Checks whether an ECS instance resides in a virtual private cloud (VPC). If input parameters are specified, the instance is compliant only when its VPC falls within the specified range.
Scenarios
VPC-based deployment provides network isolation, helping secure your cloud environment.
Risk level
Default risk level: Medium.
You can change the risk level of this rule as needed.
Detection logic
-
An ECS instance is compliant if it resides in a VPC. If input parameters are specified, the instance is compliant only when its VPC falls within the specified range.
-
An ECS instance is non-compliant if it does not reside in a VPC, or if its VPC falls outside the specified parameter range. For more information about how to fix this issue, see Remediation.
-
This rule does not apply to ECS instances that are not in the running state.
Rule details
|
Parameter |
Description |
|
Rule name |
Running ECS instances in a VPC |
|
Rule identifier |
ecs-running-instances-in-vpc |
|
Tag |
ECS, VPC |
|
Auto-remediation |
Supported |
|
Rule trigger mechanism |
Configuration change |
|
Supported resource types |
ECS instance |
|
Rule input parameters |
Note
Separate multiple VPC IDs with commas. |
Remediation
To change the VPC of an ECS instance, see Change the VPC of an ECS instance.