If the name of the operating system for the Elastic Compute Service (ECS) instance is included in a specified whitelist or is not included in a specified blacklist, the evaluation result is Compliant.
Scenarios
We recommend that you create an ECS instance that is deployed in a virtual private cloud (VPC) to isolate the network and ensure network security in the cloud.
Risk level
Default risk level: low.
When you apply this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
- If the name of the operating system for the ECS instance is included in a specified whitelist or is not included in a specified blacklist, the evaluation result is Compliant.
- If the name of the operating system for the ECS instance is not included in a specified whitelist or is included in a specified blacklist, the evaluation result is Incompliant. For more information about how to remediate an incompliant configuration, see the "Incompliance remediation" section of this topic.
Rule details
| Parameter | Description |
|---|---|
| Rule name | ecs-instance-os-name-check |
| Rule identifier | ecs-instance-os-name-check |
| Tag | ECS, Instance, and Image |
| Automatic remediation | Supported |
| Trigger type | Periodic execution |
| Evaluation frequency | Interval of 24 hours |
| Supported resource type | ECS instances |
| Input parameter |
Note Specify only one of these parameters. Separate multiple OS names with commas (,).
|
Incompliance remediation
Configure operating systems that are included in the whitelist or not included in the blacklist for ECS instances. For more information, see Select an image.