Evaluates whether the image source of each Elastic Compute Service (ECS) instance matches a specified value. If so, the configuration is considered compliant.
Scenarios
Ensure that each ECS instance uses an approved image source. Public images provided by Alibaba Cloud are fully licensed and deliver a secure, stable operating environment for applications on ECS instances.
Risk level
Default risk level: medium.
When you apply this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
- If the image source of each ECS instance matches a specified value, the configuration is considered compliant.
- If the image source of an ECS instance does not match a specified value, the configuration is considered non-compliant. For more information about how to remediate a non-compliant configuration, see Incompliance remediation.
Rule details
| Item | Description |
| Rule name | ecs-instance-image-type-check |
| Rule identifier | ecs-instance-image-type-check |
| Tag | ECS, Instance, and Image |
| Automatic remediation | Not supported |
| Trigger type | Periodic execution |
| Evaluation frequency | Every 24 hours |
| Supported resource type | ECS instance |
| Input parameter | ImageOwnerAlias. Default value: system, which indicates public images provided by Alibaba Cloud. |
Incompliance remediation
Change the image of an ECS instance. For more information, see Select an image.