This topic describes the managed rules that are related to Server Load Balancer (SLB) and the rectification methods that target at non-compliant SLB instances.

Rule name: slb-delete-protection-enabled

Checks whether release protection is enabled for an SLB instance under your account.

Trigger type: configuration change

Applicable resource type: ACS::SLB::LoadBalancer

Input parameter: none

Non-compliance description: Release protection is not enabled for an SLB instance under your account. You can rectify resource non-compliance in the SLB console or by calling the SetLoadBalancerDeleteProtection operation.
  • You can turn on the Deletion Protection switch to enable release protection for the SLB instance in the SLB console.

  • You can also call the SetLoadBalancerDeleteProtection operation and set DeletionProtection to on to enable release protection for the SLB instance.

Rule name: slb-listener-https-enabled

Checks whether an HTTPS listener is configured for an SLB instance under your account.

Trigger type: configuration change

Applicable resource type: ACS::SLB::LoadBalancer

Input parameter: none

Non-compliance description: No HTTPS listener is configured for an SLB instance under your account. You can rectify resource non-compliance in the SLB console or by calling the CreateLoadBalancerHTTPSListener operation.
  • You can configure an HTTPS listener for the SLB instance in the SLB console. For more information, see Add an HTTPS listener.

  • You can also call the CreateLoadBalancerHTTPSListener operation to create an HTTPS listener for the SLB instance. For more information, see CreateLoadBalancerHTTPSListener.

Rule name: slb-loadbalancer-in-vpc

Checks whether an SLB instance under your account is deployed in a virtual private cloud (VPC). If you assign a value to the input parameter, the rule considers an SLB instance under your account as compliant if the ID of the VPC where the SLB instance is deployed is listed in the value. If you do not assign a value to the input parameter, the rule considers all the SLB instances under your account that are deployed in VPCs as compliant.

Trigger type: configuration change

Applicable resource type: ACS::SLB::LoadBalancer

Input parameter: vpcIds

It specifies the IDs of the VPCs where the SLB instances under your account are deployed. Separate multiple VPC IDs with commas (,), for example, vpc-25vk5****,vpc-6wesmaymqkgiuru5x****,vpc-8vbc16loavvujlzli****.

Non-compliance description: An SLB instance under your account is not deployed in a VPC specified in the input parameter. You can use one of the following methods to rectify resource non-compliance:
  • Rectification method 1: Purchase an SLB instance and deploy the instance in a VPC specified in the input parameter.
    Note
    • You cannot modify the network configuration of an SLB instance after it is created. Therefore, you must purchase an SLB instance if you need to deploy your SLB instance in the specified VPC.
    • You can release an SLB instance that is no longer in use. For more information about the risks and procedure of releasing an SLB instance, see Release an SLB instance.
    • For an SLB instance that is evaluated as non-compliant, you can manually release the instance if it adopts the pay-as-you-go billing method. To release an SLB instance that adopts the subscription billing method, you must submit a ticket to apply for a refund. An SLB instance can be refunded for all reasons within five days since instance creation.
    1. Log on to the SLB console and purchase an SLB instance.

      For more information, see Create an SLB instance.

    2. View the ID of the VPC where the SLB instance is deployed in the SLB console.

      In the left-side navigation pane, choose Instances > Server Load Balancers. On the Server Load Balancers page, find the target instance and view the VPC ID in the IP Address column.

    3. Log on to the Cloud Config console and add the VPC ID to the value of the input parameter.

      For more information, see Modify a rule.

  • Rectification method 2: Add the ID of the VPC where the SLB instance is deployed to the value of the input parameter. Submit the edits and click Re-evaluate on the details page of the rule.
    1. View the ID of the VPC where the SLB instance is deployed in the SLB console.

      In the left-side navigation pane, choose Instances > Server Load Balancers. On the Server Load Balancers page, find the target instance and view the VPC ID in the IP Address column.

    2. Log on to the Cloud Config console and add the VPC ID to the value of the input parameter.

      For more information, see Modify a rule.

Rule name: slb-no-public-ip

Checks whether an SLB instance under your account is associated with a public IP address. This rule is only applicable to IPv4 addresses.

Trigger type: configuration change

Applicable resource type: ACS::SLB::LoadBalancer

Input parameter: none

Non-compliance description: An SLB instance under your account is associated with a public IP address. You can rectify resource non-compliance in the SLB console or by calling the CreateLoadBalancer operation.
  • You can purchase an SLB instance and set Instance Type to Internal Network in the SLB console. For more information, see Create an SLB instance.

    Note
    • You cannot modify the network configuration of an SLB instance after it is created. Therefore, you must purchase an SLB instance if you need to associate your SLB instance with a private IP address.
    • You can release an SLB instance that is no longer in use. For more information about the risks and procedure of releasing an SLB instance, see Release an SLB instance.
    • For an SLB instance that is evaluated as non-compliant, you can manually release the instance if it adopts the pay-as-you-go billing method. To release an SLB instance that adopts the subscription billing method, you must submit a ticket to apply for a refund. An SLB instance can be refunded for all reasons within five days since instance creation.
  • You can also call the CreateLoadBalancer operation and set AddressType to intranet to create an SLB instance that is associated with a private IP address. For more information, see CreateLoadBalancer.