Checks whether a public IPv4 address or elastic IP address (EIP) is associated with each Elastic Compute Service (ECS) instance. If not, the evaluation result is Compliant.
Scenarios
If an ECS instance needs to access the Internet or be accessed over the Internet, we recommend that you deploy the ECS instance in a virtual private cloud (VPC) and use Server Load Balancer (SLB) and NAT Gateway to manage the Internet traffic of the ECS instance.
Risk level
Default risk level: medium.
When you configure this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
If no public IPv4 address or EIP is associated with each ECS instance, the evaluation result is Compliant.
If a public IPv4 address or EIP is associated with an ECS instance, the evaluation result is Incompliant. For more information about how to remediate an incompliant configuration, see Incompliance remediation.
Rule details
Item | Description |
Rule name | ecs-running-instance-no-public-ip |
Rule identifier | ecs-running-instance-no-public-ip |
Tag | ECS and Instance |
Automatic remediation | Supported |
Trigger type | Configuration change |
Supported resource type | ECS Instances |
Input parameter | None |
Incompliance remediation
Disassociate a public IPv4 address or EIP from a running ECS instance. For more information, see Create an instance by using the wizard.