All Products
Search
Document Center

Cloud Config:Running ECS instances in a VPC

Last Updated:Jun 18, 2026

Checks whether an ECS instance resides in a virtual private cloud (VPC). If input parameters are specified, the instance is compliant only when its VPC falls within the specified range.

Scenarios

VPC-based deployment provides network isolation, helping secure your cloud environment.

Risk level

Default risk level: Medium.

You can change the risk level of this rule as needed.

Detection logic

  • An ECS instance is compliant if it resides in a VPC. If input parameters are specified, the instance is compliant only when its VPC falls within the specified range.

  • An ECS instance is non-compliant if it does not reside in a VPC, or if its VPC falls outside the specified parameter range. For more information about how to fix this issue, see Remediation.

  • This rule does not apply to ECS instances that are not in the running state.

Rule details

Parameter

Description

Rule name

Running ECS instances in a VPC

Rule identifier

ecs-running-instances-in-vpc

Tag

ECS, VPC

Auto-remediation

Supported

Rule trigger mechanism

Configuration change

Supported resource types

ECS instance

Rule input parameters

vpcIds

Note

Separate multiple VPC IDs with commas.

Remediation

To change the VPC of an ECS instance, see Change the VPC of an ECS instance.