Checks whether no public IPv4 address or elastic IP address (EIP) is associated with each Elastic Compute Service (ECS) instance.
Scenarios
If an ECS instance needs to access the Internet or be accessed over the Internet, we recommend that you deploy the ECS instance in a virtual private cloud (VPC) and use Server Load Balancer (SLB) and NAT Gateway to manage the Internet traffic of the ECS instance.
Risk level
Default risk level: medium.
You can change the risk level as required when you apply this rule.
Compliance evaluation logic
- If no public IPv4 address or EIP is associated with each ECS instance, the evaluation result is compliant.
- If a public IPv4 address or an EIP is associated with an ECS instance, the evaluation result is non-compliant. For more information about how to correct the non-compliant configuration, see Non-compliance remediation.
Rule details
| Item | Description |
|---|---|
| Rule name | ecs-instance-no-public-ip |
| Rule ID | ecs-instance-no-public-ip |
| Tag | ECS and Instance |
| Automatic remediation | Not supported |
| Trigger type | Configuration change |
| Supported resource type | ECS instance |
| Input parameter | None |
Non-compliance remediation
Create an ECS instance that is not associated with a public IP address. For more information, see Create an instance by using the wizard.