Security Scenario Pack
ID: pack:aliyun:security
Description
Directory roll-up of Alibaba Cloud security packs, covering identity, network exposure, data protection, audit logging, supply chain, key management, platform security, and security group controls.
Included Rules
rule:aliyun:ack-cluster-public-endpoint-checkrule:aliyun:ack-cluster-rrsa-enabledrule:aliyun:actiontrail-trail-intact-enabledrule:aliyun:api-gateway-api-auth-requiredrule:aliyun:api-gateway-api-internet-request-httpsrule:aliyun:api-gateway-group-enabled-sslrule:aliyun:cr-repository-image-scanning-enabledrule:aliyun:cr-repository-type-privaterule:aliyun:ecs-disk-auto-snapshot-policyrule:aliyun:ecs-disk-idle-checkrule:aliyun:ecs-in-use-disk-encryptedrule:aliyun:ecs-instance-attached-security-grouprule:aliyun:ecs-instance-enabled-security-protectionrule:aliyun:ecs-instance-login-use-keypairrule:aliyun:ecs-instance-ram-role-attachedrule:aliyun:ecs-instances-in-vpcrule:aliyun:ecs-running-instance-no-public-iprule:aliyun:ecs-security-group-egress-not-all-accessrule:aliyun:ecs-security-group-not-internet-cidr-accessrule:aliyun:ecs-security-group-not-open-all-portrule:aliyun:ecs-security-group-not-open-all-protocolrule:aliyun:ecs-security-group-risky-ports-check-with-protocolrule:aliyun:ecs-security-group-white-list-port-checkrule:aliyun:elasticsearch-instance-enabled-data-node-encryptionrule:aliyun:elasticsearch-public-and-any-ip-access-checkrule:aliyun:emr-cluster-master-public-access-checkrule:aliyun:ess-scaling-configuration-enabled-internet-checkrule:aliyun:fc-service-bind-rolerule:aliyun:fc-service-internet-access-disablerule:aliyun:fc-service-vpc-bindingrule:aliyun:kms-key-rotation-enabledrule:aliyun:kms-secret-rotation-enabledrule:aliyun:mongodb-public-and-any-ip-access-checkrule:aliyun:mse-cluster-config-auth-enabledrule:aliyun:nas-filesystem-encrypt-type-checkrule:aliyun:oss-bucket-anonymous-prohibitedrule:aliyun:oss-bucket-logging-enabledrule:aliyun:oss-bucket-only-https-enabledrule:aliyun:oss-bucket-policy-no-any-anonymousrule:aliyun:oss-bucket-public-read-prohibitedrule:aliyun:oss-bucket-public-write-prohibitedrule:aliyun:oss-bucket-server-side-encryption-enabledrule:aliyun:oss-bucket-versioning-enabledrule:aliyun:oss-encryption-byok-checkrule:aliyun:polardb-cluster-enabled-sslrule:aliyun:polardb-public-and-any-ip-access-checkrule:aliyun:ram-group-has-member-checkrule:aliyun:ram-password-policy-checkrule:aliyun:ram-policy-no-statements-with-admin-access-checkrule:aliyun:ram-user-activated-ak-quantity-checkrule:aliyun:ram-user-ak-create-date-expired-checkrule:aliyun:ram-user-ak-used-expired-checkrule:aliyun:ram-user-group-membership-checkrule:aliyun:ram-user-last-login-expired-checkrule:aliyun:ram-user-login-checkrule:aliyun:ram-user-mfa-checkrule:aliyun:ram-user-no-product-admin-accessrule:aliyun:rds-instance-enabled-log-backuprule:aliyun:rds-instance-enabled-sslrule:aliyun:rds-instance-enabled-tde-disk-encryptionrule:aliyun:rds-public-access-checkrule:aliyun:rds-public-connection-and-any-ip-access-checkrule:aliyun:redis-instance-backup-log-enabledrule:aliyun:redis-instance-enabled-sslrule:aliyun:redis-instance-no-public-iprule:aliyun:redis-public-and-any-ip-access-checkrule:aliyun:root-ak-checkrule:aliyun:root-mfa-checkrule:aliyun:security-center-version-checkrule:aliyun:security-ecs-disk-encryptedrule:aliyun:security-ecs-instance-security-group-requiredrule:aliyun:security-ecs-instance-vpc-requiredrule:aliyun:security-rds-instance-vpc-requiredrule:aliyun:security-redis-instance-vpc-requiredrule:aliyun:sg-public-access-checkrule:aliyun:slb-acl-public-access-checkrule:aliyun:slb-instance-log-enabledrule:aliyun:slb-listener-https-enabledrule:aliyun:slb-listener-risk-ports-checkrule:aliyun:vpc-flow-logs-enabledrule:aliyun:vpc-network-acl-risky-ports-checkrule:aliyun:waf-instance-logging-enabled