Checks whether a Resource Access Management (RAM) role is assigned to each Elastic Compute Service (ECS) instance. Instances with an assigned RAM role are evaluated as compliant.
Scenarios
Assigning a RAM role to each ECS instance simplifies permission management, improves security and access control, and improves resource utilization. This is a recommended security measure.
Risk level
Default risk level: low.
When you apply this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
-
If a RAM role is assigned to each ECS instance, the evaluation result is Compliant.
-
If a RAM role is not assigned to an ECS instance, the evaluation result is Non-compliant.
Rule details
|
Item |
Description |
|
Rule name |
ecs-instance-ram-role-attached |
|
Rule ID |
|
|
Tag |
ECS and Instance |
|
Automatic remediation |
Not supported |
|
Trigger type |
Periodic execution |
|
Evaluation frequency |
Every 24 hours |
|
Supported resource type |
ECS instance |
|
Input parameter |
None |
Non-compliance remediation
Assign a RAM role to each ECS instance. For more information, see Attach an instance RAM role to an ECS instance.