Checks whether a service role is enabled for Function Compute. If so, the evaluation result is Compliant. This helps prevent security risks caused by exposed Alibaba Cloud account secrets.
Scenarios
Use this rule to verify that Function Compute services are configured with service roles, which improve security, reliability, performance, and scalability. Service roles provide a recommended mechanism for authorization and access control.
Risk level
Default risk level: low.
You can change the risk level based on your business requirements.
Compliance evaluation logic
-
If a service role is enabled for Function Compute, the evaluation result is Compliant.
-
If a service role is not enabled for Function Compute, the evaluation result is Non-compliant.
Rule details
|
Item |
Description |
|
Rule name |
fc-service-bind-role |
|
Rule identifier |
|
|
Tag |
Role |
|
Automatic remediation |
Not supported |
|
Trigger type |
Periodic execution |
|
Evaluation frequency |
Every 24 hours |
|
Supported resource type |
Function Compute |
|
Input parameter |
None |
Non-compliance remediation
Enable a service role for Function Compute. For more information, see Grant permissions to a RAM user by using an Alibaba Cloud account.