Evaluates running Elastic Compute Service (ECS) instances as Compliant if Security Center protection is enabled.
Scenarios
Use this rule to ensure that all running ECS instances have Security Center protection enabled, improving system security.
Risk level
Default risk level: high.
You can change the risk level based on your business requirements when you apply this rule.
Compliance evaluation logic
- If Security Center protection is enabled for all running ECS instances, the evaluation result is Compliant.
- If Security Center protection is not enabled for all running ECS instances, the evaluation result is Incompliant. For more information about how to remediate an incompliant configuration, see Incompliance remediation.
- ECS instances that are not in the running state are excluded from this rule.
Rule details
| Item | Description |
| Rule name | ecs-instance-enabled-security-protection |
| Rule identifier | ecs-instance-enabled-security-protection |
| Tag | ECS, Instance, and SecurityCenter |
| Automatic remediation | Supported |
| Trigger type | Periodic execution |
| Evaluation frequency | Interval of 24 hours |
| Supported resource type | ECS instance |
| Input parameter | None. |
Incompliance remediation
Install the Security Center agent on the running ECS instance. For more information, see Install the agent.