Checks whether an SSH key pair is attached to an Elastic Compute Service (ECS) instance. If not, the evaluation result is Compliant. This rule applies to special scenarios where enterprises need to control access to ECS instances.
Scenarios
Attaching an SSH key pair to an ECS instance improves system security. However, proceed with caution and take corresponding security measures before you attach an SSH key pair to an ECS instance.
Risk level
Default risk level: low.
When you apply this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
If an SSH key pair is not attached to an ECS instance, the evaluation result is Compliant.
If an SSH key pair is attached to an ECS instance, the evaluation result is Non-compliant.
Rule details
Item | Description |
Rule name | ecs-instance-not-bind-key-pair |
Rule ID | |
Tag | ECS and Instance |
Automatic remediation | Not supported |
Trigger type | Configuration change |
Supported resource type | ECS instance |
Input parameter | None |
Non-compliance remediation
Detach an SSH key pair from an ECS instance. For more information, see Unbind an SSH key pair.