All Products
Search
Document Center

Cloud Config:ecs-instance-not-bind-key-pair

Last Updated:Jun 23, 2026

Evaluates an Elastic Compute Service (ECS) instance as Compliant if no SSH key pair is attached. Use this rule in scenarios where your enterprise requires strict control over ECS instance access.

Scenarios

Attaching an SSH key pair to an ECS instance improves system security. However, exercise caution and take appropriate security measures before you attach an SSH key pair.

Risk level

Default risk level: low.

You can change the risk level based on your business requirements when you apply this rule.

Compliance evaluation logic

  • If an SSH key pair is not attached to an ECS instance, the evaluation result is Compliant.

  • If an SSH key pair is attached to an ECS instance, the evaluation result is Non-compliant.

Rule details

Item

Description

Rule name

ecs-instance-not-bind-key-pair

Rule ID

ecs-instance-not-bind-key-pair

Tag

ECS and Instance

Automatic remediation

Not supported

Trigger type

Configuration change

Supported resource type

ECS instance

Input parameter

None

Non-compliance remediation

To resolve non-compliance, detach the SSH key pair from the ECS instance. For more information, see Unbind an SSH key pair.