All Products
Search
Document Center

Cloud Config:ecs-instance-enabled-security-protection

Last Updated:Jun 16, 2026

Evaluates running Elastic Compute Service (ECS) instances as Compliant if Security Center protection is enabled.

Scenarios

Use this rule to ensure that all running ECS instances have Security Center protection enabled, improving system security.

Risk level

Default risk level: high.

You can change the risk level based on your business requirements when you apply this rule.

Compliance evaluation logic

  • If Security Center protection is enabled for all running ECS instances, the evaluation result is Compliant.
  • If Security Center protection is not enabled for all running ECS instances, the evaluation result is Incompliant. For more information about how to remediate an incompliant configuration, see Incompliance remediation.
  • ECS instances that are not in the running state are excluded from this rule.

Rule details

Item Description
Rule name ecs-instance-enabled-security-protection
Rule identifier ecs-instance-enabled-security-protection
Tag ECS, Instance, and SecurityCenter
Automatic remediation Supported
Trigger type Periodic execution
Evaluation frequency Interval of 24 hours
Supported resource type ECS instance
Input parameter None.

Incompliance remediation

Install the Security Center agent on the running ECS instance. For more information, see Install the agent.