ecs-instance-attached-security-group

更新时间:
复制 MD 格式

If an Elastic Compute Service (ECS) instance belongs to a security group that you specify, the instance is evaluated as compliant.

Scenarios

Security groups act as virtual firewalls that provide Stateful Packet Inspection (SPI) and packet filtering capabilities for defining security domains in the cloud. By configuring security group rules, you can control the inbound and outbound traffic of ECS instances.

Risk level

Default risk level: high.

You can change the risk level when you apply this rule.

Compliance evaluation logic

  • An ECS instance is compliant if it is in a security group you specify for this rule.

  • An ECS instance is non-compliant if it is not in any of the specified security groups. For remediation steps, see Remediation.

Rule details

Parameter

Description

Rule name

ECS instance is in a specified security group

Rule ID

ecs-instance-attached-security-group

Tags

ECS, instance

Automatic remediation

Not supported

Trigger type

Configuration change

Supported resource types

ECS instance

Input parameters

securityGroupIds

Note

Separate multiple security group IDs with commas.

Non-compliance remediation

Change the security group of the ECS instance. For details, see Use security groups.