Checks whether a Resource Access Management (RAM) role is assigned to each Elastic Compute Service (ECS) instance. If so, the evaluation result is Compliant.
Scenarios
Assigning a RAM role to each ECS instance can simplify permission management, improve security, implement flexible permission management and access control, and improve resource utilization. It is an recommended security measure.
Risk level
Default risk level: low.
When you apply this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
If a RAM role is assigned to each ECS instance, the evaluation result is Compliant.
If a RAM role is not assigned to an ECS instance, the evaluation result is Non-compliant.
Rule details
Item | Description |
Rule name | ecs-instance-ram-role-attached |
Rule ID | |
Tag | ECS and Instance |
Automatic remediation | Not supported |
Trigger type | Periodic execution |
Evaluation frequency | Every 24 hours |
Supported resource type | ECS instance |
Input parameter | None |
Non-compliance remediation
Assign a RAM role to each ECS instance. For more information, see Attach an instance RAM role to an ECS instance.