Checks whether the duration between the expiration date of a bastion host and the current is greater than a specified period of time. If so, the evaluation result is Compliant.
Scenarios
This rule applies when you need to renew a bastion host before it expires. This prevents your business from being interrupted due to an expired bastion host. Bastion hosts are automatically released when they expire. This causes data loss and affects business continuity.
Risk level
Default risk level: high.
When you apply this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
- If the duration between the expiration date of each bastion host and the current is greater than a specified period of time, the evaluation result is Compliant.
- If the duration between the expiration date of each bastion host and the current is less than or equal to a specified period of time, the evaluation result is Incompliant. For more information about how to remediate an incompliant configuration, see Incompliance remediation.
Rule details
| Item | Description |
|---|---|
| Rule name | bastionhost-instance-expired-check |
| Rule identifier | bastionhost-instance-expired-check |
| Tag | Bastionhost and ResourceExpired |
| Automatic remediation | Not supported |
| Trigger type | Configuration change and periodic execution |
| Evaluation frequency | Interval of 24 hours |
| Supported resource type | Bastion host |
| Input parameter | days. Default value: 30. Unit: days.
|
Incompliance remediation
Renew a bastion host that is about to expire within a specified period of time. For more information, see Renewal overview.