List of managed rules by cloud service - Rules| Alibaba Cloud Documentation Center

Cloud Config provides various managed rules. You can create a rule based on a managed rule.

If you require other managed rules, submit ticket. If the requested rules are appropriate, Alibaba Cloud will support them and implement the rules with universal applicability as managed rules.

The following table describes the managed rules that are provided by Cloud Config.


Cloud service	Managed rule	Name of the supported OOS template for automatic remediation
Alibaba Cloud CDN (CDN)	cdn-domain-https-enabled	ACS-CDN-SetDomainServerCertificate
ActionTrail	actiontrail-enabled	N/A
ActionTrail	actiontrail-trail-intact-enabled	N/A
Elastic Compute Service (ECS)	ecs-disk-encrypted	N/A
	ecs-instance-expired-check	N/A
	ecs-instances-in-vpc	N/A
	ecs-cpu-min-count-limit	N/A
	ecs-desired-instance-type	N/A
	ecs-gpu-min-count-limit	N/A
	ecs-memory-min-size-limit	N/A
	ecs-disk-in-use	N/A
	ecs-instance-no-public-ip	N/A
	eip-attached	N/A
	ecs-instance-imageId-check	N/A
	ecs-instance-attached-security-group	N/A
	ecs-instance-deletion-protection-enabled	ACS-ECS-BulkyEnableDeletionProtection
	ecs-command-exclude-sensitive-content	N/A
	ecs-instance-status-no-stopped	N/A
	sg-public-access-check	N/A
	sg-risky-ports-check	N/A
Dedicated Host	ddh-cpu-min-count-limit	N/A
	ddh-memory-min-size-limit	N/A
	ddh-socket-min-count-limit	N/A
Elastic IP Address (EIP)	eip-bandwidth-limit	N/A
ApsaraDB RDS	rds-min-maxiops-limit	N/A
	rds-desired-instance-type	N/A
	rds-instances-in-vpc	N/A
	rds-memory-min-size-limit	N/A
	rds-cpu-min-count-limit	N/A
	rds-instance-storage-min-size-limit	N/A
	rds-high-availability-category	N/A
	rds-multi-az-support	N/A
	rds-public-access-check	ACS-RDS-ReleaseInstancePublicConnection
	rds-instance-enabled-ssl	N/A
	rds-instance-enabled-tde	N/A
	rds-instance-enabled-security-ip-list	ACS-RDS-BulkyModifySecurityIpsByInstanceIPArray
	rds-dbinstance-nettype-intranet-limit	N/A
	rds-connectionmode-safe-enabled	N/A
ApsaraDB for Redis	redis-min-qps-limit	N/A
	redis-min-bandwidth-limit	N/A
	redis-min-capacity-limit	N/A
	redis-instance-in-vpc	N/A
	redis-public-access-check	ACS-Redis-BulkyDeleteSecurityIpFromInstanceIPArray
	redis-architecturetype-cluster-check	N/A
ApsaraDB for MongoDB	mongodb-instance-in-vpc	N/A
	mongodb-public-access-check	N/A
	mongodb-min-maxiops-limit	N/A
	mongodb-min-maxconnections-limit	N/A
PolarDB	polardb-dbcluster-in-vpc	N/A
PolarDB	polardb-public-access-check	N/A
Object Storage Service (OSS)	oss-bucket-public-read-prohibited	ACS-OSS-PutBucketAcl
	oss-bucket-public-write-prohibited	ACS-OSS-PutBucketAcl
	oss-zrs-enabled	N/A
	oss-bucket-versioning-enabled	N/A
	oss-bucket-logging-enabled	N/A
	oss-default-encryption-kms	N/A
	oss-bucket-server-side-encryption-enabled	ACS-OSS-PutBucketEncryption
	oss-bucket-name-regex-match	N/A
	oss-bucket-referer-enabled	N/A
Resource Access Management (RAM)	ram-user-login-check	N/A
	ram-password-policy-check	ACS-RAM-SetPasswordPolicy
	ram-policy-in-use-check	N/A
	ram-risky-policy-user-mfa-check	N/A
	ram-group-has-member-check	N/A
	ram-policy-no-statements-with-admin-access-check	N/A
	ram-user-no-policy-check	N/A
	ram-user-group-membership-check	N/A
	ram-user-last-login-expired-check	N/A
	ram-user-mfa-check	ACS-ECS-BulkyUpdateLoginProfile
	ram-user-ak-create-date-expired-check	N/A
	ram-user-ak-used-expired-check	N/A
	ram-user-invalid-ak-check	N/A
	root-ak-check	N/A
	root-mfa-check	N/A
Tag management Note For more information about the Alibaba Cloud services that support tags, see Services that work with Tag.	required-tags	ACS-TAG-TagResources
	required-any-tags	N/A
	contains-tag	N/A
Virtual Private Cloud (VPC)	vpn-ipsec-connection-status-check	N/A
	vpn-ipsec-connection-health-check-open	N/A
	vpc-flow-logs-enabled	N/A
Server Load Balancer (SLB)	slb-loadbalancer-bandwidth-limit	N/A
	slb-acl-public-access-check	N/A
	slb-aliyun-certificate-required	N/A
	slb-listener-https-enabled	N/A
	slb-no-public-ip	N/A
	slb-delete-protection-enabled	ACS-SLB-BulkySetLoadBalancerDeleteProtection
	slb-loadbalancer-in-vpc	N/A
	slb-status-active-check	N/A
	slb-modify-protection-check	ACS-SLB-BulkySetLoadBalancerModificationProtection
	slb-server-certificate-expired	N/A
	slb-instance-expired-check	N/A
	slb-instance-autorenewal-check	N/A
	slb-instance-loadbalancerspec-check	N/A
	slb-backendserver-weight-check	N/A
Resource Management	resource-region-limit	N/A
Container Service for Kubernetes (ACK)	ack-cluster-public-endpoint-check	N/A
	ack-cluster-deletion-protection-enabled	N/A
	ack-cluster-network-type-check	N/A
	ack-cluster-node-monitorenabled	N/A
Security Center (SAS)	security-center-version-check	N/A
Security Center (SAS)	security-center-notice-config-check	N/A