Evaluates whether scaling configurations assign public IPv4 addresses to Elastic Compute Service (ECS) instances. A scaling configuration that does not assign public IPv4 addresses is evaluated as Compliant.
Scenarios
When you enable the Assign Public IP Address option in a scaling configuration, each newly created ECS instance is automatically assigned a public IPv4 address. For instances that require Internet access, we recommend that you deploy them in a virtual private cloud (VPC) and use Server Load Balancer (SLB) and NAT Gateway to manage Internet traffic.
Risk level
Default risk level: medium.
You can change the risk level based on your business requirements when you apply this rule.
Compliance evaluation logic
- If the scaling configuration does not assign public IPv4 addresses to ECS instances, the evaluation result is Compliant.
- If the scaling configuration assigns public IPv4 addresses to ECS instances, the evaluation result is Non-compliant. For information about how to remediate a non-compliant configuration, see Non-compliance remediation.
Rule details
| Item | Description |
| Rule name | ess-scaling-configuration-enabled-internet-check |
| Rule identifier | ess-scaling-configuration-enabled-internet-check |
| Tag | ESS and ScalingConfiguration |
| Automatic remediation | Not supported |
| Trigger type | Configuration change |
| Supported resource type | Scaling configuration |
| Input parameter | None |
Non-compliance remediation
Deselect the Assign Public IP Address option in the scaling configuration. For more information, see Modify a scaling configuration.