Checks that each security group has a non-empty description. A security group without a description is non-compliant.
Scenarios
Adding descriptions to security groups helps you identify and manage cloud resources more efficiently.
Risk level
Default risk level: Low.
You can change the risk level based on your requirements.
Detection logic
-
If a security group has a description, it is compliant.
-
If a security group does not have a description, it is non-compliant. For information about how to resolve this issue, see Remediation.
-
This rule does not apply to security groups used by Alibaba Cloud services other than ECS, such as Cloud Firewall and NAT Gateway, or by virtual server providers. Such security groups are marked as inapplicable.
NoteSecurity groups that are created in managed mode by Alibaba Cloud services other than ECS are called managed security groups. For more information about managed security groups, see Managed security groups.
Rule details
|
Parameter |
Description |
|
Rule name |
Security group description cannot be empty |
|
Rule identifier |
ecs-security-group-description-check |
|
Tag |
SecurityGroup |
|
Automatic correction |
Not supported |
|
Rule trigger mechanism |
Configuration change |
|
Supported resource types |
ECS security group |
|
Rule input parameters |
None |
Remediation
Modify the properties of the security group. For more information, see Modify a security group.