Checks whether the Cloud Assistant commands to be run on an Elastic Compute Service (ECS) instance contain specified sensitive content.
Scenario
Make sure that no high-risk operations are performed by running a Cloud Assistant command. This prevents configuration errors or data loss in the operating system of an ECS instance.
Risk level
Default risk level: low.
You can change the risk level as required when you apply this rule.
Compliance evaluation logic
- If the Cloud Assistant commands do not contain specified sensitive content, the configuration is considered compliant.
- If the Cloud Assistant commands contain specified sensitive content, the configuration is considered non-compliant. For more information about how to correct the non-compliant configuration, see Non-compliance remediation.
Rule details
| Item | Description |
|---|---|
| Rule name | ecs-command-exclude-sensitive-content |
| Rule ID | ecs-command-exclude-sensitive-content |
| Tag | ECS and Command |
| Automatic remediation | Not supported |
| Trigger type | Configuration change |
| Supported resource type | Cloud Assistant command |
| Input parameter | content |
Non-compliance remediation
Delete the Cloud Assistant command that contains sensitive content. For more information, see Delete a command.