检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
vpc If an ECS is not within the specified VPC, this ECS is noncompliant. private-nat-gateway-authorized-vpc-only nat If a private NAT gateway is not in a specified VPC, this gateway is noncompliant. vpc-sg-restricted-common-ports vpc If a security group allows all IPv4 and IPv6
For example, you can query an ECS with a specified OS version. You can use Advanced Queries to: Manage inventory. For example, you can query ECSs with certain specifications. Check security compliance of your resources.
If you have imported a public key into a Linux ECS, you can use the corresponding private key to log in to the ECS without a password.
The following is an example policy used to check whether specified images are used for ECSs. { "id": "5fa265c0aa1e6afc05a0ff07", "name": "allowed-images-by-id", "description": "An ECS image is non-compliant if its ID is not within the specific image ID range.
}"); OrganizationPolicyAssignmentRequest body = new OrganizationPolicyAssignmentRequest(); PolicyFilterDefinition policyFilterManagedPolicyAssignmentMetadata = new PolicyFilterDefinition(); policyFilterManagedPolicyAssignmentMetadata.withResourceProvider("ecs
PUT https://{endpoint}/v1/resource-manager/organizations/{organization_id}/policy-assignments { "organization_policy_assignment_name" : "allowed-images-by-id", "managed_policy_assignment_metadata" : { "description" : "The ECS resource is non-compliant if the image it used
For example, for an ECS, the provider and type are ecs and cloudservers, and the properties contains flavor. For a VPC, the provider and type are vpc and publicips, and the properties contains bandwidth.
Tag evs, ecs Trigger Type Configuration change Filter Type evs.volumes Rule Parameters None Application Scenarios EVS disks may contain sensitive data. Attached EVS disks must be encrypted.
C.CS.FOUNDATION.G_8.R_7 Enabling HSS (basic/professional/enterprise/premium edition) ecs-attached-hss-agents-check ecs If an ECS does not have an HSS agent installed or the protection mode enabled, this ECS is noncompliant. Parent topic: Conformance Package Templates
ecs.cloudservers ECS Status Check Configuration change ecs.cloudservers An ECS Must Have No More Than One EIP Configuration change ecs.cloudservers Idle ECS Check Periodic ecs.cloudservers ECSs Have IAM Agencies Attached Configuration change ecs.cloudservers Image Check by Name Configuration
Cloud Server (ECS) ECSs (ecs.cloudservers) Hyper Elastic Cloud Server (HECS) HECSs (hecs.hcloudservers) Virtual Private Cloud (VPC) VPCs (vpc.vpcs) EIPs (vpc.publicips) Elastic Volume Service (EVS) Disks (evs.volumes) Auto Scaling (AS) AS Groups Image Management Service (IMS) Images
Built-In Policies Predefined Policy List General Policies API Gateway CodeArts Deploy MapReduce Service NAT Gateway VPC Endpoint Web Application Firewall Elastic Load Balance Elastic IP Auto Scaling Scalable File Service Turbo (SFS Turbo) Elastic Cloud Server Distributed Cache Service
noncompliant. rds-instances-enable-kms rds If KMS encryption is not enabled for an RDS instance, this instance is noncompliant. sfsturbo-encrypted-check sfsturbo If KMS encryption is not enabled for an SFS Turbo file system, this file system is noncompliant. volumes-encrypted-check ecs
Example Requests PUT https://{endpoint}/v1/resource-manager/domains/{domain_id}/policy-assignments/{policy_assignment_id} { "name" : "allowed-images-by-id", "description" : "The ECS resource is non-compliant if the image it used is not in the allowed list", "parameters" : {
PUT https://{endpoint}/v1/resource-manager/domains/{domain_id}/policy-assignments { "name" : "allowed-images-by-id", "description" : "The ECS resource is non-compliant if the image it used is not in the allowed list", "parameters" : { "listOfAllowedImages" : { "value
C.CS.FOUNDATION.G_5_4.R_1 cbr-backup-encrypted-check CBR Backup Encryption Check C.CS.FOUNDATION.G_5_4.R_4 sfsturbo-last-backup-created SFSturbo Backup Time Window Check C.CS.FOUNDATION.G_5_4.R_4 evs-last-backup-created EVS Backup Time Check C.CS.FOUNDATION.G_5_4.R_4 ecs-last-backup-created ECS
Example Requests Querying all ECS IDs in the current organization POST https://{endpoint}/v1/resource-manager/domains/{domain_id}/aggregators/{aggregator_id}/run-query { "expression" : "select id from aggregator_resources where provider = 'ecs' and type = 'cloudservers'" } Example
Public services, such as Elastic Cloud Server (ECS), Elastic Volume Service (EVS), Object Storage Service (OBS), Virtual Private Cloud (VPC), Elastic IP (EIP), and Image Management Service (IMS), are shared within the same region.
Example Requests None Example Responses Status code: 200 Operation successful. { "total_count" : 2, "resource_providers" : [ { "provider" : "ecs", "display_name" : "Elastic Cloud Server (ECS)", "category_display_name" : "Compute", "resource_types" : [ { "
N/A The following JSON expression shows a non-compliant evaluation result: { "domain_id": "domainidforpolicy", "resource_id": "special-ecs1-with-public-ip-with-tag", "resource_name": "ecs1-with-public-ip-with-tag", "resource_provider": "ecs", "resource_type": "cloudservers