Cloud Config provides various managed rules. You can create a rule based on a managed rule.

If you require other managed rules, submit ticket. If the requested rules are appropriate, Alibaba Cloud will support them and implement the rules with universal applicability as managed rules.

The following table describes the managed rules that are provided by Cloud Config.
Cloud service Managed rule Name of the supported OOS template for automatic remediation
Alibaba Cloud CDN (CDN) cdn-domain-https-enabled ACS-CDN-SetDomainServerCertificate
ActionTrail actiontrail-enabled N/A
actiontrail-trail-intact-enabled N/A
Elastic Compute Service (ECS) ecs-disk-encrypted N/A
ecs-instance-expired-check N/A
ecs-instances-in-vpc N/A
ecs-cpu-min-count-limit N/A
ecs-desired-instance-type N/A
ecs-gpu-min-count-limit N/A
ecs-memory-min-size-limit N/A
ecs-disk-in-use N/A
ecs-instance-no-public-ip N/A
eip-attached N/A
ecs-instance-imageId-check N/A
ecs-instance-attached-security-group N/A
ecs-instance-deletion-protection-enabled ACS-ECS-BulkyEnableDeletionProtection
ecs-command-exclude-sensitive-content N/A
ecs-instance-status-no-stopped N/A
sg-public-access-check N/A
sg-risky-ports-check N/A
Dedicated Host ddh-cpu-min-count-limit N/A
ddh-memory-min-size-limit N/A
ddh-socket-min-count-limit N/A
Elastic IP Address (EIP) eip-bandwidth-limit N/A
ApsaraDB RDS rds-min-maxiops-limit N/A
rds-desired-instance-type N/A
rds-instances-in-vpc N/A
rds-memory-min-size-limit N/A
rds-cpu-min-count-limit N/A
rds-instance-storage-min-size-limit N/A
rds-high-availability-category N/A
rds-multi-az-support N/A
rds-public-access-check ACS-RDS-ReleaseInstancePublicConnection
rds-instance-enabled-ssl N/A
rds-instance-enabled-tde N/A
rds-instance-enabled-security-ip-list ACS-RDS-BulkyModifySecurityIpsByInstanceIPArray
rds-dbinstance-nettype-intranet-limit N/A
rds-connectionmode-safe-enabled N/A
ApsaraDB for Redis redis-min-qps-limit N/A
redis-min-bandwidth-limit N/A
redis-min-capacity-limit N/A
redis-instance-in-vpc N/A
redis-public-access-check ACS-Redis-BulkyDeleteSecurityIpFromInstanceIPArray
redis-architecturetype-cluster-check N/A
ApsaraDB for MongoDB mongodb-instance-in-vpc N/A
mongodb-public-access-check N/A
mongodb-min-maxiops-limit N/A
mongodb-min-maxconnections-limit N/A
PolarDB polardb-dbcluster-in-vpc N/A
polardb-public-access-check N/A
Object Storage Service (OSS) oss-bucket-public-read-prohibited ACS-OSS-PutBucketAcl
oss-bucket-public-write-prohibited ACS-OSS-PutBucketAcl
oss-zrs-enabled N/A
oss-bucket-versioning-enabled N/A
oss-bucket-logging-enabled N/A
oss-default-encryption-kms N/A
oss-bucket-server-side-encryption-enabled ACS-OSS-PutBucketEncryption
oss-bucket-name-regex-match N/A
oss-bucket-referer-enabled N/A
Resource Access Management (RAM) ram-user-login-check N/A
ram-password-policy-check ACS-RAM-SetPasswordPolicy
ram-policy-in-use-check N/A
ram-risky-policy-user-mfa-check N/A
ram-group-has-member-check N/A
ram-policy-no-statements-with-admin-access-check N/A
ram-user-no-policy-check N/A
ram-user-group-membership-check N/A
ram-user-last-login-expired-check N/A
ram-user-mfa-check ACS-ECS-BulkyUpdateLoginProfile
ram-user-ak-create-date-expired-check N/A
ram-user-ak-used-expired-check N/A
ram-user-invalid-ak-check N/A
root-ak-check N/A
root-mfa-check N/A
Tag management
Note For more information about the Alibaba Cloud services that support tags, see Services that work with Tag.
required-tags ACS-TAG-TagResources
required-any-tags N/A
contains-tag N/A
Virtual Private Cloud (VPC) vpn-ipsec-connection-status-check N/A
vpn-ipsec-connection-health-check-open N/A
vpc-flow-logs-enabled N/A
Server Load Balancer (SLB) slb-loadbalancer-bandwidth-limit N/A
slb-acl-public-access-check N/A
slb-aliyun-certificate-required N/A
slb-listener-https-enabled N/A
slb-no-public-ip N/A
slb-delete-protection-enabled ACS-SLB-BulkySetLoadBalancerDeleteProtection
slb-loadbalancer-in-vpc N/A
slb-status-active-check N/A
slb-modify-protection-check ACS-SLB-BulkySetLoadBalancerModificationProtection
slb-server-certificate-expired N/A
slb-instance-expired-check N/A
slb-instance-autorenewal-check N/A
slb-instance-loadbalancerspec-check N/A
slb-backendserver-weight-check N/A
Resource Management resource-region-limit N/A
Container Service for Kubernetes (ACK) ack-cluster-public-endpoint-check N/A
ack-cluster-deletion-protection-enabled N/A
ack-cluster-network-type-check N/A
ack-cluster-node-monitorenabled N/A
Security Center (SAS) security-center-version-check N/A
security-center-notice-config-check N/A