Risorse necessarie per tutti i controlli CSPM di Security Hub Risorse necessarie per lo standard AWS Foundational Security Best Practices Risorse necessarie per il benchmark CIS AWS Foundations Risorse necessarie per lo standard NIST SP 800-53 Revisione 5 Risorse necessarie per lo standard NIST SP 800-171 Revision 2 Risorse richieste per PCI DSS v3.2.1 Risorse necessarie per lo standard AWS Resource Tagging Risorse necessarie per lo standard gestito dai AWS Control Tower servizi

AWS Config Risorse necessarie per i risultati del controllo

In AWS Security Hub CSPM, alcuni controlli utilizzano AWS Config regole collegate ai servizi che rilevano le modifiche alla configurazione nelle risorse. AWS Affinché Security Hub CSPM generi risultati accurati per questi controlli, è necessario abilitare AWS Config e attivare la registrazione delle risorse. AWS Config Per informazioni su come Security Hub CSPM utilizza AWS Config le regole e su come abilitarle e configurarle AWS Config, vedere. Abilitazione e configurazione AWS Config per Security Hub CSPM Per informazioni dettagliate sulla registrazione delle risorse, consulta Lavorare con il registratore di configurazione nella Guida per gli AWS Config sviluppatori.

Per ricevere risultati di controllo accurati, è necessario attivare la registrazione AWS Config delle risorse per i controlli abilitati con un tipo di pianificazione innescato dalla modifica. Alcuni controlli con un tipo di pianificazione periodica richiedono anche la registrazione delle risorse. Questa pagina elenca le risorse necessarie per questi controlli CSPM di Security Hub.

I controlli CSPM di Security Hub possono basarsi su AWS Config regole gestite o regole CSPM Security Hub personalizzate. Assicurati che non esistano policy AWS Identity and Access Management (IAM) o policy AWS Organizations gestite che AWS Config impediscano di avere l'autorizzazione a registrare le tue risorse. I controlli CSPM di Security Hub valutano direttamente le configurazioni delle risorse e non tengono conto delle AWS Organizations politiche.

Nota

Regioni AWS Se un controllo non è disponibile, la risorsa corrispondente non è disponibile in. AWS Config Per un elenco di questi limiti, consultaLimiti regionali sui controlli CSPM di Security Hub.

Argomenti

Risorse necessarie per tutti i controlli CSPM di Security Hub
Risorse necessarie per lo standard AWS Foundational Security Best Practices
Risorse necessarie per il benchmark CIS AWS Foundations
Risorse necessarie per lo standard NIST SP 800-53 Revisione 5
Risorse necessarie per lo standard NIST SP 800-171 Revision 2
Risorse richieste per PCI DSS v3.2.1
Risorse necessarie per lo standard AWS Resource Tagging
Risorse necessarie per lo standard gestito dai AWS Control Tower servizi

Risorse necessarie per tutti i controlli CSPM di Security Hub

Affinché Security Hub CSPM generi risultati per i controlli attivati dalle modifiche che sono abilitati e utilizzano una AWS Config regola, è necessario registrare i seguenti tipi di risorse in. AWS Config Questa tabella indica anche quali controlli valutano un particolare tipo di risorsa. Un singolo controllo può valutare più di un tipo di risorsa.

Servizio AWS	Tipi di risorsa	Controlli correlati
AWS Amplify	`AWS::Amplify::App`	Amplifica.1
AWS Amplify	`AWS::Amplify::Branch`	Amplifica.2
Amazon API Gateway	`AWS::ApiGateway::Stage`	APIGateway1. APIGateway2. APIGateway3. APIGateway4. APIGateway5.
Amazon API Gateway	`AWS::ApiGatewayV2::Stage`	APIGateway1. APIGateway9.
AWS AppConfig	`AWS::AppConfig::Application`	AppConfig1.
	`AWS::AppConfig::ConfigurationProfile`	AppConfig2.
	`AWS::AppConfig::Environment`	AppConfig3.
	`AWS::AppConfig::ExtensionAssociation`	AppConfig4.
Amazon AppFlow	`AWS::AppFlow::Flow`	AppFlow1.
AWS App Runner	`AWS::AppRunner::Service`	AppRunner1.
AWS App Runner	`AWS::AppRunner::VpcConnector`	AppRunner2.
AWS AppSync	`AWS::AppSync::GraphQLApi`	AppSync2. AppSync4. AppSync5.
AWS AppSync	`AWS::AppSync::ApiCache`	AppSync1. AppSync6.
AWS Backup	`AWS::Backup::BackupPlan`	Backup.5
	`AWS::Backup::BackupVault`	Backup.3
	`AWS::Backup::RecoveryPoint`	Backup.1 Backup.2
	`AWS::Backup::ReportPlan`	Backup.4
AWS Batch	`AWS::Batch::ComputeEnvironment`	Lotto.3 Lotto.4
	`AWS::Batch::JobQueue`	Lotto.1
	`AWS::Batch::SchedulingPolicy`	Lotto.2
AWS Certificate Manager (ACM)	`AWS::ACM::Certificate`	ACM.1 ACM.2 ACM. 3
Amazon Athena	`AWS::Athena::DataCatalog`	Atena.2
Amazon Athena	`AWS::Athena::WorkGroup`	Atena.3 Atena.4
AWS CloudFormation	`AWS::CloudFormation::Stack`	CloudFormation2.
Amazon CloudFront	`AWS::CloudFront::Distribution`	CloudFront1. CloudFront3. CloudFront4. CloudFront5. CloudFront6. CloudFront.7 CloudFront8. CloudFront9. CloudFront.10 CloudFront.13 CloudFront.14 CloudFront.15
AWS CloudTrail	`AWS::CloudTrail::Trail`	CloudTrail9.
Amazon CloudWatch	`AWS::CloudWatch::Alarm`	CloudWatch.15 CloudWatch.17
AWS CodeArtifact	`AWS::CodeArtifact::Repository`	CodeArtifact1.
AWS CodeBuild	`AWS::CodeBuild::Project`	CodeBuild1. CodeBuild2. CodeBuild3. CodeBuild4.
AWS CodeBuild	`AWS::CodeBuild::ReportGroup`	CodeBuild7.
Amazon CodeGuru Profiler	`AWS::CodeGuruProfiler::ProfilingGroup`	CodeGuruProfiler1.
CodeGuru Revisore Amazon	`AWS::CodeGuruReviewer::RepositoryAssociation`	CodeGuruReviewer1.
Amazon Cognito	`AWS::Cognito::IdentityPool`	Cognito.2
Amazon Cognito	`AWS::Cognito::UserPool`	Cognito.1
Amazon Connect	`AWS::CustomerProfiles::ObjectType`	Connessione.1
Amazon Connect	`AWS::Connect::Instance`	Connessione.2
AWS DataSync	`AWS::DataSync::Task`	DataSync1. DataSync2.
Amazon Detective	`AWS::Detective::Graph`	Detective. 1
AWS Database Migration Service (AWS DMS)	`AWS::DMS::Certificate`	DMS.2
	`AWS::DMS::Endpoint`	DMS.9 DMS. 10 DMS 11 DMS 12
	`AWS::DMS::EventSubscription`	DMS.3
	`AWS::DMS::ReplicationInstance`	DMS.4 DMS.6
	`AWS::DMS::ReplicationSubnetGroup`	DMS.5
	`AWS::DMS::ReplicationTask`	DMS.7 DMS.8
Amazon DynamoDB	`AWS::DynamoDB::Table`	DynamoDB.1 DynamoDB.2 Dynamo DB.5 Dynamo DB.6
Amazon Elastic Compute Cloud () EC2	`AWS::EC2::ClientVpnEndpoint`	EC25.1
	`AWS::EC2::CustomerGateway`	EC2.36
	`AWS::EC2::DHCPOptions`	EC2.174
	`AWS::EC2::EIP`	EC2.12 EC2.37
	`AWS::EC2::FlowLog`	EC2.48
	`AWS::EC2::Instance`	EC24. EC28. EC29. EC2.17 EC2.24 EC2.38 EMR.1 SSM.1
	`AWS::EC2::InternetGateway`	EC2.39
	`AWS::EC2::LaunchTemplate`	EC2.25 EC2.170 EC2.175
	`AWS::EC2::NatGateway`	EC2.40
	`AWS::EC2::NetworkAcl`	EC2.16 EC2.21 EC2.41
	`AWS::EC2::NetworkInterface`	EC2.22 EC2.35 EC2.180
	`AWS::EC2::PrefixList`	EC2.176
	`AWS::EC2::RouteTable`	EC2.42
	`AWS::EC2::SecurityGroup`	EC22. EC2.13 EC2.14 EC2.18 EC2.19 EC2.43
	`AWS::EC2::SpotFleet`	EC2.173
	`AWS::EC2::Subnet`	EC2.15 EC2.44 ElastiCache.7
	`AWS::EC2::TrafficMirrorFilter`	EC2.178
	`AWS::EC2::TrafficMirrorSession`	EC2.177
	`AWS::EC2::TrafficMirrorTarget`	EC2.179
	`AWS::EC2::TransitGateway`	EC2.23 EC2.52
	`AWS::EC2::TransitGatewayAttachment`	EC2.33
	`AWS::EC2::TransitGatewayRouteTable`	EC2.34
	`AWS::EC2::Volume`	EC23. EC2.45
	`AWS::EC2::VPC`	EC2.6 EC2.46
	`AWS::EC2::VPCBlockPublicAccessOptions`	EC2.172
	`AWS::EC2::VPCEndpointService`	EC2.47
	`AWS::EC2::VPCPeeringConnection`	EC2.49
	`AWS::EC2::VPNConnection`	EC2.20 EC2.171
	`AWS::EC2::VPNGateway`	EC2.50
Amazon EC2 Auto Scaling	`AWS::AutoScaling::AutoScalingGroup`	AutoScaling1. AutoScaling2. AutoScaling6. AutoScaling9. AutoScaling.10
Amazon EC2 Auto Scaling	`AWS::AutoScaling::LaunchConfiguration`	AutoScaling3. Autoscaling.5
Amazon EC2 Systems Manager (SSM)	`AWS::SSM::AssociationCompliance`	SSM.3
	`AWS::SSM::ManagedInstanceInventory`	SSM.1
	`AWS::SSM::PatchCompliance`	SSM.2
Amazon Elastic Container Registry (Amazon ECR)	`AWS::ECR::PublicRepository`	PAGINA 4
Amazon Elastic Container Registry (Amazon ECR)	`AWS::ECR::Repository`	ECR.2 ECR.3 ECR. 5
Amazon Elastic Container Service (Amazon ECS)	`AWS::ECS::Cluster`	ECS.12 ECS.14
	`AWS::ECS::Service`	ECS.2 ECS.10 ECS.13
	`AWS::ECS::TaskDefinition`	ECS.1 ECS.3 ECS.4 ECS.5 ECS.8 ECS.9 ECS.15 ECS.17
	`AWS::ECS::TaskSet`	ECS.16
Amazon Elastic File System (Amazon EFS)	`AWS::EFS::AccessPoint`	EFS.3 EFS.4 EFS.5
Amazon Elastic File System (Amazon EFS)	`AWS::EFS::FileSystem`	EFS.7 EFS.8
Amazon Elastic Kubernetes Service (Amazon EKS)	`AWS::EKS::Cluster`	EKS.2 EKS.6 EKS.8
Amazon Elastic Kubernetes Service (Amazon EKS)	`AWS::EKS::IdentityProviderConfig`	EKS.7
AWS Elastic Beanstalk	`AWS::ElasticBeanstalk::Environment`	ElasticBeanstalk1. ElasticBeanstalk2. ElasticBeanstalk3.
Sistema di bilanciamento del carico elastico	`AWS::ElasticLoadBalancing::LoadBalancer`	ELB.2 ELB.3 ELB.5 ELB.7 ELB.8 ELB.9 ELB.10 ELB.14
	`AWS::ElasticLoadBalancingV2::Listener`	ELB.17 ELB.18
	`AWS::ElasticLoadBalancingV2::LoadBalancer`	ELB.1 ELB.4 ELB.5 ELB.6 ELB.12 ELB.13 ELB.16
ElasticSearch	`AWS::Elasticsearch::Domain`	ES.3 ES.4 ES.5 ES.6 ES.7 ES.8 ES.9
Amazon EMR	`AWS::EMR::SecurityConfiguration`	EMR.3 EMR.4
Amazon EventBridge	`AWS::Events::EventBus`	EventBridge2. EventBridge3.
Amazon EventBridge	`AWS::Events::Endpoint`	EventBridge4.
Amazon Fraud Detector	`AWS::FraudDetector::EntityType`	FraudDetector1.
	`AWS::FraudDetector::Label`	FraudDetector2.
	`AWS::FraudDetector::Outcome`	FraudDetector3.
	`AWS::FraudDetector::Variable`	FraudDetector4.
AWS Global Accelerator	`AWS::GlobalAccelerator::Accelerator`	GlobalAccelerator1.
AWS Glue	`AWS::Glue::Job`	Colla. 1 Colla.4
AWS Glue	`AWS::Glue::MLTransform`	Colla. 3
Amazon GuardDuty	`AWS::GuardDuty::Detector`	GuardDuty4.
	`AWS::GuardDuty::Filter`	GuardDuty2.
	`AWS::GuardDuty::IPSet`	GuardDuty3.
AWS Identity and Access Management (IAM)	`AWS::IAM::Group`	IO HO 27 ANNI KMS.2
	`AWS::IAM::Policy`	IAM.1 IAM.21 KMS.1
	`AWS::IAM::Role`	SONO 24 SONO 27 KMS.2
	`AWS::IAM::User`	IAM.2 IAM.3 IAM.5 IAM.8 SONO 19 SONO 22 SONO 25 SONO 27 KMS.2
AWS Identity and Access Management Access Analyzer	`AWS::AccessAnalyzer::Analyzer`	SONO 23
Amazon Interactive Video Service (Amazon IVS)	`AWS::IVS::PlaybackKeyPair`	IV.1
	`AWS::IVS::RecordingConfiguration`	IV.2
	`AWS::IVS::Channel`	IV.3
AWS IoT	`AWS::IoT::Authorizer`	IoT 4
	`AWS::IoT::Dimension`	IoT.3
	`AWS::IoT::MitigationAction`	IoT.2
	`AWS::IoT::Policy`	IoT.6
	`AWS::IoT::RoleAlias`	IoT.5
	`AWS::IoT::SecurityProfile`	IoT.1
AWS Eventi IoT	`AWS::IoTEvents::AlarmModel`	Ios 3TEvents.
	`AWS::IoTEvents::DetectorModel`	TEventsIos 2.
	`AWS::IoTEvents::Input`	Ion. 1 TEvents
AWS IoT SiteWise	`AWS::IoTSiteWise::AssetModel`	Io TSite Wise.1
	`AWS::IoTSiteWise::Dashboard`	Io Saggio.2 TSite
	`AWS::IoTSiteWise::Gateway`	Io Saggio.3 TSite
	`AWS::IoTSiteWise::Portal`	Io Saggio.4 TSite
	`AWS::IoTSiteWise::Project`	Io Saggio.5 TSite
AWS IoT TwinMaker	`AWS::IoTTwinMaker::Entity`	TTwinIo-Maker 4
	`AWS::IoTTwinMaker::Scene`	Io TTwin Maker.3
	`AWS::IoTTwinMaker::SyncJob`	Io TTwin Maker.1
	`AWS::IoTTwinMaker::Workspace`	Io TTwin Maker.2
AWS IoT Wireless	`AWS::IoTWireless::MulticastGroup`	Ios 1TWireless.
	`AWS::IoTWireless::ServiceProfile`	TWirelessIos 2.
	`AWS::IoTWireless::FuotaTask`	TWirelessIos 3.
Amazon Keyspaces (per Apache Cassandra)	`AWS::Cassandra::Keyspace`	Spazi chiavi.1
Amazon Kinesis	`AWS::Kinesis::Stream`	Kinesis.1 Cinesi.2 Cinesi.3
AWS Key Management Service (AWS KMS)	`AWS::KMS::Alias`	S3.17
AWS Key Management Service (AWS KMS)	`AWS::KMS::Key`	KMS.3 5 KM S3.17
AWS Lambda	`AWS::Lambda::Function`	Lambda.1 Lambda.2 Lambda.3 Lambda.5 Lambda.6 Lambda.7
MSK Amazon	`AWS::MSK::Cluster`	MSK.1 MSK.2 MSK.4 MSK.6
MSK Amazon	`AWS::KafkaConnect::Connector`	MSK.3 MSK.5
Amazon MQ	`AWS::AmazonMQ::Broker`	MQ. 2 MQ. 3 MQ.4 MQ.5 MQ.6
AWS Network Firewall	`AWS::NetworkFirewall::Firewall`	NetworkFirewall1. NetworkFirewall7. NetworkFirewall9. NetworkFirewall.10
	`AWS::NetworkFirewall::FirewallPolicy`	NetworkFirewall3. NetworkFirewall4. NetworkFirewall5. NetworkFirewall8.
	`AWS::NetworkFirewall::RuleGroup`	NetworkFirewall6.
OpenSearch Servizio Amazon	`AWS::OpenSearch::Domain`	Opensearch.1 Opensearch.2 Opensearch.3 Opensearch.4 Opensearch.5 Opensearch.6 Opensearch.7 Opensearch.8 Ricerca aperta. 9 Ricerca aperta.10 Ricerca aperta.11
AWS Private CA	`AWS::ACMPCA::CertificateAuthority`	PCA.2
Amazon Relational Database Service (Amazon RDS)	`AWS::RDS::DBCluster`	Documento DB.1 Documento DB.2 Documento DB.4 Documento DB.5 Nettuno.1 Nettuno.2 Nettuno.4 Nettuno.5 Nettuno.7 Nettuno.8 Nettuno.9 RDS.7 RDS.12 RDS.14 RDS.15 RDS.16 RDS.24 RIF. 27 RIF. 28 RIF. 34 RIF. 35 RIF. 37
	`AWS::RDS::DBClusterSnapshot`	Documento DB.3 Nettuno.3 Nettuno.6 RDS.1 RDS.4 RIF. 29
	`AWS::RDS::DBInstance`	RDS.2 RDS.3 RDS.5 RDS.6 RDS.8 RDS.9 RDS.10 RDS.11 RDS.13 RDS.17 RDS.18 RDS.23 RDS.25 RIF. 30 RIF. 36 RIF. 40
	`AWS::RDS::DBSecurityGroup`	RIF. 31
	`AWS::RDS::DBSnapshot`	RDS.1 RDS.4 RIF. 32
	`AWS::RDS::DBSubnetGroup`	RIF. 33
	`AWS::RDS::EventSubscription`	RDS.19 RDS.20 RDS.21 RDS.22
Amazon Redshift	`AWS::Redshift::Cluster`	Redshift.1 Redshift.2 Redshift.3 Redshift.4 Redshift.6 Redshift.7 Redshift.8 Redshift.9 Redshift.10 Redshift.11 Redshift 18
	`AWS::Redshift::ClusterParameterGroup`	Redshift.2 Redshift 17
	`AWS::Redshift::ClusterSnapshot`	Redshift 13
	`AWS::Redshift::ClusterSubnetGroup`	Redshift 14 Redshift 16
	`AWS::Redshift::EventSubscription`	Redshift 12
Amazon Route 53	`AWS::Route53::HostedZone`	Percorso 53.2
Amazon Route 53	`AWS::Route53::HealthCheck`	Percorso 53.1
Amazon Simple Storage Service (Amazon S3)	`AWS::S3::AccessPoint`	S3.19
	`AWS::S3::AccountPublicAccessBlock`	S3.2 S3.3
	`AWS::S3::Bucket`	CloudTrail6. CloudTrail.7 S3.2 S3.3 S3.5 S3.6 S.3.7 S3.8 S3.9 S3.10 S3.11 S3.12 S3.13 S3.14 S3.15 S3.17 S3.20
	`AWS::S3::MultiRegionAccessPoint`	S3.24
	`AWS::S3Express::DirectoryBucket`	S3.25
Amazon SageMaker AI	`AWS::SageMaker::AppImageConfig`	SageMaker6.
	`AWS::SageMaker::Image`	SageMaker.7
	`AWS::SageMaker::Model`	SageMaker5.
	`AWS::SageMaker::NotebookInstance`	SageMaker2. SageMaker3.
AWS Secrets Manager	`AWS::SecretsManager::Secret`	SecretsManager1. SecretsManager2. SecretsManager5.
AWS Service Catalog	`AWS::ServiceCatalog::Portfolio`	ServiceCatalog1.
Amazon Simple Email Service (Amazon SES)	`AWS::SES::ConfigurationSet`	VEDI.2
Amazon Simple Email Service (Amazon SES)	`AWS::SES::ContactList`	VEDI.1
Servizio di notifica semplice Amazon (Amazon Simple Notification Service (Amazon SNS))	`AWS::SNS::Topic`	SNS.1 SNS.3 SNS.4
Amazon Simple Queue Service (Amazon SQS)	`AWS::SQS::Queue`	SQS.1 MQ. 2 MQ. 3
AWS Step Functions	`AWS::StepFunctions::StateMachine`	StepFunctions1.
AWS Step Functions	`AWS::StepFunctions::Activity`	StepFunctions2.
AWS Systems Manager (SSM)	`AWS::SSM::Document`	SSM.5
AWS Transfer Family	`AWS::Transfer::Agreement`	Trasferimento.4
	`AWS::Transfer::Certificate`	Trasferimento.5
	`AWS::Transfer::Connector`	Trasferimento.3 Trasferimento.6
	`AWS::Transfer::Profile`	Trasferimento.7
	`AWS::Transfer::Workflow`	Trasferimento.1
AWS WAF	`AWS::WAF::Rule`	WAF.6
	`AWS::WAF::RuleGroup`	WAF.7
	`AWS::WAF::WebACL`	WAF.1 WAF.8
	`AWS::WAFRegional::Rule`	WAF.2
	`AWS::WAFRegional::RuleGroup`	WAF.3
	`AWS::WAFRegional::WebACL`	WAF.4
	`AWS::WAFv2::RuleGroup`	GUERRA 12
	`AWS::WAFv2::WebACL`	WAF.10 GUERRA 11
Amazon WorkSpaces	`AWS::WorkSpaces::WorkSpace`	WorkSpaces1. WorkSpaces2.

Risorse necessarie per lo standard AWS Foundational Security Best Practices

Affinché Security Hub CSPM riporti in modo accurato i risultati relativi ai controlli attivati dalle modifiche che si applicano allo standard AWS Foundational Security Best Practices (v.1.0.0), sono abilitati e utilizzano una AWS Config regola, è necessario registrare i seguenti tipi di risorse in. AWS Config Per informazioni su questo standard, vedere. AWS Standard di best practice di sicurezza di base in Security Hub CSPM

Servizio AWS	Tipi di risorsa
Amazon API Gateway	`AWS::ApiGateway::Stage`, `AWS::ApiGatewayV2::Stage`
AWS AppSync	`AWS::AppSync::ApiCache`, `AWS::AppSync::GraphQLApi`
AWS Backup	`AWS::Backup::RecoveryPoint`
AWS Certificate Manager (ACM)	`AWS::ACM::Certificate`
AWS CloudFormation	`AWS::CloudFormation::Stack`
Amazon CloudFront	`AWS::CloudFront::Distribution`
AWS CodeBuild	`AWS::CodeBuild::Project`, `AWS::CodeBuild::ReportGroup`
Amazon Cognito	`AWS::Cognito::IdentityPool`, `AWS::Cognito::UserPool`
Amazon Connect	`AWS::Connect::Instance`
AWS DataSync	`AWS::DataSync::Task`
AWS Database Migration Service (AWS DMS)	`AWS::DMS::Endpoint`, `AWS::DMS::ReplicationInstance`, `AWS::DMS::ReplicationTask`
Amazon DynamoDB	`AWS::DynamoDB::Table`
Amazon EC2 Systems Manager (SSM)	`AWS::SSM::AssociationCompliance`, `AWS::SSM::ManagedInstanceInventory`, `AWS::SSM::PatchCompliance`
Amazon Elastic Compute Cloud (Amazon EC2)	`AWS::EC2::ClientVpnEndpoint`, `AWS::EC2::Instance`, `AWS::EC2::LaunchTemplate`, `AWS::EC2::NetworkAcl`, `AWS::EC2::NetworkInterface`, `AWS::EC2::SecurityGroup`, `AWS::EC2::SpotFleet`, `AWS::EC2::Subnet`, `AWS::EC2::TransitGateway`, `AWS::EC2::VPCBlockPublicAccessOptions`, `AWS::EC2::VPNConnection`, `AWS::EC2::Volume`
Amazon EC2 Auto Scaling	`AWS::AutoScaling::AutoScalingGroup`, `AWS::AutoScaling::LaunchConfiguration`
Amazon Elastic Container Registry (Amazon ECR)	`AWS::ECR::Repository`
Amazon Elastic Container Service (Amazon ECS)	`AWS::ECS::Cluster`, `AWS::ECS::Service`, `AWS::ECS::TaskDefinition`, `AWS::ECS::TaskSet`
Amazon Elastic File System (Amazon EFS)	`AWS::EFS::AccessPoint`, `AWS::EFS::FileSystem`
Amazon Elastic Kubernetes Service (Amazon EKS)	`AWS::EKS::Cluster`
AWS Elastic Beanstalk	`AWS::ElasticBeanstalk::Environment`
Sistema di bilanciamento del carico elastico	`AWS::ElasticLoadBalancing::LoadBalancer`, `AWS::ElasticLoadBalancingV2::Listener`, `AWS::ElasticLoadBalancingV2::LoadBalancer`
ElasticSearch	`AWS::Elasticsearch::Domain`
Amazon EMR	`AWS::EMR::SecurityConfiguration`
AWS Glue	`AWS::Glue::Job`, `AWS::Glue::MLTransform`
AWS Identity and Access Management (IAM)	`AWS::IAM::Group`, `AWS::IAM::Policy`, `AWS::IAM::Role`, `AWS::IAM::User`
Amazon Kinesis	`AWS::Kinesis::Stream`
AWS Key Management Service (AWS KMS)	`AWS::KMS::Key`
AWS Lambda	`AWS::Lambda::Function`
Amazon Managed Streaming for Apache Kafka (Amazon MSK)	`AWS::MSK::Cluster`, `AWS::KafkaConnect::Connector`
AWS Network Firewall	`AWS::NetworkFirewall::Firewall`, `AWS::NetworkFirewall::FirewallPolicy`, `AWS::NetworkFirewall::RuleGroup`
OpenSearch Servizio Amazon	`AWS::OpenSearch::Domain`
Amazon Relational Database Service (Amazon RDS)	`AWS::RDS::DBCluster`, `AWS::RDS::DBClusterSnapshot`, `AWS::RDS::DBInstance`, `AWS::RDS::DBProxy`, `AWS::RDS::DBSnapshot`, `AWS::RDS::EventSubscription`
Amazon Redshift	`AWS::Redshift::Cluster`, `AWS::Redshift::ClusterSubnetGroup`
Amazon Redshift Serverless	`AWS::RedshiftServerless::Workgroup`
Amazon Route 53	`AWS::Route53::HostedZone`
Amazon Simple Storage Service (Amazon S3)	`AWS::S3::AccessPoint`, `AWS::S3::AccountPublicAccessBlock`, `AWS::S3::Bucket`, `AWS::S3::MultiRegionAccessPoint`, `AWS::S3Express::DirectoryBucket`
Amazon SageMaker AI	`AWS::SageMaker::Model`, `AWS::SageMaker::NotebookInstance`
Servizio di notifica semplice Amazon (Amazon Simple Notification Service (Amazon SNS))	`AWS::SNS::Topic`
Amazon Simple Queue Service (Amazon SQS)	`AWS::SQS::Queue`
AWS Secrets Manager	`AWS::SecretsManager::Secret`
AWS Step Functions	`AWS::StepFunctions::StateMachine`
AWS Transfer Family	`AWS::Transfer::Connector`
AWS WAF	`AWS::WAF::Rule`, `AWS::WAF::RuleGroup`, `AWS::WAF::WebACL`, `AWS::WAFRegional::Rule`, `AWS::WAFRegional::RuleGroup`, `AWS::WAFRegional::WebACL`, `AWS::WAFv2::RuleGroup`, `AWS::WAFv2::WebACL`
Amazon WorkSpaces	`AWS::WorkSpaces::WorkSpace`

Risorse necessarie per il benchmark CIS AWS Foundations

Per eseguire controlli di sicurezza per i controlli abilitati che si applicano al benchmark Center for Internet Security (CIS) AWS Foundations, Security Hub CSPM esegue esattamente le fasi di controllo prescritte per i controlli o utilizza regole gestite specifiche. AWS Config Per informazioni su questo standard in Security Hub CSPM, vedere. Benchmark CIS AWS Foundations nel Security Hub CSPM

Risorse necessarie per CIS v3.0.0

Affinché Security Hub CSPM riporti in modo accurato i risultati dei controlli attivati da modifiche CIS v3.0.0 abilitati che utilizzano una AWS Config regola, è necessario registrare i seguenti tipi di risorse in. AWS Config

Servizio AWS	Tipi di risorsa
Amazon Elastic Compute Cloud (Amazon EC2)	`AWS::EC2::Instance`, `AWS::EC2::NetworkAcl`, `AWS::EC2::SecurityGroup`
AWS Identity and Access Management (IAM)	`AWS::IAM::Group`, `AWS::IAM::User`, `AWS::IAM::Role`
Amazon Relational Database Service (Amazon RDS)	`AWS::RDS::DBInstance`
Amazon Simple Storage Service (Amazon S3)	`AWS::S3::Bucket`

Risorse necessarie per CIS v1.4.0

Affinché Security Hub CSPM riporti in modo accurato i risultati dei controlli attivati da modifiche CIS v1.4.0 abilitati che utilizzano una AWS Config regola, è necessario registrare i seguenti tipi di risorse in. AWS Config

Servizio AWS	Tipi di risorsa
Amazon Elastic Compute Cloud (Amazon EC2)	`AWS::EC2::NetworkAcl`, `AWS::EC2::SecurityGroup`
AWS Identity and Access Management (IAM)	`AWS::IAM::Policy`, `AWS::IAM::User`
Amazon Relational Database Service (Amazon RDS)	`AWS::RDS::DBInstance`
Amazon Simple Storage Service (Amazon S3)	`AWS::S3::Bucket`

Risorse necessarie per CIS v1.2.0

Affinché Security Hub CSPM riporti in modo accurato i risultati dei controlli attivati da modifiche CIS v1.2.0 abilitati che utilizzano una AWS Config regola, è necessario registrare i seguenti tipi di risorse in. AWS Config

Servizio AWS	Tipi di risorsa
Amazon Elastic Compute Cloud (Amazon EC2)	`AWS::EC2::SecurityGroup`
AWS Identity and Access Management (IAM)	`AWS::IAM::Policy`, `AWS::IAM::User`

Risorse necessarie per lo standard NIST SP 800-53 Revisione 5

Affinché Security Hub CSPM riporti con precisione i risultati relativi ai controlli attivati dalle modifiche che si applicano allo standard NIST SP 800-53 Revisione 5, sono abilitati e utilizzano una AWS Config regola, è necessario registrare i seguenti tipi di risorse in. AWS Config Per informazioni su questo standard, vedere. NIST SP 800-53 Revisione 5 nel Security Hub CSPM

Servizio AWS	Tipi di risorsa
Amazon API Gateway	`AWS::ApiGateway::Stage`, `AWS::ApiGatewayV2::Stage`
AWS AppSync	`AWS::AppSync::GraphQLApi`
AWS Backup	`AWS::Backup::RecoveryPoint`
AWS Certificate Manager (ACM)	`AWS::ACM::Certificate`
AWS CloudFormation	`AWS::CloudFormation::Stack`
Amazon CloudFront	`AWS::CloudFront::Distribution`
Amazon CloudWatch	`AWS::CloudWatch::Alarm`
AWS CodeBuild	`AWS::CodeBuild::Project`
AWS Database Migration Service (AWS DMS)	`AWS::DMS::Endpoint`, `AWS::DMS::ReplicationInstance`, `AWS::DMS::ReplicationTask`
Amazon DynamoDB	`AWS::DynamoDB::Table`
Amazon Elastic Compute Cloud (Amazon EC2)	`AWS::EC2::ClientVpnEndpoint`, `AWS::EC2::EIP`, `AWS::EC2::Instance`, `AWS::EC2::LaunchTemplate`, `AWS::EC2::NetworkAcl`, `AWS::EC2::NetworkInterface`, `AWS::EC2::SecurityGroup`, `AWS::EC2::Subnet`, `AWS::EC2::TransitGateway`, `AWS::EC2::VPNConnection`, `AWS::EC2::Volume`
Amazon EC2 Auto Scaling	`AWS::AutoScaling::AutoScalingGroup`, `AWS::AutoScaling::LaunchConfiguration`
Amazon Elastic Container Registry (Amazon ECR)	`AWS::ECR::Repository`
Amazon Elastic Container Service (Amazon ECS)	`AWS::ECS::Cluster`, `AWS::ECS::Service`, `AWS::ECS::TaskDefinition`
Amazon Elastic File System (Amazon EFS)	`AWS::EFS::AccessPoint`
Amazon Elastic Kubernetes Service (Amazon EKS)	`AWS::EKS::Cluster`
AWS Elastic Beanstalk	`AWS::ElasticBeanstalk::Environment`
Sistema di bilanciamento del carico elastico	`AWS::ElasticLoadBalancing::LoadBalancer`, `AWS::ElasticLoadBalancingV2::Listener`, `AWS::ElasticLoadBalancingV2::LoadBalancer`
Amazon ElasticSearch	`AWS::Elasticsearch::Domain`
Amazon EMR	`AWS::EMR::SecurityConfiguration`
Amazon EventBridge	`AWS::Events::Endpoint`, `AWS::Events::EventBus`
AWS Glue	`AWS::Glue::Job`
AWS Identity and Access Management (IAM)	`AWS::IAM::Group`, `AWS::IAM::Policy`, `AWS::IAM::Role`, `AWS::IAM::User`
AWS Key Management Service (AWS KMS)	`AWS::KMS::Alias`, `AWS::KMS::Key`
Amazon Kinesis	`AWS::Kinesis::Stream`
AWS Lambda	`AWS::Lambda::Function`
Amazon Managed Streaming for Apache Kafka (Amazon MSK)	`AWS::MSK::Cluster`
Amazon MQ	`AWS::AmazonMQ::Broker`
AWS Network Firewall	`AWS::NetworkFirewall::Firewall`, `AWS::NetworkFirewall::FirewallPolicy`, `AWS::NetworkFirewall::RuleGroup`
OpenSearch Servizio Amazon	`AWS::OpenSearch::Domain`
Amazon Relational Database Service (Amazon RDS)	`AWS::RDS::DBCluster`, `AWS::RDS::DBClusterSnapshot`, `AWS::RDS::DBInstance`, `AWS::RDS::DBSnapshot`, `AWS::RDS::EventSubscription`
Amazon Redshift	`AWS::Redshift::Cluster`, `AWS::Redshift::ClusterSubnetGroup`
Amazon Route 53	`AWS::Route53::HostedZone`
Amazon Simple Storage Service (Amazon S3)	`AWS::S3::AccessPoint`, `AWS::S3::AccountPublicAccessBlock`, `AWS::S3::Bucket`
AWS Service Catalog	`AWS::ServiceCatalog::Portfolio`
Servizio di notifica semplice Amazon (Amazon Simple Notification Service (Amazon SNS))	`AWS::SNS::Topic`
Amazon Simple Queue Service (Amazon SQS)	`AWS::SQS::Queue`
Amazon EC2 Systems Manager (SSM)	`AWS::SSM::AssociationCompliance`, `AWS::SSM::ManagedInstanceInventory`, `AWS::SSM::PatchCompliance`
Amazon SageMaker AI	`AWS::SageMaker::NotebookInstance`
AWS Secrets Manager	`AWS::SecretsManager::Secret`
AWS Transfer Family	`AWS::Transfer::Connector`
AWS WAF	`AWS::WAF::Rule`, `AWS::WAF::RuleGroup`, `AWS::WAF::WebACL`, `AWS::WAFRegional::Rule`, `AWS::WAFRegional::RuleGroup`, `AWS::WAFRegional::WebACL`, `AWS::WAFv2::RuleGroup`, `AWS::WAFv2::WebACL`

Risorse necessarie per lo standard NIST SP 800-171 Revision 2

Affinché Security Hub CSPM riporti in modo accurato i risultati relativi ai controlli attivati dalle modifiche che si applicano allo standard NIST SP 800-171 Revisione 2, sono abilitati e utilizzano una AWS Config regola, è necessario registrare i seguenti tipi di risorse in. AWS Config Per informazioni su questo standard, vedere. NIST SP 800-171 Revisione 2 nel Security Hub CSPM

Servizio AWS	Tipi di risorsa
AWS Certificate Manager(ACM)	`AWS::ACM::Certificate`
Amazon API Gateway	`AWS::ApiGateway::Stage`
Amazon CloudFront	`AWS::CloudFront::Distribution`
Amazon CloudWatch	`AWS::CloudWatch::Alarm`
Amazon Elastic Compute Cloud (Amazon EC2)	`AWS::EC2::ClientVpnEndpoint`, `AWS::EC2::NetworkAcl`, `AWS::EC2::SecurityGroup`, `AWS::EC2::VPC`, `AWS::EC2::VPNConnection`
Sistema di bilanciamento del carico elastico	`AWS::ElasticLoadBalancing::LoadBalancer`
AWS Identity and Access Management(IAM)	`AWS::IAM::Policy`, `AWS::IAM::User`
AWS Key Management Service (AWS KMS)	`AWS::KMS::Alias`, `AWS::KMS::Key`
AWS Network Firewall	`AWS::NetworkFirewall::FirewallPolicy`, `AWS::NetworkFirewall::RuleGroup`
Servizio Amazon Simple Storage (Amazon S3)	`AWS::S3::Bucket`
Servizio di notifica semplice di Amazon (Amazon SNS)	`AWS::SNS::Topic`
AWS Systems Manager(SSM)	`AWS::SSM::PatchCompliance`
AWS WAF	`AWS::WAFv2::RuleGroup`

Risorse richieste per PCI DSS v3.2.1

Affinché Security Hub CSPM riporti in modo accurato i risultati dei controlli che si applicano alla versione 3.2.1 del Payment Card Industry Data Security Standard (PCI DSS), sono abilitati e utilizzano una AWS Config regola, è necessario registrare i seguenti tipi di risorse in. AWS Config Per informazioni su questo standard, vedere. PCI DSS nel Security Hub CSPM

Servizio AWS	Tipi di risorsa
AWS CodeBuild	`AWS::CodeBuild::Project`
Amazon Elastic Compute Cloud (Amazon EC2)	`AWS::EC2::EIP`, `AWS::EC2::Instance`, `AWS::EC2::SecurityGroup`
Amazon EC2 Auto Scaling	`AWS::AutoScaling::AutoScalingGroup`
AWS Identity and Access Management (IAM)	`AWS::IAM::Policy`, `AWS::IAM::User`
AWS Lambda	`AWS::Lambda::Function`
OpenSearch Servizio Amazon	`AWS::OpenSearch::Domain`
Amazon Relational Database Service (Amazon RDS)	`AWS::RDS::DBClusterSnapshot`, `AWS::RDS::DBInstance`, `AWS::RDS::DBSnapshot`
Amazon Redshift	`AWS::Redshift::Cluster`
Amazon Simple Storage Service (Amazon S3)	`AWS::S3::AccountPublicAccessBlock`, `AWS::S3::Bucket`
Amazon EC2 Systems Manager (SSM)	`AWS::SSM::AssociationCompliance`, `AWS::SSM::ManagedInstanceInventory`, `AWS::SSM::PatchCompliance`

Risorse necessarie per lo standard AWS Resource Tagging

Tutti i controlli che si applicano allo standard AWS Resource Tagging attivano una modifica e utilizzano una regola. AWS Config Affinché Security Hub CSPM riporti in modo accurato i risultati di questi controlli, è necessario registrare i seguenti tipi di risorse in. AWS Config Per informazioni su questo standard, vedere. AWS Standard di etichettatura delle risorse in Security Hub CSPM

Servizio AWS	Tipi di risorsa
AWS Amplify	`AWS::Amplify::App`, `AWS::Amplify::Branch`
Amazon AppFlow	`AWS::AppFlow::Flow`
AWS App Runner	`AWS::AppRunner::Service`, `AWS::AppRunner::VpcConnector`
AWS AppConfig	`AWS::AppConfig::Application`, `AWS::AppConfig::ConfigurationProfile`, `AWS::AppConfig::Environment`, `AWS::AppConfig::ExtensionAssociation`
AWS AppSync	`AWS::AppSync::GraphQLApi`
Amazon Athena	`AWS::Athena::DataCatalog`, `AWS::Athena::WorkGroup`
AWS Backup	`AWS::Backup::BackupPlan`, `AWS::Backup::BackupVault`, `AWS::Backup::RecoveryPlan`, `AWS::Backup::ReportPlan`
AWS Batch	`AWS::Batch::ComputeEnvironment`, `AWS::Batch::JobQueue`, `AWS::Batch::SchedulingPolicy`
AWS Certificate Manager (ACM)	`AWS::ACM::Certificate`
AWS CloudFormation	`AWS::CloudFormation::Stack`
Amazon CloudFront	`AWS::CloudFront::Distribution`
AWS CloudTrail	`AWS::CloudTrail::Trail`
AWS CodeArtifact	`AWS::CodeArtifact::Repository`
Amazon CodeGuru	`AWS::CodeGuruProfiler::ProfilingGroup`, `AWS::CodeGuruReviewer::RepositoryAssociation`
Amazon Connect	`AWS::CustomerProfiles::ObjectType`
AWS Database Migration Service (AWS DMS)	`AWS::DMS::Certificate`, `AWS::DMS::EventSubscription` `AWS::DMS::ReplicationInstance`, `AWS::DMS::ReplicationSubnetGroup`
AWS DataSync	`AWS::DataSync::Task`
Amazon Detective	`AWS::Detective::Graph`
Amazon DynamoDB	`AWS::DynamoDB::Trail`
Amazon Elastic Compute Cloud () EC2	`AWS::EC2::CustomerGateway`, `AWS::EC2::DHCPOptions`, `AWS::EC2::EIP`, `AWS::EC2::FlowLog`, `AWS::EC2::Instance`, `AWS::EC2::InternetGateway`, `AWS::EC2::LaunchTemplate`, `AWS::EC2::NatGateway`, `AWS::EC2::NetworkAcl`, `AWS::EC2::NetworkInterface`, `AWS::EC2::PrefixList`, `AWS::EC2::RouteTable`, `AWS::EC2::SecurityGroup`, `AWS::EC2::Subnet`, `AWS::EC2::TrafficMirrorFilter`, `AWS::EC2::TrafficMirrorSession`, `AWS::EC2::TrafficMirrorTarget`, `AWS::EC2::TransitGateway`, `AWS::EC2::TransitGatewayAttachment`, `AWS::EC2::TransitGatewayRouteTable`, `AWS::EC2::Volume`, `AWS::EC2::VPC`, `AWS::EC2::VPCEndpointService`, `AWS::EC2::VPCPeeringConnection`, `AWS::EC2::VPNGateway`
Amazon EC2 Auto Scaling	`AWS::AutoScaling::AutoScalingGroup`
Amazon Elastic Container Registry (Amazon ECR)	`AWS::ECR::PublicRepository`
Amazon Elastic Container Service (Amazon ECS)	`AWS::ECS::Cluster`, `AWS::ECS::Service`, `AWS::ECS::TaskDefinition`
Amazon Elastic File System (Amazon EFS)	`AWS::EFS::AccessPoint`
Amazon Elastic Kubernetes Service (Amazon EKS)	`AWS::EKS::Cluster`, `AWS::EKS::IdentityProviderConfig`
AWS Elastic Beanstalk	`AWS::ElasticBeanstalk::Environment`
ElasticSearch	`AWS::Elasticsearch::Domain`
Amazon EventBridge	`AWS::Events::EventBus`
Amazon Fraud Detector	`AWS::FraudDetector::EntityType`, `AWS::FraudDetector::Label` `AWS::FraudDetector::Outcome`, `AWS::FraudDetector::Variable`
AWS Global Accelerator	`AWS::GlobalAccelerator::Accelerator`
AWS Glue	`AWS::Glue::Job`
Amazon GuardDuty	`AWS::GuardDuty::Detector`, `AWS::GuardDuty::Filter`, `AWS::GuardDuty::IPSet`
AWS Identity and Access Management (IAM)	`AWS::IAM::Role`, `AWS::IAM::User`
AWS Identity and Access Management Access Analyzer (Analizzatore di accesso IAM)	`AWS::AccessAnalyzer::Analyzer`
AWS IoT	`AWS::IoT::Authorizer`, `AWS::IoT::Dimension`, `AWS::IoT::MitigationAction`, `AWS::IoT::Policy`, `AWS::IoT::RoleAlias`, `AWS::IoT::SecurityProfile`
AWS IoT Eventi	`AWS::IoTEvents::AlarmModel`, `AWS::IoTEvents::DetectorModel`, `AWS::IoTEvents::Input`
AWS IoT SiteWise	`AWS::IoTSiteWise::Dashboard`, `AWS::IoTSiteWise::Gateway`, `AWS::IoTSiteWise::Portal`, `AWS::IoTSiteWise::Project`
AWS IoT TwinMaker	`AWS::IoTTwinMaker::Entity`, `AWS::IoTTwinMaker::Scene`, `AWS::IoTTwinMaker::SyncJob`, `AWS::IoTTwinMaker::Workspace`
AWS IoT Wireless	`AWS::IoTWireless::FuotaTask`, `AWS::IoTWireless::MulticastGroup`, `AWS::IoTWireless::ServiceProfile`
Amazon Interactive Video Service (Amazon IVS)	`AWS::IVS::Channel`, `AWS::IVS::PlaybackKeyPair`, `AWS::IVS::RecordingConfiguration`
Amazon Keyspaces (per Apache Cassandra)	`AWS::Cassandra::Keyspace`
Amazon Kinesis	`AWS::Kinesis::Stream`
AWS Lambda	`AWS::Lambda::Function`
Amazon MQ	`AWS::AmazonMQ::Broker`
AWS Network Firewall	`AWS::NetworkFirewall::Firewall`, `AWS::NetworkFirewall::FirewallPolicy`
OpenSearch Servizio Amazon	`AWS::OpenSearch::Domain`
AWS Private Certificate Authority	`AWS::ACMPCA::CertificateAuthority`
Amazon Relational Database Service	`AWS::RDS::DBCluster`, `AWS::RDS::DBClusterSnapshot`, `AWS::RDS::DBInstance`, `AWS::RDS::DBSecurityGroup`, `AWS::RDS::DBSnapshot`, `AWS::RDS::DBSubnetGroup`
Amazon Redshift	`AWS::Redshift::Cluster`, `AWS::Redshift::ClusterParameterGroup`, `AWS::Redshift::ClusterSnapshot`, `AWS::Redshift::ClusterSubnetGroup`, `AWS::Redshift::EventSubscription`
Amazon Route 53	`AWS::Route53::HealthCheck`
Amazon SageMaker AI	`AWS::SageMaker::AppImageConfig`, `AWS::SageMaker::Image`
AWS Secrets Manager	`AWS::SecretsManager::Secret`
Amazon Simple Email Service (Amazon SES)	`AWS::SES::ConfigurationSet`, `AWS::SES::ContactList`
Servizio di notifica semplice Amazon (Amazon Simple Notification Service (Amazon SNS))	`AWS::SNS::Topic`
Amazon Simple Queue Service (Amazon SQS)	`AWS::SQS::Queue`
AWS Step Functions	`AWS::StepFunctions::Activity`
AWS Systems Manager (SSM)	`AWS::SSM::Document`
AWS Transfer Family	`AWS::Transfer::Agreement`, `AWS::Transfer::Certificate`, `AWS::Transfer::Connector`, `AWS::Transfer::Profile`, `AWS::Transfer::Workflow`

Risorse necessarie per lo standard gestito dai AWS Control Tower servizi

Affinché Security Hub CSPM riporti in modo accurato i risultati relativi ai controlli attivati dalle modifiche che si applicano allo standard di AWS Control Tower gestione dei servizi, sono abilitati e utilizzano una AWS Config regola, è necessario registrare i seguenti tipi di risorse in. AWS Config Per informazioni su questo standard, vedere. Standard di gestione dei servizi: AWS Control Tower

Servizio AWS	Tipi di risorsa
Amazon API Gateway	`AWS::ApiGateway::Stage` `AWS::ApiGatewayV2::Stage`
AWS Certificate Manager (ACM)	`AWS::ACM::Certificate`
AWS CodeBuild	`AWS::CodeBuild::Project`
Amazon DynamoDB	`AWS::DynamoDB::Table`
Amazon Elastic Compute Cloud () EC2	`AWS::EC2::Instance` `AWS::EC2::NetworkAcl` `AWS::EC2::NetworkInterface` `AWS::EC2::SecurityGroup` `AWS::EC2::Subnet` `AWS::EC2::VPNConnection` `AWS::EC2::Volume`
Amazon EC2 Auto Scaling	`AWS::AutoScaling::AutoScalingGroup` `AWS::AutoScaling::LaunchConfiguration`
Amazon Elastic Container Registry (Amazon ECR)	`AWS::ECR::Repository`
Amazon Elastic Container Service (Amazon ECS)	`AWS::ECS::Cluster` `AWS::ECS::Service` `AWS::ECS::TaskDefinition`
Amazon Elastic File System (Amazon EFS)	`AWS::EFS::AccessPoint`
Amazon EKS	`AWS::EKS::Cluster`
ElasticBeanstalk	`AWS::ElasticBeanstalk::Environment`
Sistema di bilanciamento del carico elastico	`AWS::ElasticLoadBalancing::LoadBalancer` `AWS::ElasticLoadBalancingV2::LoadBalancer`
ElasticSearch	`AWS::Elasticsearch::Domain`
AWS Identity and Access Management (IAM)	`AWS::IAM::Group` `AWS::IAM::Policy` `AWS::IAM::Role` `AWS::IAM::User`
AWS Key Management Service (AWS KMS)	`AWS::KMS::Alias` `AWS::KMS::Key`
Amazon Kinesis	`AWS::Kinesis::Stream`
AWS Lambda	`AWS::Lambda::Function`
AWS Network Firewall	`AWS::NetworkFirewall::FirewallPolicy` `AWS::NetworkFirewall::RuleGroup`
OpenSearch Servizio Amazon	`AWS::OpenSearch::Domain`
Amazon Relational Database Service (Amazon RDS)	`AWS::RDS::DBCluster` `AWS::RDS::DBClusterSnapshot` `AWS::RDS::DBInstance` `AWS::RDS::DBSnapshot` `AWS::RDS::EventSubscription`
Amazon Redshift	`AWS::Redshift::Cluster`
Amazon Simple Storage Service (Amazon S3)	`AWS::S3::AccountPublicAccessBlock` `AWS::S3::Bucket`
Servizio di notifica semplice Amazon (Amazon Simple Notification Service (Amazon SNS))	`AWS::SNS::Topic`
Amazon Simple Queue Service (Amazon SQS)	`AWS::SQS::Queue`
AWS Secrets Manager	`AWS::SecretsManager::Secret`
Amazon EC2 Systems Manager (SSM)	`AWS::SSM::AssociationCompliance` `AWS::SSM::ManagedInstanceInventory` `AWS::SSM::PatchCompliance`
AWS WAF	`AWS::WAFRegional::Rule` `AWS::WAFRegional::RuleGroup` `AWS::WAFRegional::WebACL` `AWS::WAFv2::WebACL`

Avvertimento JavaScript è disabilitato o non è disponibile nel tuo browser.

Per usare la documentazione AWS, JavaScript deve essere abilitato. Consulta le pagine della guida del browser per le istruzioni.

Convenzioni dei documenti

Controlli e punteggi di sicurezza

Pianificazione dell'esecuzione dei controlli di sicurezza