This topic describes the managed rules that are related to Server Load Balancer (SLB) and the methods to fix non-compliance issues.
slb-delete-protection-enabled
Checks whether deletion protection is enabled for an SLB instance of your Alibaba Cloud account.
Trigger type: configuration change
Applicable resource type: ACS::SLB::LoadBalancer
Input parameter: none
- SLB console
You can enable Deletion Protection for the SLB instance in the SLB console.
- API
You can also call the SetLoadBalancerDeleteProtection API operation. To enable deletion protection for the SLB instance, set DeletionProtection to on.
slb-listener-https-enabled
Checks whether an HTTPS listener is configured for an SLB instance of your Alibaba Cloud account.
Trigger type: configuration change
Applicable resource type: ACS::SLB::LoadBalancer
Input parameter: none
- SLB console
You can configure an HTTPS listener for the SLB instance in the SLB console. For more information, see Add an HTTPS listener.
- API
You can also call the CreateLoadBalancerHTTPSListener API operation to create an HTTPS listener for the SLB instance. For more information, see CreateLoadBalancerHTTPSListener.
slb-loadbalancer-in-vpc
Checks whether an SLB instance of your Alibaba Cloud account is deployed in a virtual private cloud (VPC). If you specify the value for the input parameter, the SLB instances that are deployed in the specified VPCs are considered as compliant. If you do not specify the value for the input parameter, the SLB instances that are deployed in all VPCs are considered as compliant.
Trigger type: configuration change
Applicable resource type: ACS::SLB::LoadBalancer
Input parameter: vpcIds. You can specify the IDs of the VPCs. Separate multiple VPC
IDs with commas (,), for example, vpc-25vk5****,vpc-6wesmaymqkgiuru5x****,vpc-8vbc16loavvujlzli****
.
- Method 1: Create an SLB instance and deploy the instance in a VPC that is specified
in the input parameter.
Note
- After you create an SLB instance, you cannot modify its network configurations. Therefore, you must create an SLB instance that follows the rules of Cloud Config.
- You can release an SLB instance that is no longer in use. For more information, see Release an SLB instance.
- You can release pay-as-you-go SLB instances in the SLB console. However, you must submit a ticket before you can release a subscription SLB instance. You can submit a ticket to apply for an unconditional refund within five days after the subscription SLB instance is created.
- Log on to the SLB console and create an SLB instance.
For more information, see Create an SLB instance.
- View the ID of the VPC where the SLB instance is deployed.
Log on to the SLB console. In the left-side navigation pane, choose Instances > Instances. On the Instances page, find the instance and view the VPC ID in the IP Address column.
- Log on to the Cloud Config console and add the VPC ID to the value of the input parameter.
For more information, see Modify a rule.
- Method 2: Add the ID of the VPC where the SLB instance is deployed to the value of
the input parameter.
- View the ID of the VPC where the SLB instance is deployed.
Log on to the SLB console. In the left-side navigation pane, choose Instances > Instances. On the Instance page, find the instance and view the VPC ID in the IP Address column.
- Log on to the Cloud Config console and add the VPC ID to the value of the input parameter.
For more information, see Modify a rule.
- View the ID of the VPC where the SLB instance is deployed.
slb-no-public-ip
Checks whether an SLB instances of your Alibaba Cloud account is associated with a public IP address. This rule is only applicable to IPv4 addresses.
Trigger type: configuration change
Applicable resource type: ACS::SLB::LoadBalancer
Input parameter: none
- SLB console
You can create an SLB instance and set Instance Type to Internal Network in the SLB console. For more information, see Create an SLB instance.
Note- After you create an SLB instance, you cannot modify its network configurations. Therefore, you must create an SLB instance that follows the rules of Cloud Config.
- You can release an SLB instance that is no longer in use. For more information, see Release an SLB instance.
- You can release pay-as-you-go SLB instances in the SLB console. However, you must submit a ticket before you can release a subscription SLB instance. You can submit a ticket to apply for an unconditional refund within five days after the subscription SLB instance is created.
- API
You can also call the CreateLoadBalancer API operation. To create an SLB instance that is associated with a private, set AddressType to intranet. For more information, see CreateLoadBalancer.