检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Rule Logic If an ECS is associated with an available backup vault, this ECS is compliant. If an ECS is not associated with an available backup vault, this ECS is non-compliant. Parent topic: Elastic Cloud Server
If an ECS is added to any high-risk security group and does not match any tag specified by the key and value parameters, the ECS is non-compliant. Parent topic: Elastic Cloud Server
Rule Logic If an ECS has an EIP attached, this ECS is non-compliant. If an ECS instance does not have an EIP attached, this ECS instance is compliant. Parent topic: Elastic Cloud Server
Tag as Trigger Type Configuration change Filter Type as.scalingGroups Rule Parameters None Application Scenarios ELB health check determines ECS running status using a load balancing listener.
If key pair authentication is not required for ECS logging, this ECS is noncompliant. ecs-instance-no-public-ip ecs If an ECS has an EIP attached, this ECS is noncompliant. ecs-multiple-public-ip-check ecs If an ECS has multiple EIPs attached, this ECS is noncompliant. eip-bandwidth-limit
vpc If an ECS is not within the specified VPC, this ECS is noncompliant. ecs-instance-no-public-ip ecs If an ECS has an EIP attached, this ECS is noncompliant. function-graph-inside-vpc fgs If a function is not in the specified VPC, this function is noncompliant. function-graph-public-access-prohibited
attached, this file system is noncompliant. ecs-last-backup-created cbr, ecs If an ECS does not have a backup created within the specified period, this ECS is noncompliant. evs-last-backup-created cbr, evs If an EVS disk does not have a backup created within the specified period,
If the name of an ECS's image does not match any of the specified image names, this ECS is noncompliant. allowed-images-by-id ecs, ims If the ID of an ECS's image does not match any of the specified image IDs, this ECS is noncompliant. function-graph-concurrency-check fgs If the
vpc If an ECS is not within the specified VPC, this ECS is noncompliant. ecs-instance-no-public-ip ecs If an ECS has a public IP attached, this ECS is noncompliant. eip-unbound-check vpc If an EIP has not been attached to any resource, this EIP is noncompliant. elb-tls-https-listeners-only
If an ECS has multiple EIPs attached, this ECS is noncompliant. ecs-instance-no-public-ip ecs If an ECS has an EIP attached, this ECS is noncompliant. stopped-ecs-date-diff ecs If an ECS has been stopped for longer than the time allowed, and no operations have been performed on it
vpc If an ECS is not within the specified VPC, this ECS is noncompliant. ecs-instance-no-public-ip ecs If an ECS has an EIP attached, this ECS is noncompliant. eip-unbound-check vpc If an EIP has not been attached to any resource, this EIP is noncompliant. elb-tls-https-listeners-only
vpc If an ECS is not within the specified VPC, this ECS is noncompliant. 12.2 ecs-instance-no-public-ip ecs If an ECS has an EIP attached, this ECS is noncompliant. 12.2 function-graph-inside-vpc fgs If a function is not in the specified VPC, this function is noncompliant. 12.2
Cloud Server Cloud servers Bare Metal Server Cloud servers Hyper Elastic Cloud Server HECSs AS AS group DCS Memcached instance DCS Redis instance MRS Cluster VPC Flow logs Virtual Private Cloud EIPs Security groups isAssociatedWith Elastic Cloud Server Cloud servers Bare Metal Server
vpc If an ECS is not within the specified VPC, this ECS is noncompliant. ecs-instance-no-public-ip ecs If an ECS has an EIP attached, this ECS is noncompliant. eip-unbound-check vpc If an EIP has not been attached to any resource, this EIP is noncompliant. eip-use-in-specified-days
C.CS.FOUNDATION.G_3_1.R_1 Using a key pair to securely log in to an ECS ecs-instance-key-pair-login ecs If key pair authentication is not required for ECS logging, this ECS is noncompliant.
vpc If an ECS is not within the specified VPC, this ECS is noncompliant. ecs-instance-no-public-ip ecs If an ECS has an EIP attached, this ECS is noncompliant. eip-unbound-check vpc If an EIP has not been attached to any resource, this EIP is noncompliant. eip-use-in-specified-days
vpc If an ECS is not within the specified VPC, this ECS is noncompliant. function-graph-concurrency-check fgs If the number of concurrent requests of a FunctionGraph function is not within the specified range, this function is noncompliant. gaussdb-nosql-enable-disk-encryption gaussdb
If an ECS has an EIP attached, this ECS is noncompliant. elb-loadbalancers-no-public-ip elb If a load balancer has an EIP attached, this load balancer is noncompliant. elb-tls-https-listeners-only elb If any listener of a load balancer does not have the frontend protocol set to HTTPS
If an ECS has an EIP attached, this ECS is noncompliant. ecs-instance-agency-attach-iam-agency ecs If an ECS does not have any IAM agencies attached, this ECS is noncompliant. sfsturbo-encrypted-check sfsturbo If KMS encryption is not enabled for an SFS Turbo file system, this file
Table 1 Conformance package description Rule Cloud Service Description stopped-ecs-date-diff ecs If an ECS has been stopped for longer than the time allowed, and no operations have been performed on it, this ECS is noncompliant. eip-use-in-specified-days vpc If an EIP has not been
