Checks whether the account ID of the peer interface that corresponds to the router interface for Express Connect and the account ID of the current resources reside in the same resource directory. If so, the evaluation result is Compliant. This rule applies only to enterprises for which global account groups are created in Cloud Config.
Scenarios
In the case of cross-account interconnection, the access permission control between accounts is complicated, which may lead to security compliance issues. You can use accounts in the same resource directory to improve the security and compliance of cross-account interconnection.
Risk level
Default risk level: high.
When you apply this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
If the account ID of the peer interface that corresponds to the router interface for Express Connect and the account ID of the current resources reside in the same resource directory, the evaluation result is Compliant.
If the account ID of the peer interface that corresponds to the router interface for Express Connect and the account ID of the current resources do not reside in the same resource directory, the evaluation result is Non-compliant.
Rule details
Item | Description |
Rule name | express-connect-opposite-interface-owner-check |
Rule ID | |
Tag | RD |
Automatic remediation | Not supported |
Trigger type | Periodic execution |
Evaluation frequency | Every 24 hours |
Supported resource type | Router interface |
Input parameter | None |