Evaluates an Elastic Compute Service (ECS) instance as Compliant if no SSH key pair is attached. Use this rule in scenarios where your enterprise requires strict control over ECS instance access.
Scenarios
Attaching an SSH key pair to an ECS instance improves system security. However, exercise caution and take appropriate security measures before you attach an SSH key pair.
Risk level
Default risk level: low.
You can change the risk level based on your business requirements when you apply this rule.
Compliance evaluation logic
-
If an SSH key pair is not attached to an ECS instance, the evaluation result is Compliant.
-
If an SSH key pair is attached to an ECS instance, the evaluation result is Non-compliant.
Rule details
|
Item |
Description |
|
Rule name |
ecs-instance-not-bind-key-pair |
|
Rule ID |
|
|
Tag |
ECS and Instance |
|
Automatic remediation |
Not supported |
|
Trigger type |
Configuration change |
|
Supported resource type |
ECS instance |
|
Input parameter |
None |
Non-compliance remediation
To resolve non-compliance, detach the SSH key pair from the ECS instance. For more information, see Unbind an SSH key pair.