Checks whether the network type of each Server Load Balancer (SLB) instance is set to VPC when you do not specify the vpcIds parameter, or whether the ID of the virtual private cloud (VPC) with which the SLB instance is associated is included in the specified value of the vpcIds parameter.
Scenario
You can use VPC to control access to the SLB instance. This way, the cloud network security can be enhanced.
Risk level
Default risk level: medium.
You can change the risk level as required when you apply this rule.
Compliance evaluation logic
- If the network type of each SLB instance is set to VPC when you do not specify the vpcIds parameter, the evaluation result is compliant. If the ID of the VPC with which the SLB instance is associated is included in the specified value of the vpcIds parameter, the evaluation result is compliant.
- If the network type of an SLB instance is not set to VPC when you do not specify the vpcIds parameter, the evaluation result is non-compliant. If the ID of the VPC with which an SLB instance is associated is not included in the specified value of the vpcIds parameter, the evaluation result is non-compliant. For more information about how to correct the non-compliant configuration, see Non-compliance remediation.
Rule details
| Item | Description |
|---|---|
| Rule name | slb-loadbalancer-in-vpc |
| Rule ID | slb-loadbalancer-in-vpc |
| Tag | SLB and LoadBalancer |
| Automatic remediation | Not supported |
| Trigger type | Configuration change |
| Supported resource type | SLB instance |
| Input parameter | vpcIdsNote Separate multiple VPC IDs with commas (,).
|
Non-compliance remediation
Create an internal-facing SLB instance. For more information, see Create a CLB instance.