Free security benefits for ECS-阿里云帮助中心

Eligibility

Alibaba Cloud accounts that have not purchased Security Center via subscription or pay-as-you-go.

Important

Each Alibaba Cloud account can claim this offer only once.

Benefit details and how to claim

Benefit details

Item	Free quota	Validity period
Vulnerability remediation	20 times	3 months Examples: If the validity period starts on September 8, it ends on December 8. If the validity period starts on August 31, it ends on November 30. If the validity period starts on November 20, it ends on February 20 of the next year.
Cloud security posture management (CSPM)	1,000 authorizations An authorization is counted each time a check item for an ECS instance is successfully scanned, verified, or remediated. For example, if you scan and then verify check item A for an ECS instance, this action consumes 2 authorizations.
2-core host antivirus protection	2 cores (vCPU) per day
Basic service resource pack	Covers 24 hours of the pay-as-you-go basic service fee for Security Center each day.

How to claim

Go to the Instances page on the ECS console.
Find the target ECS instance and click the Security Protection tab.
On the benefits guide page that appears on the right, click Claim for Free and follow the on-screen instructions.

After you successfully claim the offer, a pay-as-you-go instance of Security Center is activated for you, and the host security protection, cloud security posture management (CSPM), and vulnerability remediation features are enabled. By default, Security Center performs an initial scan of your ECS instances and sets up and runs a periodic automatic check policy to promptly discover and remediate configuration risks on your ECS instances.

After claiming the benefits, the Free Security Benefits section of the console displays the free quota for each feature: 20 uses for vulnerability remediation, 1,000 uses for cloud security posture management, and 3 months for 2-core host antivirus protection.
Assign a protection edition to the ECS instance as prompted. For more information, see Manage protection editions for your servers.

If the Host Security Protection section of the Security Protection Capabilities panel shows a status of Not protected with the prompt "Antivirus protection for the current machine is not enabled. Please bind it now.", click the prompt to enable antivirus protection for the ECS instance.

Benefit deduction rules

Vulnerability remediation

Applicable scenarios: The quota is used for viewing and handling vulnerabilities.
Deduction rules: Each successful vulnerability remediation consumes one use from your quota. Failed remediation attempts do not consume the quota. A maximum of 20 uses can be deducted. The benefits expire after 3 months.

Cloud security posture management (CSPM)

Applicable scenarios: The quota is used for the scans, verifications, or remediations of billable check items in cloud security posture management, such as cloud product configuration risk checks and baseline risk checks.
Deduction rules: For a single instance, each successful scan, verification, or remediation of a single billable check item consumes one use from your quota. A maximum of 1,000 uses can be deducted. The benefits expire after 3 months.

2-core host antivirus protection

Applicable scenarios: The quota is used for resource consumption related to antivirus protection, such as virus definition updates, virus scans, and host defense. For more information about editions, see Purchase Security Center.
Deduction rules: A 2-core resource is automatically allocated each day for 3 months. The resource pack expires after the validity period.
Limitations: This benefit can be bound to only a single ECS instance. The resource pack quota cannot be split or shared with other instances.
- If you bind the resource pack to a 1-core ECS instance, the remaining 1-core quota is not used and cannot be applied to other instances.
- If you bind the resource pack to a 2-core ECS instance, the resource pack quota is fully used.
- If you bind the resource pack to an ECS instance with more than 2 cores, the portion that exceeds the quota is billed on a pay-as-you-go basis.

Basic service resource pack

Applicable scenarios: Covers the pay-as-you-go basic service fee of Security Center.

Deduction rules: For a single account, the resource pack covers 24 hours of the pay-as-you-go basic service fee of Security Center each day for 3 months. The resource pack expires after the validity period.

Billing for over-quota usage

Security Center supports two billing methods: pay-as-you-go and subscription. After your free quota is used up, services are billed on a pay-as-you-go basis by default. You can upgrade to a subscription to receive discounts.

Benefit item	Billing for overages
Vulnerability remediation	You are charged CNY 2.00 per use. Bills are settled on a daily basis. For more information, see Vulnerability remediation.
Cloud security posture management (CSPM)	You are charged based on the number of authorizations (scans + verifications + successful remediations) using a tiered pricing model. Bills are settled daily. For more information, see Billing of cloud security posture management.
2-core host antivirus protection	You are charged CNY 0.00000289 per core per second. Usage is accumulated by the second and bills are settled on a daily basis. For more information, see Pay-as-you-go billing for Security Center.
Basic service resource pack	You are charged CNY 0.05 per hour. Bills are settled on a daily basis. For more information, see Basic service fee.

Important

The security protection capabilities are automatically disabled when the trial expires. However, if you used other Security Center features beyond the three modules with free quotas (vulnerability remediation, cloud security posture management, and 2-core host antivirus protection) during the trial period, or if you enabled the Continue to use and pay after expiration switch, the security capabilities remain active. You are billed for the services on a pay-as-you-go basis after the trial expires. For more information, see Billing of Security Center.

FAQ

Q: How can I check my remaining free quota?

A: After claiming the benefits, the Free Security Benefits page displays your current usage.

The Free Security Benefits page displays the usage and expiration date for each benefit, including vulnerability remediation, cloud security posture management, and 2-core host antivirus protection. A Continue to use and pay after expiration switch is available in the upper-right corner of the page.

Q: How do I disable security services after the free quota is used up?

A: To avoid unexpected fees after your free quota is used up, follow these steps to disable the corresponding security service:

Go to the Instances page on the ECS console.
Find the target ECS instance, click the Security Protection tab, and then in the Security Protection Capabilities section on the right, click disable with one click.

Q: How do I switch to the subscription billing method?

A: You cannot directly convert a pay-as-you-go service to a subscription. To switch the billing method, follow these steps:

Log on to the Security Center console.
In the Pay-as-you-go Service area in the lower-right corner of the Overview page, disable the service.
Go to the Security Center purchase page. Set Billing Method to Subscription. For information about how to configure other parameters, see Purchase Security Center.

Q: Why wasn't my vulnerability remediation quota consumed after a vulnerability was fixed?

A: Some vulnerability fixes require a server restart. The quota is consumed only after the server restarts and the vulnerability status changes to Fixed.

If you have other questions, contact us through online support.