检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
attached, this file system is noncompliant. ecs-last-backup-created cbr, ecs If an ECS does not have a backup created within the specified period, this ECS is noncompliant. evs-last-backup-created cbr, evs If an EVS disk does not have a backup created within the specified period,
If the name of an ECS's image does not match any of the specified image names, this ECS is noncompliant. allowed-images-by-id ecs, ims If the ID of an ECS's image does not match any of the specified image IDs, this ECS is noncompliant. function-graph-concurrency-check fgs If the
vpc If an ECS is not within the specified VPC, this ECS is noncompliant. ecs-instance-no-public-ip ecs If an ECS has a public IP attached, this ECS is noncompliant. eip-unbound-check vpc If an EIP has not been attached to any resource, this EIP is noncompliant. elb-tls-https-listeners-only
If an ECS has multiple EIPs attached, this ECS is noncompliant. ecs-instance-no-public-ip ecs If an ECS has an EIP attached, this ECS is noncompliant. stopped-ecs-date-diff ecs If an ECS has been stopped for longer than the time allowed, and no operations have been performed on it
vpc If an ECS is not within the specified VPC, this ECS is noncompliant. ecs-instance-no-public-ip ecs If an ECS has an EIP attached, this ECS is noncompliant. eip-unbound-check vpc If an EIP has not been attached to any resource, this EIP is noncompliant. elb-tls-https-listeners-only
vpc If an ECS is not within the specified VPC, this ECS is noncompliant. 12.2 ecs-instance-no-public-ip ecs If an ECS has an EIP attached, this ECS is noncompliant. 12.2 function-graph-inside-vpc fgs If a function is not in the specified VPC, this function is noncompliant. 12.2
Cloud Server Cloud servers Bare Metal Server Cloud servers Hyper Elastic Cloud Server HECSs AS AS group DCS Memcached instance DCS Redis instance MRS Cluster VPC Flow logs Virtual Private Cloud EIPs Security groups isAssociatedWith Elastic Cloud Server Cloud servers Bare Metal Server
vpc If an ECS is not within the specified VPC, this ECS is noncompliant. ecs-instance-no-public-ip ecs If an ECS has an EIP attached, this ECS is noncompliant. eip-unbound-check vpc If an EIP has not been attached to any resource, this EIP is noncompliant. eip-use-in-specified-days
C.CS.FOUNDATION.G_3_1.R_1 Using a key pair to securely log in to an ECS ecs-instance-key-pair-login ecs If key pair authentication is not required for ECS logging, this ECS is noncompliant.
vpc If an ECS is not within the specified VPC, this ECS is noncompliant. ecs-instance-no-public-ip ecs If an ECS has an EIP attached, this ECS is noncompliant. eip-unbound-check vpc If an EIP has not been attached to any resource, this EIP is noncompliant. eip-use-in-specified-days
vpc If an ECS is not within the specified VPC, this ECS is noncompliant. function-graph-concurrency-check fgs If the number of concurrent requests of a FunctionGraph function is not within the specified range, this function is noncompliant. gaussdb-nosql-enable-disk-encryption gaussdb
If an ECS has an EIP attached, this ECS is noncompliant. elb-loadbalancers-no-public-ip elb If a load balancer has an EIP attached, this load balancer is noncompliant. elb-tls-https-listeners-only elb If any listener of a load balancer does not have the frontend protocol set to HTTPS
If an ECS has an EIP attached, this ECS is noncompliant. ecs-instance-agency-attach-iam-agency ecs If an ECS does not have any IAM agencies attached, this ECS is noncompliant. sfsturbo-encrypted-check sfsturbo If KMS encryption is not enabled for an SFS Turbo file system, this file
Table 1 Conformance package description Rule Cloud Service Description stopped-ecs-date-diff ecs If an ECS has been stopped for longer than the time allowed, and no operations have been performed on it, this ECS is noncompliant. eip-use-in-specified-days vpc If an EIP has not been
vpc If an ECS is not within the specified VPC, this ECS is noncompliant. private-nat-gateway-authorized-vpc-only nat If a private NAT gateway is not in a specified VPC, this gateway is noncompliant. vpc-sg-restricted-common-ports vpc If a security group allows all IPv4 and IPv6
For example, you can query an ECS with a specified OS version. You can use Advanced Queries to: Manage inventory. For example, you can query ECSs with certain specifications. Check security compliance of your resources.
Tag evs, ecs Trigger Type Configuration change Filter Type evs.volumes Configure Rule Parameters None Parent topic: Elastic Volume Service
PUT https://{endpoint}/v1/resource-manager/organizations/{organization_id}/policy-assignments { "organization_policy_assignment_name" : "allowed-images-by-id", "managed_policy_assignment_metadata" : { "description" : "The ECS resource is non-compliant if the image it used
}"); OrganizationPolicyAssignmentRequest body = new OrganizationPolicyAssignmentRequest(); PolicyFilterDefinition policyFilterManagedPolicyAssignmentMetadata = new PolicyFilterDefinition(); policyFilterManagedPolicyAssignmentMetadata.withResourceProvider("ecs
For example, for an ECS, the provider and type are ecs and cloudservers, and the properties contains flavor. For a VPC, the provider and type are vpc and publicips, and the properties contains bandwidth.
