Risorse necessarie per tutti i controlli del Security Hub Risorse richieste per lo standard AWS Foundational Security Best Practices Risorse necessarie per il benchmark CIS AWS Foundations Risorse necessarie per lo standard NIST SP 800-53 Revisione 5 Risorse richieste per lo standard NIST SP 800-171 Revision 2 Risorse richieste per PCI DSS v3.2.1 Risorse necessarie per lo standard AWS Resource Tagging Risorse necessarie per lo standard gestito dai AWS Control Tower servizi

AWS Config Risorse necessarie per i risultati del controllo del Security Hub

Alcuni AWS Security Hub controlli utilizzano AWS Config regole collegate ai servizi che rilevano le modifiche alla configurazione delle risorse. AWS Affinché Security Hub generi risultati accurati per questi controlli, è necessario abilitare AWS Config e attivare la registrazione delle risorse AWS Config. Per informazioni su come Security Hub utilizza AWS Config le regole e su come abilitarle e AWS Config configurarle, vedereAbilitazione e configurazione AWS Config per Security Hub. Per informazioni dettagliate sulla registrazione delle risorse, consulta Lavorare con il registratore di configurazione nella Guida per gli AWS Config sviluppatori.

Per ricevere risultati di controllo accurati, è necessario attivare la registrazione AWS Config delle risorse per i controlli abilitati con un tipo di pianificazione innescato dalla modifica. Alcuni controlli con un tipo di pianificazione periodica richiedono anche la registrazione delle risorse. Questa pagina elenca le risorse necessarie per questi controlli del Security Hub.

I controlli di Security Hub possono basarsi su AWS Config regole gestite o regole Security Hub personalizzate. Assicurati che non esistano policy AWS Identity and Access Management (IAM) o policy AWS Organizations gestite che AWS Config impediscano di avere l'autorizzazione a registrare le tue risorse. I controlli del Security Hub valutano direttamente le configurazioni delle risorse e non tengono conto delle AWS Organizations policy.

Nota

Regioni AWS Se un controllo non è disponibile, la risorsa corrispondente non è disponibile in AWS Config. Per un elenco di questi limiti, consultaLimiti regionali sui controlli Security Hub Security Hub Hub Hub.

Argomenti

Risorse necessarie per tutti i controlli del Security Hub
Risorse richieste per lo standard AWS Foundational Security Best Practices
Risorse necessarie per il benchmark CIS AWS Foundations
Risorse necessarie per lo standard NIST SP 800-53 Revisione 5
Risorse richieste per lo standard NIST SP 800-171 Revision 2
Risorse richieste per PCI DSS v3.2.1
Risorse necessarie per lo standard AWS Resource Tagging
Risorse necessarie per lo standard gestito dai AWS Control Tower servizi

Risorse necessarie per tutti i controlli del Security Hub

Affinché Security Hub generi risultati per i controlli attivati dalle modifiche che sono abilitati e utilizzano una AWS Config regola, è necessario registrare i seguenti tipi di risorse in AWS Config. Questa tabella indica anche quali controlli valutano un particolare tipo di risorsa. Un singolo controllo può valutare più di un tipo di risorsa.

Servizio AWS	Tipi di risorsa	Controlli correlati
AWS Amplify	`AWS::Amplify::App`	Amplif.1
AWS Amplify	`AWS::Amplify::Branch`	Amplif.2
Amazon API Gateway	`AWS::ApiGateway::Stage`	APIGateway1. APIGateway2. APIGateway3. APIGateway4. APIGateway5.
Amazon API Gateway	`AWS::ApiGatewayV2::Stage`	APIGateway1. APIGateway9.
AWS AppConfig	`AWS::AppConfig::Application`	AppConfig1.
	`AWS::AppConfig::ConfigurationProfile`	AppConfig2.
	`AWS::AppConfig::Environment`	AppConfig3.
	`AWS::AppConfig::ExtensionAssociation`	AppConfig4.
Amazon AppFlow	`AWS::AppFlow::Flow`	AppFlow1.
AWS App Runner	`AWS::AppRunner::Service`	AppRunner1.
AWS App Runner	`AWS::AppRunner::VpcConnector`	AppRunner2.
AWS AppSync	`AWS::AppSync::GraphQLApi`	AppSync2. AppSync4. AppSync5.
AWS AppSync	`AWS::AppSync::ApiCache`	AppSync1. AppSync.6
AWS Backup	`AWS::Backup::BackupPlan`	Backup.5
	`AWS::Backup::BackupVault`	Backup.3
	`AWS::Backup::RecoveryPoint`	Backup.1 Backup.2
	`AWS::Backup::ReportPlan`	Backup.4
AWS Batch	`AWS::Batch::ComputeEnvironment`	Batch .3 Batch .4
	`AWS::Batch::JobQueue`	Batch .1
	`AWS::Batch::SchedulingPolicy`	Batch .2
AWS Certificate Manager (ACM)	`AWS::ACM::Certificate`	ACM.1 ACM.2 ACM.3
Amazon Athena	`AWS::Athena::DataCatalog`	Atena.2
Amazon Athena	`AWS::Athena::WorkGroup`	Atena.3 Atena.4
AWS CloudFormation	`AWS::CloudFormation::Stack`	CloudFormation2.
Amazon CloudFront	`AWS::CloudFront::Distribution`	CloudFront1. CloudFront3. CloudFront4. CloudFront5. CloudFront.6 CloudFront.7 CloudFront.8 CloudFront9. CloudFront.10 CloudFront.13 CloudFront.14
AWS CloudTrail	`AWS::CloudTrail::Trail`	CloudTrail9.
Amazon CloudWatch	`AWS::CloudWatch::Alarm`	CloudWatch.15 CloudWatch.17
AWS CodeArtifact	`AWS::CodeArtifact::Repository`	CodeArtifact1.
AWS CodeBuild	`AWS::CodeBuild::Project`	CodeBuild1. CodeBuild2. CodeBuild3. CodeBuild4.
AWS CodeBuild	`AWS::CodeBuild::ReportGroup`	CodeBuild.7
Amazon CodeGuru Profiler	`AWS::CodeGuruProfiler::ProfilingGroup`	CodeGuruProfiler1.
CodeGuru Revisore Amazon	`AWS::CodeGuruReviewer::RepositoryAssociation`	CodeGuruReviewer1.
Amazon Cognito	`AWS::Cognito::UserPool`	Cognito.1
Amazon Connect	`AWS::CustomerProfiles::ObjectType`	Connessione.1
Amazon Connect	`AWS::Connect::Instance`	Connessione.2
AWS DataSync	`AWS::DataSync::Task`	DataSync1. DataSync2.
Amazon Detective	`AWS::Detective::Graph`	Detective .1
AWS Database Migration Service (AWS DMS)	`AWS::DMS::Certificate`	DMS.2
	`AWS::DMS::Endpoint`	DMS.9 DMS.10 DMS.11 DMS.12
	`AWS::DMS::EventSubscription`	DMS.3
	`AWS::DMS::ReplicationInstance`	DMS.4 DMS.6
	`AWS::DMS::ReplicationSubnetGroup`	DMS.5
	`AWS::DMS::ReplicationTask`	DMS.7 DMS.8
Amazon DynamoDB	`AWS::DynamoDB::Table`	DynamoDB.1 DynamoDB.2 Dynamo DB.5 Dynamo DB.6
Amazon Elastic Compute Cloud () EC2	`AWS::EC2::ClientVpnEndpoint`	EC25.1
	`AWS::EC2::CustomerGateway`	EC2,36
	`AWS::EC2::DHCPOptions`	EC2174
	`AWS::EC2::EIP`	EC2.12 EC2,37
	`AWS::EC2::FlowLog`	EC2.48
	`AWS::EC2::Instance`	EC24. EC2.8 EC29. EC2.17 EC2.24 EC2,38 EMR.1 SSM.1
	`AWS::EC2::InternetGateway`	EC2.39
	`AWS::EC2::LaunchTemplate`	EC2.25 EC2170 EC2,175
	`AWS::EC2::NatGateway`	EC2.40
	`AWS::EC2::NetworkAcl`	EC2.16 EC2.21 EC2.41
	`AWS::EC2::NetworkInterface`	EC2.22 EC2.35
	`AWS::EC2::PrefixList`	EC2176
	`AWS::EC2::RouteTable`	EC2,42
	`AWS::EC2::SecurityGroup`	EC22. EC2.13 EC2.14 EC2.18 EC2.19 EC2.43
	`AWS::EC2::SpotFleet`	EC2173
	`AWS::EC2::Subnet`	EC2.15 EC2.44 ElastiCache.7
	`AWS::EC2::TrafficMirrorFilter`	EC2178
	`AWS::EC2::TrafficMirrorSession`	EC2177
	`AWS::EC2::TrafficMirrorTarget`	EC2179
	`AWS::EC2::TransitGateway`	EC2.23 EC2,52
	`AWS::EC2::TransitGatewayAttachment`	EC2.33
	`AWS::EC2::TransitGatewayRouteTable`	EC2.34
	`AWS::EC2::Volume`	EC23. EC2.45
	`AWS::EC2::VPC`	EC2.6 EC2,46
	`AWS::EC2::VPCBlockPublicAccessOptions`	EC2172
	`AWS::EC2::VPCEndpointService`	EC2,47
	`AWS::EC2::VPCPeeringConnection`	EC2.49
	`AWS::EC2::VPNConnection`	EC2.20 EC2171
	`AWS::EC2::VPNGateway`	EC2.50
Amazon EC2 Auto Scaling	`AWS::AutoScaling::AutoScalingGroup`	AutoScaling1. AutoScaling2. AutoScaling.6 AutoScaling9. AutoScaling.10
Amazon EC2 Auto Scaling	`AWS::AutoScaling::LaunchConfiguration`	AutoScaling3. Autoscaling.5
Amazon EC2 Systems Manager (SSM)	`AWS::SSM::AssociationCompliance`	SSM.3
	`AWS::SSM::ManagedInstanceInventory`	SSM.1
	`AWS::SSM::PatchCompliance`	SSM.2
Amazon Elastic Container Registry (Amazon ECR)	`AWS::ECR::PublicRepository`	ECR.4
Amazon Elastic Container Registry (Amazon ECR)	`AWS::ECR::Repository`	ECR.2 ECR.3 ECR.5
Amazon Elastic Container Service (Amazon ECS)	`AWS::ECS::Cluster`	ECS.12 ECS.14
	`AWS::ECS::Service`	ECS.2 ECS.10 ECS.13
	`AWS::ECS::TaskDefinition`	ECS.1 ECS.3 ECS.4 ECS.5 ECS.8 ECS.9 ECS.15 ECS.17
	`AWS::ECS::TaskSet`	ECS.16
Amazon Elastic File System (Amazon EFS)	`AWS::EFS::AccessPoint`	EFS.3 EFS.4 EFS.5
Amazon Elastic File System (Amazon EFS)	`AWS::EFS::FileSystem`	EFS.7 EFS.8
Amazon Elastic Kubernetes Service (Amazon EKS)	`AWS::EKS::Cluster`	EKS.2 EKS.6 EKS.8
Amazon Elastic Kubernetes Service (Amazon EKS)	`AWS::EKS::IdentityProviderConfig`	EKS.7
AWS Elastic Beanstalk	`AWS::ElasticBeanstalk::Environment`	ElasticBeanstalk1. ElasticBeanstalk2. ElasticBeanstalk3.
Sistema di bilanciamento del carico elastico	`AWS::ElasticLoadBalancing::LoadBalancer`	ELB.2 ELB.3 ELB.5 ELB.7 ELB.8 ELB.9 ELB.10 ELB.14
	`AWS::ElasticLoadBalancingV2::Listener`	ELB.17
	`AWS::ElasticLoadBalancingV2::LoadBalancer`	ELB.1 ELB.4 ELB.5 ELB.6 ELB.12 ELB.13 ELB.16
ElasticSearch	`AWS::Elasticsearch::Domain`	ES.3 ES.4 ES.5 ES.6 ES.7 ES.8 ES.9
Amazon EMR	`AWS::EMR::SecurityConfiguration`	EMR.3 EMR.4
Amazon EventBridge	`AWS::Events::EventBus`	EventBridge2. EventBridge3.
Amazon EventBridge	`AWS::Events::Endpoint`	EventBridge4.
Amazon Fraud Detector	`AWS::FraudDetector::EntityType`	FraudDetector1.
	`AWS::FraudDetector::Label`	FraudDetector2.
	`AWS::FraudDetector::Outcome`	FraudDetector3.
	`AWS::FraudDetector::Variable`	FraudDetector4.
AWS Global Accelerator	`AWS::GlobalAccelerator::Accelerator`	GlobalAccelerator1.
AWS Glue	`AWS::Glue::Job`	Glu.1 Glu.4
AWS Glue	`AWS::Glue::MLTransform`	Glu.3
Amazon GuardDuty	`AWS::GuardDuty::Detector`	GuardDuty4.
	`AWS::GuardDuty::Filter`	GuardDuty2.
	`AWS::GuardDuty::IPSet`	GuardDuty3.
AWS Identity and Access Management (IAM)	`AWS::IAM::Group`	IAM.27 KMS.2
	`AWS::IAM::Policy`	IAM.1 IAM.21 KMS.1
	`AWS::IAM::Role`	IAM.24 IAM.27 KMS.2
	`AWS::IAM::User`	IAM.2 IAM.3 IAM.5 IAM.8 IAM.18 IAM.22 IAM.25 IAM.27 KMS.2
AWS Identity and Access Management Access Analyzer	`AWS::AccessAnalyzer::Analyzer`	IAM.23
Amazon Interactive Video Service (Amazon IVS)	`AWS::IVS::PlaybackKeyPair`	IV.1
	`AWS::IVS::RecordingConfiguration`	IV.2
	`AWS::IVS::Channel`	IV.3
AWS IoT	`AWS::IoT::Authorizer`	Io.4
	`AWS::IoT::Dimension`	Io.3
	`AWS::IoT::MitigationAction`	IoT.2
	`AWS::IoT::Policy`	IoT.6
	`AWS::IoT::RoleAlias`	IoT.5
	`AWS::IoT::SecurityProfile`	IoT.1
AWS IoT Events	`AWS::IoTEvents::AlarmModel`	Ios 3TEvents.
	`AWS::IoTEvents::DetectorModel`	TEventsIos 2.
	`AWS::IoTEvents::Input`	Ion. 1 TEvents
AWS IoT SiteWise	`AWS::IoTSiteWise::AssetModel`	Io TSite Wise.1
	`AWS::IoTSiteWise::Dashboard`	Io Saggio.2 TSite
	`AWS::IoTSiteWise::Gateway`	Io Saggio.3 TSite
	`AWS::IoTSiteWise::Portal`	Io Saggio.4 TSite
	`AWS::IoTSiteWise::Project`	Io Saggio.5 TSite
AWS IoT TwinMaker	`AWS::IoTTwinMaker::Entity`	TTwinIo-Maker 4
	`AWS::IoTTwinMaker::Scene`	Io TTwin Maker.3
	`AWS::IoTTwinMaker::SyncJob`	Io TTwin Maker.1
	`AWS::IoTTwinMaker::Workspace`	Io TTwin Maker.2
AWS IoT Wireless	`AWS::IoTWireless::MulticastGroup`	Ios 1TWireless.
	`AWS::IoTWireless::ServiceProfile`	TWirelessIos 2.
	`AWS::IoTWireless::FuotaTask`	TWirelessIos 3.
Amazon Keyspaces (per Apache Cassandra)	`AWS::Cassandra::Keyspace`	Spacing.1
Amazon Kinesis	`AWS::Kinesis::Stream`	Kinesis.1 Kinesis.2 Kinesis.3
AWS Key Management Service (AWS KMS)	`AWS::KMS::Alias`	S3.17
AWS Key Management Service (AWS KMS)	`AWS::KMS::Key`	KMS.3 KS.5 S3.17
AWS Lambda	`AWS::Lambda::Function`	Lambda.1 Lambda.2 Lambda.3 Lambda.5 Lambda.6
MSK Amazon	`AWS::MSK::Cluster`	MSK.1 MSK.2
MSK Amazon	`AWS::KafkaConnect::Connector`	MSK.3
Amazon MQ	`AWS::AmazonMQ::Broker`	MQ. 2 MQ. 3 MQ.4 MQ.5 MQ.6
AWS Network Firewall	`AWS::NetworkFirewall::Firewall`	NetworkFirewall1. NetworkFirewall.7 NetworkFirewall9. NetworkFirewall.10
	`AWS::NetworkFirewall::FirewallPolicy`	NetworkFirewall3. NetworkFirewall4. NetworkFirewall5. NetworkFirewall.8
	`AWS::NetworkFirewall::RuleGroup`	NetworkFirewall.6
OpenSearch Servizio Amazon	`AWS::OpenSearch::Domain`	Opensearch.1 Opensearch.2 Opensearch.3 Opensearch.4 Opensearch.5 Opensearch.6 Opensearch.7 Opensearch.8 Ricerca aperta. 9 Opensearch.10 Opensearch.11
AWS Private CA	`AWS::ACMPCA::CertificateAuthority`	PCA.2
Amazon Relational Database Service (Amazon RDS)	`AWS::RDS::DBCluster`	DocumentDB.1 DocumentDB.2 DocumentDB.4 DocumentDB.5 Neptune.1 Neptune.2 Neptune.4 Neptun.5 Neptune.7 Neptune.8 Neptun.9 RDS.7 RDS.12 RDS.14 RDS.15 RDS.16 RDS.24 RDS.27 RDS.28 RDS.34 RDS.35 RDS.37
	`AWS::RDS::DBClusterSnapshot`	DocumentDB.3 Neptune.3 Neptune.6 RDS.1 RDS.4 RDS.29
	`AWS::RDS::DBInstance`	RDS.2 RDS.3 RDS.5 RDS.6 RDS.8 RDS.9 RDS.10 RDS.11 RDS.13 RDS.17 RDS.18 RDS.23 RDS.25 RDS.30 RDS.36 RDS.40
	`AWS::RDS::DBSecurityGroup`	RDS.31
	`AWS::RDS::DBSnapshot`	RDS.1 RDS.4 RDS.32
	`AWS::RDS::DBSubnetGroup`	RIF. 33
	`AWS::RDS::EventSubscription`	RDS.19 RDS.20 RDS.21 RDS.22
Amazon Redshift	`AWS::Redshift::Cluster`	Redshift.1 Redshift.2 Redshift.3 Redshift.4 Redshift.6 Redshift.7 Redshift.8 Redshift.9 Redshift.10 Redshift.11
	`AWS::Redshift::ClusterParameterGroup`	Redshift.2 Redshift.17
	`AWS::Redshift::ClusterSnapshot`	Redshift.13
	`AWS::Redshift::ClusterSubnetGroup`	Redshift.14 Redshift.16
	`AWS::Redshift::EventSubscription`	Redshift.12
Amazon Route 53	`AWS::Route53::HostedZone`	Percorso 53.2
Amazon Route 53	`AWS::Route53::HealthCheck`	Percorso 53.1
Amazon Simple Storage Service (Amazon S3)	`AWS::S3::AccessPoint`	S3.19
	`AWS::S3::AccountPublicAccessBlock`	S3.2 S3.3
	`AWS::S3::Bucket`	CloudTrail.6 CloudTrail.7 S3.2 S3.3 S3.5 S3.6 S.3.7 S3.8 S3.9 S3.10 S3.11 S3.12 S3.13 S3.14 S3.15 S3.17 S3.20
	`AWS::S3::MultiRegionAccessPoint`	S3.24
Amazon SageMaker AI	`AWS::SageMaker::AppImageConfig`	SageMaker.6
	`AWS::SageMaker::Image`	SageMaker.7
	`AWS::SageMaker::Model`	SageMaker5.
	`AWS::SageMaker::NotebookInstance`	SageMaker2. SageMaker3.
AWS Secrets Manager	`AWS::SecretsManager::Secret`	SecretsManager1. SecretsManager2. SecretsManager5.
AWS Service Catalog	`AWS::ServiceCatalog::Portfolio`	ServiceCatalog1.
Amazon Simple Email Service (Amazon SES)	`AWS::SES::ConfigurationSet`	CFR.2
Amazon Simple Email Service (Amazon SES)	`AWS::SES::ContactList`	CFR.1
Servizio di notifica semplice Amazon (Amazon Simple Notification Service (Amazon SNS))	`AWS::SNS::Topic`	SNS.1 SNS.3 SNS.4
Amazon Simple Queue Service (Amazon SQS)	`AWS::SQS::Queue`	SQS.1 MQ. 2 SQS.3
AWS Step Functions	`AWS::StepFunctions::StateMachine`	StepFunctions1.
AWS Step Functions	`AWS::StepFunctions::Activity`	StepFunctions2.
AWS Systems Manager (SSM)	`AWS::SSM::Document`	SSM.5
AWS Transfer Family	`AWS::Transfer::Agreement`	Trasferis.4
	`AWS::Transfer::Certificate`	Trasferis.5
	`AWS::Transfer::Connector`	Trasferis.3 Trasferising.6
	`AWS::Transfer::Profile`	Trasferising.7
	`AWS::Transfer::Workflow`	Trasferis.1
AWS WAF	`AWS::WAF::Rule`	WAF.6
	`AWS::WAF::RuleGroup`	WAF.7
	`AWS::WAF::WebACL`	WAF.1 WAF.8
	`AWS::WAFRegional::Rule`	WAF.2
	`AWS::WAFRegional::RuleGroup`	WAF.3
	`AWS::WAFRegional::WebACL`	WAF.4
	`AWS::WAFv2::RuleGroup`	WAF.12
	`AWS::WAFv2::WebACL`	WAF.10 WAF.11
Amazon WorkSpaces	`AWS::WorkSpaces::WorkSpace`	WorkSpaces1. WorkSpaces2.

Risorse richieste per lo standard AWS Foundational Security Best Practices

Affinché Security Hub riporti con precisione i risultati relativi ai controlli attivati dalle modifiche che si applicano allo standard AWS Foundational Security Best Practices (v.1.0.0), sono abilitati e utilizzano una AWS Config regola, è necessario registrare i seguenti tipi di risorse in. AWS Config Per informazioni su questo standard, consultaAWS Foundational Security Best Practices standard in Security Hub.

Servizio AWS	Tipi di risorsa
Amazon API Gateway	`AWS::ApiGateway::Stage`, `AWS::ApiGatewayV2::Stage`
AWS AppSync	`AWS::AppSync::ApiCache`, `AWS::AppSync::GraphQLApi`
AWS Backup	`AWS::Backup::RecoveryPoint`
AWS Certificate Manager (ACM)	`AWS::ACM::Certificate`
AWS CloudFormation	`AWS::CloudFormation::Stack`
Amazon CloudFront	`AWS::CloudFront::Distribution`
AWS CodeBuild	`AWS::CodeBuild::Project`, `AWS::CodeBuild::ReportGroup`
Amazon Cognito	`AWS::Cognito::UserPool`
Amazon Connect	`AWS::Connect::Instance`
AWS DataSync	`AWS::DataSync::Task`
AWS Database Migration Service (AWS DMS)	`AWS::DMS::Endpoint`, `AWS::DMS::ReplicationInstance`, `AWS::DMS::ReplicationTask`
Amazon DynamoDB	`AWS::DynamoDB::Table`
Amazon EC2 Systems Manager (SSM)	`AWS::SSM::AssociationCompliance`, `AWS::SSM::ManagedInstanceInventory`, `AWS::SSM::PatchCompliance`
Amazon Elastic Compute Cloud (Amazon EC2)	`AWS::EC2::ClientVpnEndpoint`, `AWS::EC2::Instance`, `AWS::EC2::LaunchTemplate`, `AWS::EC2::NetworkAcl`, `AWS::EC2::NetworkInterface`, `AWS::EC2::SecurityGroup`, `AWS::EC2::SpotFleet`, `AWS::EC2::Subnet`, `AWS::EC2::TransitGateway`, `AWS::EC2::VPCBlockPublicAccessOptions`, `AWS::EC2::VPNConnection`, `AWS::EC2::Volume`
Amazon EC2 Auto Scaling	`AWS::AutoScaling::AutoScalingGroup`, `AWS::AutoScaling::LaunchConfiguration`
Amazon Elastic Container Registry (Amazon ECR)	`AWS::ECR::Repository`
Amazon Elastic Container Service (Amazon ECS)	`AWS::ECS::Cluster`, `AWS::ECS::Service`, `AWS::ECS::TaskDefinition`, `AWS::ECS::TaskSet`
Amazon Elastic File System (Amazon EFS)	`AWS::EFS::AccessPoint`, `AWS::EFS::FileSystem`
Amazon Elastic Kubernetes Service (Amazon EKS)	`AWS::EKS::Cluster`
AWS Elastic Beanstalk	`AWS::ElasticBeanstalk::Environment`
Sistema di bilanciamento del carico elastico	`AWS::ElasticLoadBalancing::LoadBalancer`, `AWS::ElasticLoadBalancingV2::Listener`, `AWS::ElasticLoadBalancingV2::LoadBalancer`
ElasticSearch	`AWS::Elasticsearch::Domain`
Amazon EMR	`AWS::EMR::SecurityConfiguration`
AWS Glue	`AWS::Glue::Job`, `AWS::Glue::MLTransform`
AWS Identity and Access Management (IAM)	`AWS::IAM::Group`, `AWS::IAM::Policy`, `AWS::IAM::Role`, `AWS::IAM::User`
Amazon Kinesis	`AWS::Kinesis::Stream`
AWS Key Management Service (AWS KMS)	`AWS::KMS::Key`
AWS Lambda	`AWS::Lambda::Function`
Amazon Managed Streaming for Apache Kafka (Amazon MSK)	`AWS::MSK::Cluster`, `AWS::KafkaConnect::Connector`
AWS Network Firewall	`AWS::NetworkFirewall::Firewall`, `AWS::NetworkFirewall::FirewallPolicy`, `AWS::NetworkFirewall::RuleGroup`
OpenSearch Servizio Amazon	`AWS::OpenSearch::Domain`
Amazon Relational Database Service (Amazon RDS)	`AWS::RDS::DBCluster`, `AWS::RDS::DBClusterSnapshot`, `AWS::RDS::DBInstance`, `AWS::RDS::DBProxy`, `AWS::RDS::DBSnapshot`, `AWS::RDS::EventSubscription`
Amazon Redshift	`AWS::Redshift::Cluster`, `AWS::Redshift::ClusterSubnetGroup`
Amazon Redshift Serverless	`AWS::RedshiftServerless::Workgroup`
Amazon Route 53	`AWS::Route53::HostedZone`
Amazon Simple Storage Service (Amazon S3)	`AWS::S3::AccessPoint`, `AWS::S3::AccountPublicAccessBlock`, `AWS::S3::Bucket`, `AWS::S3::MultiRegionAccessPoint`
Amazon SageMaker AI	`AWS::SageMaker::Model`, `AWS::SageMaker::NotebookInstance`
Servizio di notifica semplice Amazon (Amazon Simple Notification Service (Amazon SNS))	`AWS::SNS::Topic`
Amazon Simple Queue Service (Amazon SQS)	`AWS::SQS::Queue`
AWS Secrets Manager	`AWS::SecretsManager::Secret`
AWS Step Functions	`AWS::StepFunctions::StateMachine`
AWS Transfer Family	`AWS::Transfer::Connector`
AWS WAF	`AWS::WAF::Rule`, `AWS::WAF::RuleGroup`, `AWS::WAF::WebACL`, `AWS::WAFRegional::Rule`, `AWS::WAFRegional::RuleGroup`, `AWS::WAFRegional::WebACL`, `AWS::WAFv2::RuleGroup`, `AWS::WAFv2::WebACL`
Amazon WorkSpaces	`AWS::WorkSpaces::WorkSpace`

Risorse necessarie per il benchmark CIS AWS Foundations

Per eseguire controlli di sicurezza per i controlli abilitati che si applicano al benchmark Center for Internet Security (CIS) AWS Foundations, Security Hub esegue esattamente le fasi di controllo prescritte per i controlli o utilizza regole AWS Config gestite specifiche. Per informazioni su questo standard in Security Hub, vedereBenchmark CIS AWS Foundations nel Security Hub.

Risorse richieste per CIS v3.0.0

Affinché Security Hub riporti con precisione i risultati dei controlli attivati da modifiche CIS v3.0.0 abilitati che utilizzano una AWS Config regola, è necessario registrare i seguenti tipi di risorse in. AWS Config

Servizio AWS	Tipi di risorsa
Amazon Elastic Compute Cloud (Amazon EC2)	`AWS::EC2::Instance`, `AWS::EC2::NetworkAcl`, `AWS::EC2::SecurityGroup`
AWS Identity and Access Management (IAM)	`AWS::IAM::Group`, `AWS::IAM::User`, `AWS::IAM::Role`
Amazon Relational Database Service (Amazon RDS)	`AWS::RDS::DBInstance`
Amazon Simple Storage Service (Amazon S3)	`AWS::S3::Bucket`

Risorse richieste per CIS v1.4.0

Affinché Security Hub riporti con precisione i risultati dei controlli attivati da modifiche CIS v1.4.0 abilitati che utilizzano una AWS Config regola, è necessario registrare i seguenti tipi di risorse in. AWS Config

Servizio AWS	Tipi di risorsa
Amazon Elastic Compute Cloud (Amazon EC2)	`AWS::EC2::NetworkAcl`, `AWS::EC2::SecurityGroup`
AWS Identity and Access Management (IAM)	`AWS::IAM::Policy`, `AWS::IAM::User`
Amazon Relational Database Service (Amazon RDS)	`AWS::RDS::DBInstance`
Amazon Simple Storage Service (Amazon S3)	`AWS::S3::Bucket`

Risorse richieste per CIS v1.2.0

Affinché Security Hub riporti in modo accurato i risultati dei controlli attivati da modifiche CIS v1.2.0 abilitati che utilizzano una AWS Config regola, è necessario registrare i seguenti tipi di risorse in. AWS Config

Servizio AWS	Tipi di risorsa
Amazon Elastic Compute Cloud (Amazon EC2)	`AWS::EC2::SecurityGroup`
AWS Identity and Access Management (IAM)	`AWS::IAM::Policy`, `AWS::IAM::User`

Risorse necessarie per lo standard NIST SP 800-53 Revisione 5

Affinché Security Hub riporti con precisione i risultati relativi ai controlli attivati dalle modifiche che si applicano allo standard NIST SP 800-53 Revisione 5, sono abilitati e utilizzano una AWS Config regola, è necessario registrare i seguenti tipi di risorse in. AWS Config Per informazioni su questo standard, consultaNIST SP 800-53 Revisione 5 nel Security Hub.

Servizio AWS	Tipi di risorsa
Amazon API Gateway	`AWS::ApiGateway::Stage`, `AWS::ApiGatewayV2::Stage`
AWS AppSync	`AWS::AppSync::GraphQLApi`
AWS Backup	`AWS::Backup::RecoveryPoint`
AWS Certificate Manager (ACM)	`AWS::ACM::Certificate`
AWS CloudFormation	`AWS::CloudFormation::Stack`
Amazon CloudFront	`AWS::CloudFront::Distribution`
Amazon CloudWatch	`AWS::CloudWatch::Alarm`
AWS CodeBuild	`AWS::CodeBuild::Project`
AWS Database Migration Service (AWS DMS)	`AWS::DMS::Endpoint`, `AWS::DMS::ReplicationInstance`, `AWS::DMS::ReplicationTask`
Amazon DynamoDB	`AWS::DynamoDB::Table`
Amazon Elastic Compute Cloud (Amazon EC2)	`AWS::EC2::ClientVpnEndpoint`, `AWS::EC2::EIP`, `AWS::EC2::Instance`, `AWS::EC2::LaunchTemplate`, `AWS::EC2::NetworkAcl`, `AWS::EC2::NetworkInterface`, `AWS::EC2::SecurityGroup`, `AWS::EC2::Subnet`, `AWS::EC2::TransitGateway`, `AWS::EC2::VPNConnection`, `AWS::EC2::Volume`
Amazon EC2 Auto Scaling	`AWS::AutoScaling::AutoScalingGroup`, `AWS::AutoScaling::LaunchConfiguration`
Amazon Elastic Container Registry (Amazon ECR)	`AWS::ECR::Repository`
Amazon Elastic Container Service (Amazon ECS)	`AWS::ECS::Cluster`, `AWS::ECS::Service`, `AWS::ECS::TaskDefinition`
Amazon Elastic File System (Amazon EFS)	`AWS::EFS::AccessPoint`
Amazon Elastic Kubernetes Service (Amazon EKS)	`AWS::EKS::Cluster`
AWS Elastic Beanstalk	`AWS::ElasticBeanstalk::Environment`
Sistema di bilanciamento del carico elastico	`AWS::ElasticLoadBalancing::LoadBalancer`, `AWS::ElasticLoadBalancingV2::Listener`, `AWS::ElasticLoadBalancingV2::LoadBalancer`
Amazon ElasticSearch	`AWS::Elasticsearch::Domain`
Amazon EMR	`AWS::EMR::SecurityConfiguration`
Amazon EventBridge	`AWS::Events::Endpoint`, `AWS::Events::EventBus`
AWS Glue	`AWS::Glue::Job`
AWS Identity and Access Management (IAM)	`AWS::IAM::Group`, `AWS::IAM::Policy`, `AWS::IAM::Role`, `AWS::IAM::User`
AWS Key Management Service (AWS KMS)	`AWS::KMS::Alias`, `AWS::KMS::Key`
Amazon Kinesis	`AWS::Kinesis::Stream`
AWS Lambda	`AWS::Lambda::Function`
Amazon Managed Streaming for Apache Kafka (Amazon MSK)	`AWS::MSK::Cluster`
Amazon MQ	`AWS::AmazonMQ::Broker`
AWS Network Firewall	`AWS::NetworkFirewall::Firewall`, `AWS::NetworkFirewall::FirewallPolicy`, `AWS::NetworkFirewall::RuleGroup`
OpenSearch Servizio Amazon	`AWS::OpenSearch::Domain`
Amazon Relational Database Service (Amazon RDS)	`AWS::RDS::DBCluster`, `AWS::RDS::DBClusterSnapshot`, `AWS::RDS::DBInstance`, `AWS::RDS::DBSnapshot`, `AWS::RDS::EventSubscription`
Amazon Redshift	`AWS::Redshift::Cluster`, `AWS::Redshift::ClusterSubnetGroup`
Amazon Route 53	`AWS::Route53::HostedZone`
Amazon Simple Storage Service (Amazon S3)	`AWS::S3::AccessPoint`, `AWS::S3::AccountPublicAccessBlock`, `AWS::S3::Bucket`
AWS Service Catalog	`AWS::ServiceCatalog::Portfolio`
Servizio di notifica semplice Amazon (Amazon Simple Notification Service (Amazon SNS))	`AWS::SNS::Topic`
Amazon Simple Queue Service (Amazon SQS)	`AWS::SQS::Queue`
Amazon EC2 Systems Manager (SSM)	`AWS::SSM::AssociationCompliance`, `AWS::SSM::ManagedInstanceInventory`, `AWS::SSM::PatchCompliance`
Amazon SageMaker AI	`AWS::SageMaker::NotebookInstance`
AWS Secrets Manager	`AWS::SecretsManager::Secret`
AWS Transfer Family	`AWS::Transfer::Connector`
AWS WAF	`AWS::WAF::Rule`, `AWS::WAF::RuleGroup`, `AWS::WAF::WebACL`, `AWS::WAFRegional::Rule`, `AWS::WAFRegional::RuleGroup`, `AWS::WAFRegional::WebACL`, `AWS::WAFv2::RuleGroup`, `AWS::WAFv2::WebACL`

Risorse richieste per lo standard NIST SP 800-171 Revision 2

Affinché Security Hub riporti con precisione i risultati relativi ai controlli attivati dalle modifiche che si applicano allo standard NIST SP 800-171 Revisione 2, sono abilitati e utilizzano una AWS Config regola, è necessario registrare i seguenti tipi di risorse in. AWS Config Per informazioni su questo standard, consultaNIST SP 800-171 Revisione 2 in Security Hub.

Servizio AWS	Tipi di risorsa
AWS Certificate Manager(ACM)	`AWS::ACM::Certificate`
Amazon API Gateway	`AWS::ApiGateway::Stage`
Amazon CloudFront	`AWS::CloudFront::Distribution`
Amazon CloudWatch	`AWS::CloudWatch::Alarm`
Amazon Elastic Compute Cloud (Amazon EC2)	`AWS::EC2::ClientVpnEndpoint`, `AWS::EC2::NetworkAcl`, `AWS::EC2::SecurityGroup`, `AWS::EC2::VPC`, `AWS::EC2::VPNConnection`
Sistema di bilanciamento del carico elastico	`AWS::ElasticLoadBalancing::LoadBalancer`
AWS Identity and Access Management(IAM)	`AWS::IAM::Policy`, `AWS::IAM::User`
AWS Key Management Service (AWS KMS)	`AWS::KMS::Alias`, `AWS::KMS::Key`
AWS Network Firewall	`AWS::NetworkFirewall::FirewallPolicy`, `AWS::NetworkFirewall::RuleGroup`
Amazon Simple Storage Service (Amazon S3)	`AWS::S3::Bucket`
Amazon Simple Notification Service (Amazon SNS)	`AWS::SNS::Topic`
AWS Systems Manager(SSM)	`AWS::SSM::PatchCompliance`
AWS WAF	`AWS::WAFv2::RuleGroup`

Risorse richieste per PCI DSS v3.2.1

Affinché Security Hub riporti in modo accurato i risultati dei controlli che si applicano alla versione 3.2.1 del Payment Card Industry Data Security Standard (PCI DSS), sono abilitati e utilizzano una AWS Config regola, è necessario registrare i seguenti tipi di risorse in. AWS Config Per informazioni su questo standard, consultaPCI DSS nel Security Hub.

Servizio AWS	Tipi di risorsa
AWS CodeBuild	`AWS::CodeBuild::Project`
Amazon Elastic Compute Cloud (Amazon EC2)	`AWS::EC2::EIP`, `AWS::EC2::Instance`, `AWS::EC2::SecurityGroup`
Amazon EC2 Auto Scaling	`AWS::AutoScaling::AutoScalingGroup`
AWS Identity and Access Management (IAM)	`AWS::IAM::Policy`, `AWS::IAM::User`
AWS Lambda	`AWS::Lambda::Function`
OpenSearch Servizio Amazon	`AWS::OpenSearch::Domain`
Amazon Relational Database Service (Amazon RDS)	`AWS::RDS::DBClusterSnapshot`, `AWS::RDS::DBInstance`, `AWS::RDS::DBSnapshot`
Amazon Redshift	`AWS::Redshift::Cluster`
Amazon Simple Storage Service (Amazon S3)	`AWS::S3::AccountPublicAccessBlock`, `AWS::S3::Bucket`
Amazon EC2 Systems Manager (SSM)	`AWS::SSM::AssociationCompliance`, `AWS::SSM::ManagedInstanceInventory`, `AWS::SSM::PatchCompliance`

Risorse necessarie per lo standard AWS Resource Tagging

Tutti i controlli che si applicano allo standard AWS Resource Tagging attivano una modifica e utilizzano una regola. AWS Config Affinché Security Hub riporti in modo accurato i risultati di questi controlli, è necessario registrare i seguenti tipi di risorse in AWS Config. Per informazioni su questo standard, consultaAWS Standard di etichettatura delle risorse in Security Hub.

Servizio AWS	Tipi di risorsa
AWS Amplify	`AWS::Amplify::App`, `AWS::Amplify::Branch`
Amazon AppFlow	`AWS::AppFlow::Flow`
AWS App Runner	`AWS::AppRunner::Service`, `AWS::AppRunner::VpcConnector`
AWS AppConfig	`AWS::AppConfig::Application`, `AWS::AppConfig::ConfigurationProfile`, `AWS::AppConfig::Environment`, `AWS::AppConfig::ExtensionAssociation`
AWS AppSync	`AWS::AppSync::GraphQLApi`
Amazon Athena	`AWS::Athena::DataCatalog`, `AWS::Athena::WorkGroup`
AWS Backup	`AWS::Backup::BackupPlan`, `AWS::Backup::BackupVault`, `AWS::Backup::RecoveryPlan`, `AWS::Backup::ReportPlan`
AWS Batch	`AWS::Batch::ComputeEnvironment`, `AWS::Batch::JobQueue`, `AWS::Batch::SchedulingPolicy`
AWS Certificate Manager (ACM)	`AWS::ACM::Certificate`
AWS CloudFormation	`AWS::CloudFormation::Stack`
Amazon CloudFront	`AWS::CloudFront::Distribution`
AWS CloudTrail	`AWS::CloudTrail::Trail`
AWS CodeArtifact	`AWS::CodeArtifact::Repository`
Amazon CodeGuru	`AWS::CodeGuruProfiler::ProfilingGroup`, `AWS::CodeGuruReviewer::RepositoryAssociation`
Amazon Connect	`AWS::CustomerProfiles::ObjectType`
AWS Database Migration Service (AWS DMS)	`AWS::DMS::Certificate`, `AWS::DMS::EventSubscription` `AWS::DMS::ReplicationInstance`, `AWS::DMS::ReplicationSubnetGroup`
AWS DataSync	`AWS::DataSync::Task`
Amazon Detective	`AWS::Detective::Graph`
Amazon DynamoDB	`AWS::DynamoDB::Trail`
Amazon Elastic Compute Cloud () EC2	`AWS::EC2::CustomerGateway`, `AWS::EC2::DHCPOptions`, `AWS::EC2::EIP`, `AWS::EC2::FlowLog`, `AWS::EC2::Instance`, `AWS::EC2::InternetGateway`, `AWS::EC2::LaunchTemplate`, `AWS::EC2::NatGateway`, `AWS::EC2::NetworkAcl`, `AWS::EC2::NetworkInterface`, `AWS::EC2::PrefixList`, `AWS::EC2::RouteTable`, `AWS::EC2::SecurityGroup`, `AWS::EC2::Subnet`, `AWS::EC2::TrafficMirrorFilter`, `AWS::EC2::TrafficMirrorSession`, `AWS::EC2::TrafficMirrorTarget`, `AWS::EC2::TransitGateway`, `AWS::EC2::TransitGatewayAttachment`, `AWS::EC2::TransitGatewayRouteTable`, `AWS::EC2::Volume`, `AWS::EC2::VPC`, `AWS::EC2::VPCEndpointService`, `AWS::EC2::VPCPeeringConnection`, `AWS::EC2::VPNGateway`
Amazon EC2 Auto Scaling	`AWS::AutoScaling::AutoScalingGroup`
Amazon Elastic Container Registry (Amazon ECR)	`AWS::ECR::PublicRepository`
Amazon Elastic Container Service (Amazon ECS)	`AWS::ECS::Cluster`, `AWS::ECS::Service`, `AWS::ECS::TaskDefinition`
Amazon Elastic File System (Amazon EFS)	`AWS::EFS::AccessPoint`
Amazon Elastic Kubernetes Service (Amazon EKS)	`AWS::EKS::Cluster`, `AWS::EKS::IdentityProviderConfig`
AWS Elastic Beanstalk	`AWS::ElasticBeanstalk::Environment`
ElasticSearch	`AWS::Elasticsearch::Domain`
Amazon EventBridge	`AWS::Events::EventBus`
Amazon Fraud Detector	`AWS::FraudDetector::EntityType`, `AWS::FraudDetector::Label` `AWS::FraudDetector::Outcome`, `AWS::FraudDetector::Variable`
AWS Global Accelerator	`AWS::GlobalAccelerator::Accelerator`
AWS Glue	`AWS::Glue::Job`
Amazon GuardDuty	`AWS::GuardDuty::Detector`, `AWS::GuardDuty::Filter`, `AWS::GuardDuty::IPSet`
AWS Identity and Access Management (IAM)	`AWS::IAM::Role`, `AWS::IAM::User`
AWS Identity and Access Management Access Analyzer (IAM Access Analyzer)	`AWS::AccessAnalyzer::Analyzer`
AWS IoT	`AWS::IoT::Authorizer`, `AWS::IoT::Dimension`, `AWS::IoT::MitigationAction`, `AWS::IoT::Policy`, `AWS::IoT::RoleAlias`, `AWS::IoT::SecurityProfile`
AWS IoT Eventi	`AWS::IoTEvents::AlarmModel`, `AWS::IoTEvents::DetectorModel`, `AWS::IoTEvents::Input`
AWS IoT SiteWise	`AWS::IoTSiteWise::Dashboard`, `AWS::IoTSiteWise::Gateway`, `AWS::IoTSiteWise::Portal`, `AWS::IoTSiteWise::Project`
AWS IoT TwinMaker	`AWS::IoTTwinMaker::Entity`, `AWS::IoTTwinMaker::Scene`, `AWS::IoTTwinMaker::SyncJob`, `AWS::IoTTwinMaker::Workspace`
AWS IoT Wireless	`AWS::IoTWireless::FuotaTask`, `AWS::IoTWireless::MulticastGroup`, `AWS::IoTWireless::ServiceProfile`
Amazon Interactive Video Service (Amazon IVS)	`AWS::IVS::Channel`, `AWS::IVS::PlaybackKeyPair`, `AWS::IVS::RecordingConfiguration`
Amazon Keyspaces (per Apache Cassandra)	`AWS::Cassandra::Keyspace`
Amazon Kinesis	`AWS::Kinesis::Stream`
AWS Lambda	`AWS::Lambda::Function`
Amazon MQ	`AWS::AmazonMQ::Broker`
AWS Network Firewall	`AWS::NetworkFirewall::Firewall`, `AWS::NetworkFirewall::FirewallPolicy`
OpenSearch Servizio Amazon	`AWS::OpenSearch::Domain`
AWS Private Certificate Authority	`AWS::ACMPCA::CertificateAuthority`
Amazon Relational Database Service	`AWS::RDS::DBCluster`, `AWS::RDS::DBClusterSnapshot`, `AWS::RDS::DBInstance`, `AWS::RDS::DBSecurityGroup`, `AWS::RDS::DBSnapshot`, `AWS::RDS::DBSubnetGroup`
Amazon Redshift	`AWS::Redshift::Cluster`, `AWS::Redshift::ClusterParameterGroup`, `AWS::Redshift::ClusterSnapshot`, `AWS::Redshift::ClusterSubnetGroup`, `AWS::Redshift::EventSubscription`
Amazon Route 53	`AWS::Route53::HealthCheck`
Amazon SageMaker AI	`AWS::SageMaker::AppImageConfig`, `AWS::SageMaker::Image`
AWS Secrets Manager	`AWS::SecretsManager::Secret`
Amazon Simple Email Service (Amazon SES)	`AWS::SES::ConfigurationSet`, `AWS::SES::ContactList`
Servizio di notifica semplice Amazon (Amazon Simple Notification Service (Amazon SNS))	`AWS::SNS::Topic`
Amazon Simple Queue Service (Amazon SQS)	`AWS::SQS::Queue`
AWS Step Functions	`AWS::StepFunctions::Activity`
AWS Systems Manager (SSM)	`AWS::SSM::Document`
AWS Transfer Family	`AWS::Transfer::Agreement`, `AWS::Transfer::Certificate`, `AWS::Transfer::Connector`, `AWS::Transfer::Profile`, `AWS::Transfer::Workflow`

Risorse necessarie per lo standard gestito dai AWS Control Tower servizi

Affinché Security Hub riporti in modo accurato i risultati dei controlli attivati dalle modifiche che si applicano allo standard di AWS Control Tower gestione dei servizi, sono abilitati e utilizzano una AWS Config regola, è necessario registrare i seguenti tipi di risorse in. AWS Config Per informazioni su questo standard, consultaStandard di gestione dei servizi: AWS Control Tower.

Servizio AWS	Tipi di risorsa
Amazon API Gateway	`AWS::ApiGateway::Stage` `AWS::ApiGatewayV2::Stage`
AWS Certificate Manager (ACM)	`AWS::ACM::Certificate`
AWS CodeBuild	`AWS::CodeBuild::Project`
Amazon DynamoDB	`AWS::DynamoDB::Table`
Amazon Elastic Compute Cloud () EC2	`AWS::EC2::Instance` `AWS::EC2::NetworkAcl` `AWS::EC2::NetworkInterface` `AWS::EC2::SecurityGroup` `AWS::EC2::Subnet` `AWS::EC2::VPNConnection` `AWS::EC2::Volume`
Amazon EC2 Auto Scaling	`AWS::AutoScaling::AutoScalingGroup` `AWS::AutoScaling::LaunchConfiguration`
Amazon Elastic Container Registry (Amazon ECR)	`AWS::ECR::Repository`
Amazon Elastic Container Service (Amazon ECS)	`AWS::ECS::Cluster` `AWS::ECS::Service` `AWS::ECS::TaskDefinition`
Amazon Elastic File System (Amazon EFS)	`AWS::EFS::AccessPoint`
Amazon EKS	`AWS::EKS::Cluster`
ElasticBeanstalk	`AWS::ElasticBeanstalk::Environment`
Sistema di bilanciamento del carico elastico	`AWS::ElasticLoadBalancing::LoadBalancer` `AWS::ElasticLoadBalancingV2::LoadBalancer`
ElasticSearch	`AWS::Elasticsearch::Domain`
AWS Identity and Access Management (IAM)	`AWS::IAM::Group` `AWS::IAM::Policy` `AWS::IAM::Role` `AWS::IAM::User`
AWS Key Management Service (AWS KMS)	`AWS::KMS::Alias` `AWS::KMS::Key`
Amazon Kinesis	`AWS::Kinesis::Stream`
AWS Lambda	`AWS::Lambda::Function`
AWS Network Firewall	`AWS::NetworkFirewall::FirewallPolicy` `AWS::NetworkFirewall::RuleGroup`
OpenSearch Servizio Amazon	`AWS::OpenSearch::Domain`
Amazon Relational Database Service (Amazon RDS)	`AWS::RDS::DBCluster` `AWS::RDS::DBClusterSnapshot` `AWS::RDS::DBInstance` `AWS::RDS::DBSnapshot` `AWS::RDS::EventSubscription`
Amazon Redshift	`AWS::Redshift::Cluster`
Amazon Simple Storage Service (Amazon S3)	`AWS::S3::AccountPublicAccessBlock` `AWS::S3::Bucket`
Servizio di notifica semplice Amazon (Amazon Simple Notification Service (Amazon SNS))	`AWS::SNS::Topic`
Amazon Simple Queue Service (Amazon SQS)	`AWS::SQS::Queue`
AWS Secrets Manager	`AWS::SecretsManager::Secret`
Amazon EC2 Systems Manager (SSM)	`AWS::SSM::AssociationCompliance` `AWS::SSM::ManagedInstanceInventory` `AWS::SSM::PatchCompliance`
AWS WAF	`AWS::WAFRegional::Rule` `AWS::WAFRegional::RuleGroup` `AWS::WAFRegional::WebACL` `AWS::WAFv2::WebACL`

Avvertimento JavaScript è disabilitato o non è disponibile nel tuo browser.

Per usare la documentazione AWS, JavaScript deve essere abilitato. Consulta le pagine della guida del browser per le istruzioni.

Convenzioni dei documenti

Controlli e punteggi di sicurezza

Pianificazione dell'esecuzione dei controlli di sicurezza