ecs-security-group-not-used

更新时间:
复制 MD 格式

A security group is compliant if at least one ECS instance is associated with it. Use this rule to identify and clean up idle security groups.

Scenarios

Regularly delete idle security groups to prevent resource waste and reduce management costs.

Risk level

Default risk level: medium.

You can change the risk level based on your business requirements when you apply this rule.

Compliance evaluation logic

  • If at least one ECS instance is associated with a security group, the configuration is considered compliant.
  • If no ECS instances are associated with a security group, the configuration is considered incompliant. For more information about how to remediate an incompliant configuration, see Incompliance remediation.

Rule details

Item Description
Rule name ecs-security-group-not-used
Rule identifier ecs-security-group-not-used
Tag ECS and SecurityGroup
Automatic remediation Not supported
Trigger type Configuration change
Supported resource type ECS security group
Input parameter None.

Incompliance remediation

Add an ECS instance to a security group. For more information, see Associate security groups with an instance (primary ENI).