Alibaba Cloud CDN (CDN) |
cdn-domain-https-enabled |
ACS-CDN-SetDomainServerCertificate |
ActionTrail |
actiontrail-enabled |
N/A |
actiontrail-trail-intact-enabled |
N/A |
Elastic Compute Service (ECS) |
ecs-disk-encrypted |
N/A |
ecs-instance-expired-check |
N/A |
ecs-instances-in-vpc |
N/A |
ecs-cpu-min-count-limit |
N/A |
ecs-desired-instance-type |
N/A |
ecs-gpu-min-count-limit |
N/A |
ecs-memory-min-size-limit |
N/A |
ecs-disk-in-use |
N/A |
ecs-instance-no-public-ip |
N/A |
eip-attached |
N/A |
ecs-instance-imageId-check |
N/A |
ecs-instance-attached-security-group |
N/A |
ecs-instance-deletion-protection-enabled |
ACS-ECS-BulkyEnableDeletionProtection |
ecs-command-exclude-sensitive-content |
N/A |
ecs-instance-status-no-stopped |
N/A |
sg-public-access-check |
N/A |
sg-risky-ports-check |
N/A |
Dedicated Host |
ddh-cpu-min-count-limit |
N/A |
ddh-memory-min-size-limit |
N/A |
ddh-socket-min-count-limit |
N/A |
Elastic IP Address (EIP) |
eip-bandwidth-limit |
N/A |
ApsaraDB RDS |
rds-min-maxiops-limit |
N/A |
rds-desired-instance-type |
N/A |
rds-instances-in-vpc |
N/A |
rds-memory-min-size-limit |
N/A |
rds-cpu-min-count-limit |
N/A |
rds-instance-storage-min-size-limit |
N/A |
rds-high-availability-category |
N/A |
rds-multi-az-support |
N/A |
rds-public-access-check |
ACS-RDS-ReleaseInstancePublicConnection |
rds-instance-enabled-ssl |
N/A |
rds-instance-enabled-tde |
N/A |
rds-instance-enabled-security-ip-list |
ACS-RDS-BulkyModifySecurityIpsByInstanceIPArray |
rds-dbinstance-nettype-intranet-limit |
N/A |
rds-connectionmode-safe-enabled |
N/A |
ApsaraDB for Redis |
redis-min-qps-limit |
N/A |
redis-min-bandwidth-limit |
N/A |
redis-min-capacity-limit |
N/A |
redis-instance-in-vpc |
N/A |
redis-public-access-check |
ACS-Redis-BulkyDeleteSecurityIpFromInstanceIPArray |
redis-architecturetype-cluster-check |
N/A |
ApsaraDB for MongoDB |
mongodb-instance-in-vpc |
N/A |
mongodb-public-access-check |
N/A |
mongodb-min-maxiops-limit |
N/A |
mongodb-min-maxconnections-limit |
N/A |
PolarDB |
polardb-dbcluster-in-vpc |
N/A |
polardb-public-access-check |
N/A |
Object Storage Service (OSS) |
oss-bucket-public-read-prohibited |
ACS-OSS-PutBucketAcl |
oss-bucket-public-write-prohibited |
ACS-OSS-PutBucketAcl |
oss-zrs-enabled |
N/A |
oss-bucket-versioning-enabled |
N/A |
oss-bucket-logging-enabled |
N/A |
oss-default-encryption-kms |
N/A |
oss-bucket-server-side-encryption-enabled |
ACS-OSS-PutBucketEncryption |
oss-bucket-name-regex-match |
N/A |
oss-bucket-referer-enabled |
N/A |
Resource Access Management (RAM) |
ram-user-login-check |
N/A |
ram-password-policy-check |
ACS-RAM-SetPasswordPolicy |
ram-policy-in-use-check |
N/A |
ram-risky-policy-user-mfa-check |
N/A |
ram-group-has-member-check |
N/A |
ram-policy-no-statements-with-admin-access-check |
N/A |
ram-user-no-policy-check |
N/A |
ram-user-group-membership-check |
N/A |
ram-user-last-login-expired-check |
N/A |
ram-user-mfa-check |
ACS-ECS-BulkyUpdateLoginProfile |
ram-user-ak-create-date-expired-check |
N/A |
ram-user-ak-used-expired-check |
N/A |
ram-user-invalid-ak-check |
N/A |
root-ak-check |
N/A |
root-mfa-check |
N/A |
Tag management
|
required-tags |
ACS-TAG-TagResources |
required-any-tags |
N/A |
contains-tag |
N/A |
Virtual Private Cloud (VPC) |
vpn-ipsec-connection-status-check |
N/A |
vpn-ipsec-connection-health-check-open |
N/A |
vpc-flow-logs-enabled |
N/A |
Server Load Balancer (SLB) |
slb-loadbalancer-bandwidth-limit |
N/A |
slb-acl-public-access-check |
N/A |
slb-aliyun-certificate-required |
N/A |
slb-listener-https-enabled |
N/A |
slb-no-public-ip |
N/A |
slb-delete-protection-enabled |
ACS-SLB-BulkySetLoadBalancerDeleteProtection |
slb-loadbalancer-in-vpc |
N/A |
slb-status-active-check |
N/A |
slb-modify-protection-check |
ACS-SLB-BulkySetLoadBalancerModificationProtection |
slb-server-certificate-expired |
N/A |
slb-instance-expired-check |
N/A |
slb-instance-autorenewal-check |
N/A |
slb-instance-loadbalancerspec-check |
N/A |
slb-backendserver-weight-check |
N/A |
Resource Management |
resource-region-limit |
N/A |
Container Service for Kubernetes (ACK) |
ack-cluster-public-endpoint-check |
N/A |
ack-cluster-deletion-protection-enabled |
N/A |
ack-cluster-network-type-check |
N/A |
ack-cluster-node-monitorenabled |
N/A |
Security Center (SAS) |
security-center-version-check |
N/A |
security-center-notice-config-check |
N/A |