUTO_SCALING_GROUP: ResourceType; /** AWS Auto Scaling launch configuration */ static readonly AUTO_SCALING_LAUNCH_CONFIGURATION: ResourceType; /** AWS Auto Scaling policy */ static readonly AUTO_SCALING_POLICY: ResourceType; /** AWS Auto Scaling scheduled action */ static readonly AUTO_SCALING_SCHEDULED_ACTION: ResourceType; /** Amazon WorkSpaces connection alias */ static readonly WORKSPACES_CONNECTION_ALIAS: ResourceType; /** Amazon WorkSpaces workSpace */ static readonly WORKSPACES_WORKSPACE: ResourceType; /** AWS AppConfig application */ static readonly APPCONFIG_APPLICATION: ResourceType; /** AWS AppConfig environment */ static readonly APPCONFIG_ENVIRONMENT: ResourceType; /** AWS AppConfig configuration profile */ static readonly APPCONFIG_CONFIGURATION_PROFILE: ResourceType; /** AWS AppSync GraphQL Api */ static readonly APPSYNC_GRAPHQL_API: ResourceType; /** AWS Backup backup plan */ static readonly BACKUP_BACKUP_PLAN: ResourceType; /** AWS Backup backup selection */ static readonly BACKUP_BACKUP_SELECTION: ResourceType; /** AWS Backup backup vault */ static readonly BACKUP_BACKUP_VAULT: ResourceType; /** AWS Backup recovery point */ static readonly BACKUP_RECOVERY_POINT: ResourceType; /** AWS Backup report plan */ static readonly BACKUP_REPORT_PLAN: ResourceType; /** AWS Batch job queue */ static readonly BATCH_JOB_QUEUE: ResourceType; /** AWS Batch compute environment */ static readonly BATCH_COMPUTE_ENVIRONMENT: ResourceType; /** AWS Certificate manager certificate */ static readonly ACM_CERTIFICATE: ResourceType; /** AWS CloudFormation stack */ static readonly CLOUDFORMATION_STACK: ResourceType; /** AWS CloudTrail trail */ static readonly CLOUDTRAIL_TRAIL: ResourceType; /** AWS Cloud9 environment EC2 */ static readonly CLOUD9_ENVIRONMENT_EC2: ResourceType; /** AWS Cloud Map(ServiceDiscovery) service */ static readonly SERVICEDISCOVERY_SERVICE: ResourceType; /** AWS Cloud Map(ServiceDiscovery) Public Dns Namespace */ static readonly SERVICEDISCOVERY_PUBLIC_DNS_NAMESPACE: ResourceType; /** AWS Cloud Map(ServiceDiscovery) Http Namespace */ static readonly SERVICEDISCOVERY_HTTP_NAMESPACE: ResourceType; /** AWS CodeBuild project */ static readonly CODEBUILD_PROJECT: ResourceType; /** AWS CodeDeploy application */ static readonly CODEDEPLOY_APPLICATION: ResourceType; /** AWS CodeDeploy deployment config */ static readonly CODEDEPLOY_DEPLOYMENT_CONFIG: ResourceType; /** AWS CodeDeploy deployment group */ static readonly CODEDEPLOY_DEPLOYMENT_GROUP: ResourceType; /** AWS CodePipeline pipeline */ static readonly CODEPIPELINE_PIPELINE: ResourceType; /** AWS Config resource compliance */ static readonly CONFIG_RESOURCE_COMPLIANCE: ResourceType; /** AWS Config conformance pack compliance */ static readonly CONFIG_CONFORMANCE_PACK_COMPLIANCE: ResourceType; /** AWS DMS event subscription */ static readonly DMS_EVENT_SUBSCRIPTION: ResourceType; /** AWS DMS replication subnet group */ static readonly DMS_REPLICATION_SUBNET_GROUP: ResourceType; /** AWS DataSync location SMB */ static readonly DATASYNC_LOCATION_SMB: ResourceType; /** AWS DataSync location FSx Lustre */ static readonly DATASYNC_LOCATION_FSX_LUSTRE: ResourceType; /** AWS DataSync location FSx Windows */ static readonly DATASYNC_LOCATION_FSX_WINDOWS: ResourceType; /** AWS DataSync location S3 */ static readonly DATASYNC_LOCATION_S3: ResourceType; /** AWS DataSync location EFS */ static readonly DATASYNC_LOCATION_EFS: ResourceType; /** AWS DataSync task */ static readonly DATASYNC_TASK: ResourceType; /** AWS DataSync location NFS */ static readonly DATASYNC_LOCATION_NFS: ResourceType; /** AWS DataSync location object storage */ static readonly DATASYNC_LOCATION_OBJECT_STORAGE: ResourceType; /** AWS DataSync location HDFS */ static readonly DATASYNC_LOCATION_HDFS: ResourceType; /** AWS Elastic Beanstalk (EB) application */ static readonly ELASTIC_BEANSTALK_APPLICATION: ResourceType; /** AWS Elastic Beanstalk (EB) application version */ static readonly ELASTIC_BEANSTALK_APPLICATION_VERSION: ResourceType; /** AWS Elastic Beanstalk (EB) environment */ static readonly ELASTIC_BEANSTALK_ENVIRONMENT: ResourceType; /** AWS Fault Injection Simulator Experiment_Template */ static readonly FIS_EXPERIMENT_TEMPLATE: ResourceType; /** AWS GlobalAccelerator listener */ static readonly GLOBALACCELERATOR_LISTENER: ResourceType; /** AWS GlobalAccelerator endpoint group */ static readonly GLOBALACCELERATOR_ENDPOINT_GROUP: ResourceType; /** AWS GlobalAccelerator accelerator */ static readonly GLOBALACCELERATOR_ACCELERATOR: ResourceType; /** AWS Glue Job */ static readonly GLUE_JOB: ResourceType; /** AWS Glue Classifier */ static readonly GLUE_CLASSIFIER: ResourceType; /** AWS Glue machine learning transform */ static readonly GLUE_ML_TRANSFORM: ResourceType; /** AWS IAM user */ static readonly IAM_USER: ResourceType; /** AWS IAM group */ static readonly IAM_GROUP: ResourceType; /** AWS IAM role */ static readonly IAM_ROLE: ResourceType; /** AWS IAM policy */ static readonly IAM_POLICY: ResourceType; /** AWS IAM AccessAnalyzer analyzer */ static readonly IAM_ACCESSANALYZER_ANALYZER: ResourceType; /** AWS IoT authorizer */ static readonly IOT_AUTHORIZER: ResourceType; /** AWS IoT security profile */ static readonly IOT_SECURITY_PROFILE: ResourceType; /** AWS IoT role alias */ static readonly IOT_ROLE_ALIAS: ResourceType; /** AWS IoT dimension */ static readonly IOT_DIMENSION: ResourceType; /** AWS IoT policy */ static readonly IOT_POLICY: ResourceType; /** AWS IoT mitigation action */ static readonly IOT_MITIGATION_ACTION: ResourceType; /** AWS IoT TwinMaker workspace */ static readonly IOT_TWINMAKER_WORKSPACE: ResourceType; /** AWS IoT TwinMaker entity */ static readonly IOT_TWINMAKER_ENTITY: ResourceType; /** AWS IoT Analytics datastore */ static readonly IOT_ANALYTICS_DATASTORE: ResourceType; /** AWS IoT Analytics dataset */ static readonly IOT_ANALYTICS_DATASET: ResourceType; /** AWS IoT Analytics pipeline */ static readonly IOT_ANALYTICS_PIPELINE: ResourceType; /** AWS IoT Analytics channel */ static readonly IOT_ANALYTICS_CHANNEL: ResourceType; /** AWS IoT Events Input */ static readonly IOT_EVENTS_INPUT: ResourceType; /** AWS IoT Events Detector Model */ static readonly IOT_EVENTS_DETECTOR_MODEL: ResourceType; /** AWS IoT Events Alarm Model */ static readonly IOT_EVENTS_ALARM_MODEL: ResourceType; /** AWS IoT SiteWise dashboard */ static readonly IOT_SITEWISE_DASHBOARD: ResourceType; /** AWS IoT SiteWise project */ static readonly IOT_SITEWISE_PROJECT: ResourceType; /** AWS IoT SiteWise portal */ static readonly IOT_SITEWISE_PORTAL: ResourceType; /** AWS IoT SiteWise asset model */ static readonly IOT_SITEWISE_ASSETMODEL: ResourceType; /** AWS KMS Key */ static readonly KMS_KEY: ResourceType; /** AWS Lambda function */ static readonly LAMBDA_FUNCTION: ResourceType; /** AWS Network Firewall Firewall */ static readonly NETWORK_FIREWALL_FIREWALL: ResourceType; /** AWS Network Firewall Firewall Policy */ static readonly NETWORK_FIREWALL_FIREWALL_POLICY: ResourceType; /** AWS Network Firewall Rule Group */ static readonly NETWORK_FIREWALL_RULE_GROUP: ResourceType; /** AWS ResilienceHub resiliency policy */ static readonly RESILIENCEHUB_RESILIENCY_POLICY: ResourceType; /** AWS Secrets Manager secret */ static readonly SECRETS_MANAGER_SECRET: ResourceType; /** AWS Service Catalog CloudFormation product */ static readonly SERVICE_CATALOG_CLOUDFORMATION_PRODUCT: ResourceType; /** AWS Service Catalog CloudFormation provisioned product */ static readonly SERVICE_CATALOG_CLOUDFORMATION_PROVISIONED_PRODUCT: ResourceType; /** AWS Service Catalog portfolio */ static readonly SERVICE_CATALOG_PORTFOLIO: ResourceType; /** AWS Shield protection */ static readonly SHIELD_PROTECTION: ResourceType; /** AWS Shield regional protection */ static readonly SHIELD_REGIONAL_PROTECTION: ResourceType; /** AWS StepFunctions activity */ static readonly STEPFUNCTIONS_ACTIVITY: ResourceType; /** AWS StepFunctions state machine */ static readonly STEPFUNCTIONS_STATE_MACHINE: ResourceType; /** AWS Systems Manager managed instance inventory */ static readonly SYSTEMS_MANAGER_MANAGED_INSTANCE_INVENTORY: ResourceType; /** AWS Systems Manager patch compliance */ static readonly SYSTEMS_MANAGER_PATCH_COMPLIANCE: ResourceType; /** AWS Systems Manager association compliance */ static readonly SYSTEMS_MANAGER_ASSOCIATION_COMPLIANCE: ResourceType; /** AWS Systems Manager file data */ static readonly SYSTEMS_MANAGER_FILE_DATA: ResourceType; /** AWS Transfer workflow */ static readonly TRANSFER_WORKFLOW: ResourceType; /** AWS WAF rate based rule */ static readonly WAF_RATE_BASED_RULE: ResourceType; /** AWS WAF rule */ static readonly WAF_RULE: ResourceType; /** AWS WAF web ACL */ static readonly WAF_WEB_ACL: ResourceType; /** AWS WAF rule group */ static readonly WAF_RULE_GROUP: ResourceType; /** AWS WAF regional rate based rule */ static readonly WAF_REGIONAL_RATE_BASED_RULE: ResourceType; /** AWS WAF regional rule */ static readonly WAF_REGIONAL_RULE: ResourceType; /** AWS WAF web ACL */ static readonly WAF_REGIONAL_WEB_ACL: ResourceType; /** AWS WAF regional rule group */ static readonly WAF_REGIONAL_RULE_GROUP: ResourceType; /** AWS WAFv2 web ACL */ static readonly WAFV2_WEB_ACL: ResourceType; /** AWS WAFv2 rule group */ static readonly WAFV2_RULE_GROUP: ResourceType; /** AWS WAFv2 managed rule set */ static readonly WAFV2_MANAGED_RULE_SET: ResourceType; /** AWS WAFv2 ip set */ static readonly WAFV2_IP_SET: ResourceType; /** AWS WAFv2 regex pattern set */ static readonly WAFV2_REGEX_PATTERN_SET: ResourceType; /** AWS X-Ray encryption configuration */ static readonly XRAY_ENCRYPTION_CONFIGURATION: ResourceType; /** AWS ELB classic load balancer */ static readonly ELB_LOAD_BALANCER: ResourceType; /** AWS ELBv2 network load balancer or AWS ELBv2 application load balancer */ static readonly ELBV2_LOAD_BALANCER: ResourceType; /** AWS ELBv2 application load balancer listener */ static readonly ELBV2_LISTENER: ResourceType; /** AWS Elemental MediaPackage packaging group */ static readonly MEDIAPACKAGE_PACKAGING_GROUP: ResourceType; /** AWS Device Farm Test Grid Project */ static readonly DEVICE_FARM_TEST_GRID_PROJECT: ResourceType; /** AWS Budgets Budgets Action */ static readonly BUDGETS_BUDGETS_ACTION: ResourceType; /** Amazon Lex Bot */ static readonly LEX_BOT: ResourceType; /** Amazon Lex Bot Alias */ static readonly LEX_BOT_ALIAS: ResourceType; /** Amazon CodeGuru Reviewer Repository Association */ static readonly CODE_GURU_REVIEWER_REPOSITORY_ASSOCIATION: ResourceType; /** AWS IoT Custom Metric */ static readonly IOT_CUSTOM_METRIC: ResourceType; /** AWS IoT Account Audit Configuration */ static readonly IOT_ACCOUNT_AUDIT_CONFIGURATION: ResourceType; /** AWS IoT Scheduled Audit */ static readonly IOT_SCHEDULED_AUDIT: ResourceType; /** Amazon Route53 Resolver Firewall Domain List */ static readonly ROUTE53_RESOLVER_FIREWALL_DOMAIN_LIST: ResourceType; /** AWS RoboMaker Robot Application Version */ static readonly ROBO_MAKER_ROBOT_APPLICATION_VERSION: ResourceType; /** EC2 Traffic Mirror Session */ static readonly EC2_TRAFFIC_MIRROR_SESSION: ResourceType; /** EC2 Traffic Mirror Target */ static readonly EC2_TRAFFIC_MIRROR_TARGET: ResourceType; /** AWS IoT SiteWise Gateway */ static readonly IOT_SITEWISE_GATEWAY: ResourceType; /** AWS Lookout Metrics Alert */ static readonly LOOKOUT_METRICS_ALERT: ResourceType; /** Amazon S3 Storage Lens */ static readonly S3_STORAGE_LENS: ResourceType; /** Amazon EventBridge Connection */ static readonly EVENTS_CONNECTION: ResourceType; /** Amazon EventBridge Schemas Schema */ static readonly EVENT_SCHEMAS_SCHEMA: ResourceType; /** AWS Elemental MediaPackage Packaging Configuration */ static readonly MEDIA_PACKAGE_PACKAGING_CONFIGURATION: ResourceType; /** Amazon AppStream Directory Config */ static readonly APP_STREAM_DIRECTORY_CONFIG: ResourceType; /** EC2 Auto Scaling Warm Pool */ static readonly AUTO_SCALING_WARM_POOL: ResourceType; /** Amazon Connect Phone Number */ static readonly CONNECT_PHONE_NUMBER: ResourceType; /** Amazon Connect Customer Profiles Domain */ static readonly CUSTOMER_PROFILES_DOMAIN: ResourceType; /** EC2 DHCP Options */ static readonly EC2_DHCP_OPTIONS: ResourceType; /** EC2 IPAM */ static readonly EC2_IPAM: ResourceType; /** EC2 Network Insights Path */ static readonly EC2_NETWORK_INSIGHTS_PATH: ResourceType; /** EC2 Traffic Mirror Filter */ static readonly EC2_TRAFFIC_MIRROR_FILTER: ResourceType; /** Amazon EventBridge Events Rule */ static readonly EVENTS_RULE: ResourceType; /** AWS HealthLake FHIR Datastore */ static readonly HEALTH_LAKE_FHIR_DATASTORE: ResourceType; /** AWS IoT Twin Maker Scene */ static readonly IOT_TWIN_MAKER_SCENE: ResourceType; /** Amazon Kinesis Video Streams Signaling Channel */ static readonly KINESIS_VIDEO_SIGNALING_CHANNEL: ResourceType; /** Amazon Lookout Vision Project */ static readonly LOOKOUT_VISION_PROJECT: ResourceType; /** AWS Network Manager Transit Gateway Registration */ static readonly NETWORK_MANAGER_TRANSIT_GATEWAY_REGISTRATION: ResourceType; /** Amazon Pinpoint Application Settings */ static readonly PINPOINT_APPLICATION_SETTINGS: ResourceType; /** Amazon Pinpoint Segment */ static readonly PINPOINT_SEGMENT: ResourceType; /** AWS RoboMaker Robot Application */ static readonly ROBO_MAKER_ROBOT_APPLICATION: ResourceType; /** AWS RoboMaker Simulation Application */ static readonly ROBO_MAKER_SIMULATION_APPLICATION: ResourceType; /** Amazon Route53 Recovery Control Cluster */ static readonly ROUTE53_RECOVERY_CONTROL_CLUSTER: ResourceType; /** Amazon Route53 Recovery Control Control Panel */ static readonly ROUTE53_RECOVERY_CONTROL_CONTROL_PANEL: ResourceType; /** Amazon Route53 Recovery Control Routing Control */ static readonly ROUTE53_RECOVERY_CONTROL_ROUTING_CONTROL: ResourceType; /** Amazon Route53 Recovery Control Safety Rule */ static readonly ROUTE53_RECOVERY_CONTROL_SAFETY_RULE: ResourceType; /** Amazon Route53 Recovery Readiness Resource Set */ static readonly ROUTE53_RECOVERY_READINESS_RESOURCE_SET: ResourceType; /** Amazon Route53 Resolver Firewall Rule Group Association */ static readonly ROUTE53_RESOLVER_FIREWALL_RULE_GROUP_ASSOCIATION: ResourceType; /** EC2 EC2 Fleet */ static readonly EC2_EC2_FLEET: ResourceType; /** AWS IoTWireless Service Profile */ static readonly IOT_WIRELESS_SERVICE_PROFILE: ResourceType; /** EC2 Subnet Route Table Association */ static readonly EC2_SUBNET_ROUTE_TABLE_ASSOCIATION: ResourceType; /** AWS Network Manager Global Network */ static readonly NETWORK_MANAGER_GLOBAL_NETWORK: ResourceType; /** AWS DeviceFarm Instance Profile */ static readonly DEVICE_FARM_INSTANCE_PROFILE: ResourceType; /** AWS GroundStation Config */ static readonly GROUND_STATION_CONFIG: ResourceType; /** Amazon AppFlow Flow */ static readonly APP_FLOW_FLOW: ResourceType; /** Amazon Redshift Scheduled Action */ static readonly REDSHIFT_SCHEDULED_ACTION: ResourceType; /** Amazon Pinpoint App */ static readonly PINPOINT_APP: ResourceType; /** AWS IoT Fleet Metric */ static readonly IOT_FLEET_METRIC: ResourceType; /** AWS AppConfig Deployment Strategy */ static readonly APP_CONFIG_DEPLOYMENT_STRATEGY: ResourceType; /** AWS Network Manager Device */ static readonly NETWORK_MANAGER_DEVICE: ResourceType; /** EC2 Image Builder Image Pipeline */ static readonly IMAGE_BUILDER_IMAGE_PIPELINE: ResourceType; /** Amazon CloudWatch Metric Stream */ static readonly CLOUD_WATCH_METRIC_STREAM: ResourceType; /** AWS Panorama Package */ static readonly PANORAMA_PACKAGE: ResourceType; /** Amazon SageMaker Image */ static readonly SAGE_MAKER_IMAGE: ResourceType; /** Amazon ECR PullThrough Cache Rule */ static readonly ECR_PULL_THROUGH_CACHE_RULE: ResourceType; /** AWS AuditManager Assessment */ static readonly AUDIT_MANAGER_ASSESSMENT: ResourceType; /** AWS NetworkManager Site */ static readonly NETWORK_MANAGER_SITE: ResourceType; /** Amazon SageMaker AppImageConfig */ static readonly SAGE_MAKER_APP_IMAGE_CONFIG: ResourceType; /** AWS DeviceFarm Project */ static readonly DEVICE_FARM_PROJECT: ResourceType; /** AWS NetworkManager Link */ static readonly NETWORK_MANAGER_LINK: ResourceType; /** AWS NetworkFirewall TLSInspectionConfiguration */ static readonly NETWORK_FIREWALL_TLS_INSPECTION_CONFIGURATION: ResourceType; /** AWS Amplify App */ static readonly AMPLIFY_APP: ResourceType; /** AWS AppMesh VirtualNode */ static readonly APP_MESH_VIRTUAL_NODE: ResourceType; /** AWS AppMesh VirtualService */ static readonly APP_MESH_VIRTUAL_SERVICE: ResourceType; /** AWS AppRunner VpcConnector */ static readonly APP_RUNNER_VPC_CONNECTOR: ResourceType; /** Amazon AppStream Application */ static readonly APP_STREAM_APPLICATION: ResourceType; /** Amazon KeySpaces Cassandra Keyspace */ static readonly CASSANDRA_KEYSPACE: ResourceType; /** AWS CodeArtifact Repository */ static readonly CODE_ARTIFACT_REPOSITORY: ResourceType; /** EC2 PrefixList */ static readonly EC2_PREFIX_LIST: ResourceType; /** EC2 SpotFleet */ static readonly EC2_SPOT_FLEET: ResourceType; /** Amazon ECS TaskSet */ static readonly ECS_TASK_SET: ResourceType; /** Amazon CloudWatch Evidently Project */ static readonly EVIDENTLY_PROJECT: ResourceType; /** Amazon Forecast Dataset */ static readonly FORECAST_DATASET: ResourceType; /** AWS IAM SAMLProvider */ static readonly IAM_SAML_PROVIDER: ResourceType; /** AWS IAM ServerCertificate */ static readonly IAM_SERVER_CERTIFICATE: ResourceType; /** Amazon Data Firehose DeliveryStream */ static readonly KINESIS_FIREHOSE_DELIVERY_STREAM: ResourceType; /** Amazon Pinpoint Campaign */ static readonly PINPOINT_CAMPAIGN: ResourceType; /** Amazon Pinpoint InAppTemplate */ static readonly PINPOINT_IN_APP_TEMPLATE: ResourceType; /** AWS Signer SigningProfile */ static readonly SIGNER_SIGNING_PROFILE: ResourceType; /** Amazon SageMaker Domain */ static readonly SAGEMAKER_DOMAIN: ResourceType; /** AWS Transfer Agreement */ static readonly TRANSFER_AGREEMENT: ResourceType; /** AWS Transfer Connector */ static readonly TRANSFER_CONNECTOR: ResourceType; /** AWS Private Certificate Authority CertificateAuthority */ static readonly ACMPCA_CERTIFICATE_AUTHORITY: ResourceType; /** AWS AppConfig HostedConfigurationVersion */ static readonly APP_CONFIG_HOSTED_CONFIGURATION_VERSION: ResourceType; /** AWS AppMesh VirtualGateway */ static readonly APP_MESH_VIRTUAL_GATEWAY: ResourceType; /** AWS AppMesh VirtualRouter */ static readonly APP_MESH_VIRTUAL_ROUTER: ResourceType; /** AWS AppRunner Service */ static readonly APP_RUNNER_SERVICE: ResourceType; /** Amazon Connect CustomerProfiles ObjectType */ static readonly CUSTOMER_PROFILES_OBJECT_TYPE: ResourceType; /** AWS DMS Endpoint */ static readonly DMS_ENDPOINT: ResourceType; /** EC2 CapacityReservation */ static readonly EC2_CAPACITY_RESERVATION: ResourceType; /** EC2 ClientVpnEndpoint */ static readonly EC2_CLIENT_VPN_ENDPOINT: ResourceType; /** Amazon Kendra Index */ static readonly KENDRA_INDEX: ResourceType; /** Amazon Kinesis Video Stream */ static readonly KINESIS_VIDEO_STREAM: ResourceType; /** Amazon CloudWatch Logs Destination */ static readonly LOGS_DESTINATION: ResourceType; /** AWS NetworkManager CustomerGatewayAssociation */ static readonly NETWORK_MANAGER_CUSTOMER_GATEWAY_ASSOCIATION: ResourceType; /** AWS NetworkManager LinkAssociation */ static readonly NETWORK_MANAGER_LINK_ASSOCIATION: ResourceType; /** Amazon Pinpoint EmailChannel */ static readonly PINPOINT_EMAIL_CHANNEL: ResourceType; /** Amazon S3 AccessPoint */ static readonly S3_ACCESS_POINT: ResourceType; /** AWS Amplify Branch */ static readonly AMPLIFY_BRANCH: ResourceType; /** Amazon AppIntegrations EventIntegration */ static readonly APP_INTEGRATIONS_EVENT_INTEGRATION: ResourceType; /** AWS AppMesh Route */ static readonly APP_MESH_ROUTE: ResourceType; /** Amazon Athena PreparedStatement */ static readonly ATHENA_PREPARED_STATEMENT: ResourceType; /** EC2 IPAMScope */ static readonly EC2_IPAM_SCOPE: ResourceType; /** Amazon CloudWatch Evidently Launch */ static readonly EVIDENTLY_LAUNCH: ResourceType; /** Amazon Forecast DatasetGroup */ static readonly FORECAST_DATASET_GROUP: ResourceType; /** AWS IoT Greengrass Version2 ComponentVersion */ static readonly GREENGRASSV2_COMPONENT_VERSION: ResourceType; /** AWS GroundStation MissionProfile */ static readonly GROUNDSTATION_MISSION_PROFILE: ResourceType; /** AWS Elemental MediaConnect FlowEntitlement */ static readonly MEDIACONNECT_FLOW_ENTITLEMENT: ResourceType; /** AWS Elemental MediaConnect FlowVpcInterface */ static readonly MEDIACONNECT_FLOW_VPC_INTERFACE: ResourceType; /** AWS Elemental MediaTailor PlaybackConfiguration */ static readonly MEDIATAILOR_PLAYBACK_CONFIGURATION: ResourceType; /** Amazon MSK Configuration */ static readonly MSK_CONFIGURATION: ResourceType; /** Amazon Personalize Dataset */ static readonly PERSONALIZE_DATASET: ResourceType; /** Amazon Personalize Schema */ static readonly PERSONALIZE_SCHEMA: ResourceType; /** Amazon Personalize Solution */ static readonly PERSONALIZE_SOLUTION: ResourceType; /** Amazon Pinpoint EmailTemplate */ static readonly PINPOINT_EMAIL_TEMPLATE: ResourceType; /** Amazon Pinpoint EventStream */ static readonly PINPOINT_EVENT_STREAM: ResourceType; /** AWS ResilienceHub App */ static readonly RESILIENCEHUB_APP: ResourceType; /** Amazon CodeGuruP rofiler ProfilingGroup */ static readonly CODE_GURU_PROFILER_PROFILING_GROUP: ResourceType; /** AWS Elemental MediaConnect FlowSource */ static readonly MEDIA_CONNECT_FLOW_SOURCE: ResourceType; /** AWS Transfer Family Certificate */ static readonly TRANSFER_CERTIFICATE: ResourceType; /** Amazon Managed Service for Prometheus RuleGroupsNamespace */ static readonly APS_RULE_GROUPS_NAMESPACE: ResourceType; /** AWS Batch SchedulingPolicy */ static readonly BATCH_SCHEDULING_POLICY: ResourceType; /** AWS Cloud Map Instance */ static readonly SERVICE_DISCOVERY_INSTANCE: ResourceType; /** Amazon Route53 Resolver ResolverQueryLoggingConfig */ static readonly ROUTE53_RESOLVER_QUERY_LOGGING_CONFIG: ResourceType; /** Amazon Route53 Resolver ResolverQueryLoggingConfigAssociation */ static readonly ROUTE53_RESOLVER_QUERY_LOGGING_CONFIG_ASSOCIATION: ResourceType; /** AWS IoT JobTemplate */ static readonly IOT_JOB_TEMPLATE: ResourceType; /** AWS IoT TwinMaker ComponentType */ static readonly IOT_TWIN_MAKER_COMPONENT_TYPE: ResourceType; /** AWS IoT Wireless MulticastGroup */ static readonly IOT_WIRELESS_MULTICAST_GROUP: ResourceType; /** Amazon Personalize DatasetGroup */ static readonly PERSONALIZE_DATASET_GROUP: ResourceType; /** AWS IoT ProvisioningTemplate */ static readonly IOT_PROVISIONING_TEMPLATE: ResourceType; /** AWS IoT Wireless FuotaTask */ static readonly IOT_WIRELESS_FUOTA_TASK: ResourceType; /** Amazon MSK BatchScramSecret */ static readonly MSK_BATCH_SCRAM_SECRET: ResourceType; /** Amazon SageMaker FeatureGroup */ static readonly SAGEMAKER_FEATURE_GROUP: ResourceType; /** AWS CodeBuild ReportGroup */ static readonly CODE_BUILD_REPORT_GROUP: ResourceType; /** Amazon AppStream Stack */ static readonly APP_STREAM_STACK: ResourceType; /** Amazon Inspector Filter */ static readonly INSPECTORV2_FILTER: ResourceType; /** Amazon AppStream Fleet */ static readonly APP_STREAM_FLEET: ResourceType; /** Amazon Managed Grafana Workspace */ static readonly GRAFANA_WORKSPACE: ResourceType; /** AWS KMS Alias */ static readonly KMS_ALIAS: ResourceType; /** Amazon RDS OptionGroup */ static readonly RDS_OPTION_GROUP: ResourceType; /** AWS Route53 Resolver FirewallRuleGroup */ static readonly ROUTE53_RESOLVER_FIREWALL_RULE_GROUP: ResourceType; /** AWS IAM InstanceProfile */ static readonly IAM_INSTANCE_PROFILE: ResourceType; /** AWS NetworkManager ConnectPeer */ static readonly NETWORK_MANAGER_CONNECT_PEER: ResourceType; /** AWS Private Certificate Authority CertificateAuthorityActivation */ static readonly ACMPCA_CERTIFICATE_AUTHORITY_ACTIVATION: ResourceType; /** AWS AppMesh GatewayRoute */ static readonly APP_MESH_GATEWAY_ROUTE: ResourceType; /** AWS AppMesh Mesh */ static readonly APP_MESH_MESH: ResourceType; /** Amazon Connect QuickConnect */ static readonly CONNECT_QUICK_CONNECT: ResourceType; /** EC2 CarrierGateway */ static readonly EC2_CARRIER_GATEWAY: ResourceType; /** EC2 TransitGatewayConnect */ static readonly EC2_TRANSIT_GATEWAY_CONNECT: ResourceType; /** Amazon ECS CapacityProvider */ static readonly ECS_CAPACITY_PROVIDER: ResourceType; /** AWS IoT CACertificate */ static readonly IOT_CA_CERTIFICATE: ResourceType; /** AWS IoT TwinMaker SyncJob */ static readonly IOT_TWIN_MAKER_SYNC_JOB: ResourceType; /** Amazon Managed Streaming for Apache Kafka Connect Connector */ static readonly KAFKA_CONNECT_CONNECTOR: ResourceType; /** AWS Lambda CodeSigningConfig */ static readonly LAMBDA_CODE_SIGNING_CONFIG: ResourceType; /** AWS Resource Explorer Index */ static readonly RESOURCE_EXPLORER2_INDEX: ResourceType; /** Amazon Connect Instance */ static readonly CONNECT_INSTANCE: ResourceType; /** EC2 IPAMPool */ static readonly EC2_IPAM_POOL: ResourceType; /** EC2 TransitGatewayMulticastDomain */ static readonly EC2_TRANSIT_GATEWAY_MULTICAST_DOMAIN: ResourceType; /** A custom resource type to support future cases. */ static of(type: string): ResourceType; /** * Valid value of resource type. */ readonly complianceResourceType: string; private constructor(); } export {};