Checks whether the description of each security group is empty. If not, the evaluation result is Compliant.

Scenarios

This rule applies when you need to specify an appropriate description for each security group. This helps you manage cloud resources with high efficiency.

Risk level

Default risk level: low.

When you apply this rule, you can change the risk level based on your business requirements.

Compliance evaluation logic

  • If the description of each security group is not empty, the evaluation result is Compliant.
  • If the description of a security group is empty, the evaluation result is Incompliant. For more information about how to remediate an incompliant configuration, see Incompliance remediation.
  • This rule applies only to Elastic Compute Service (ECS). This rule does not apply to other Alibaba Cloud services, such as Cloud Firewall (CFW) and NAT Gateway, or security groups that are used by virtual network operators (VNOs).
    Note Security groups that are created by using Alibaba Cloud services except ECS in managed mode are called managed security groups. For more information about managed security groups, see Managed security groups.

Rule details

Item Description
Rule name ecs-security-group-description-check
Rule identifier ecs-security-group-description-check
Tag SecurityGroup
Automatic remediation Not supported
Trigger type Configuration change
Supported resource type ECS security group
Input parameter None.

Incompliance remediation

Modify the attributes of each security group rule. For more information, see Modify a security group.