All Products
Search

This Product

    Cloud Config:resource-group-default-used-check

    Document Center

    Cloud Config:resource-group-default-used-check

    Last Updated:Oct 19, 2023

    Checks whether the resource group of each resource is not a default resource group. If so, the evaluation result is Compliant. If a resource has no resource group, the evaluation result is Not Applicable.

    Scenarios

    Resource groups are used to manage and organize resources, simplify permission control, improve availability and fault tolerance, and facilitate resource sharing and collaboration.

    Risk level

    Default risk level: medium.

    When you apply this rule, you can change the risk level based on your business requirements.

    Compliance evaluation logic

    If the resource group of each resource is not a default resource group, the evaluation result is Compliant. If a resource has no resource group, the evaluation result is Not Applicable.

    Rule details

    Parameter

    Description

    Rule name

    resource-group-default-used-check

    Rule identifier

    resource-group-default-used-check

    Automatic remediation

    Not supported

    Trigger type

    Configuration change

    Supported resource type

    • ACS::ECS::DedicatedHost

    • ACS::ECS::Disk

    • ACS::ECS::Instance

    • ACS::ECS::NetworkInterface

    • ACS::ECS::SecurityGroup

    • ACS::ECS::LaunchTemplate

    • ACS::ECS::Snapshot

    • ACS::ECS::AutoSnapshotPolicy

    • ACS::RDS::DBInstance

    • ACS::SLB::LoadBalancer

    • ACS::SLB::AccessControlList

    • ACS::SLB::ServerCertificate

    • ACS::ALB::Acl

    • ACS::ALB::ServerGroup

    • ACS::ALB::LoadBalancer

    • ACS::ALB::SecurityPolicy

    • ACS::VPC::VPC

    • ACS::NAT::NatGateway

    • ACS::VPC::DhcpOptionsSet

    • ACS::VPC::GatewayEndpoint

    • ACS::VPC::Ipv4Gateway

    • ACS::VPC::Ipv6Gateway

    • ACS::VPC::TrafficMirrorFilter

    • ACS::VPC::TrafficMirrorSession

    • ACS::EIP::EipAddress

    • ACS::CBWP::CommonBandwidthPackage

    • ACS::Alidns::Domain

    • ACS::PrivateZone::Zone

    • ACS::CDN::Domain

    • ACS::Bastionhost::Instance

    • ACS::Elasticsearch::Instance

    • ACS::Elasticsearch::Logstash

    • ACS::WAF::Domain

    • ACS::WAFV3::DefenseResource

    • ACS::Redis::DBInstance

    • ACS::PolarDB::DBCluster

    • ACS::MongoDB::DBInstance

    • ACS::ACK::Cluster

    • ACS::DRDS::DBInstance

    • ACS::DCDN::Domain

    • ACS::EDAS::Cluster

    • ACS::EDAS::Application

    • ACS::ECI::ContainerGroup

    • ACS::ADB::DBCluster

    • ACS::HBase::Cluster

    • ACS::OSS::Bucket, ACS::ROS::Stack

    • ACS::ROS::StackGroup

    • ACS::CEN::CenInstance

    • ACS::CEN::CenBandwidthPackage

    • ACS::OceanBase::Instance

    • ACS::HBR::Vault

    • ACS::HBR::HanaInstance

    • ACS::DRDS::PolarDBXInstance

    • ACS::TSDB::Instance

    • ACS::AliKafka::Instance

    • ACS::GPDB::DBInstance

    • ACS::CR::Instance

    • ACS::CR::Repository

    • ACS::CR::Namespace

    • ACS::MSE::Cluster

    • ACS::PrivateLink::VpcEndpoint

    • ACS::PrivateLink::VpcEndpointService

    • ACS::DTS::Instance

    • ACS::Ga::BasicAccelerator

    • ACS::Ga::BandwidthPackage

    • ACS::Ga::Accelerator

    • ACS::ExpressConnect::PhysicalConnection

    • ACS::EBS::DedicatedBlockStorageCluster

    • ACS::EBS::DiskReplicaGroup

    • ACS::Eflo::Cluster

    Input parameter

    None

    Non-compliance remediation

    Move the resources from a default resource group to another resource group. For more information, see Transfer resources across resource groups.