Checks whether the Security Group Type parameter of each ECS instance is set to Advanced Security Group. If so, the evaluation result is Compliant.
Scenarios
Advanced security groups offer stronger security features and management capabilities, more advanced network protection, and finer-grained access control, helping you meet security requirements across various scenarios.
Risk level
Default risk level: low.
When you apply this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
-
If the Security Group Type parameter of each ECS instance is set to Advanced Security Group, the evaluation result is Compliant.
-
If the Security Group Type parameter of an ECS instance is set to Basic Security Group, the evaluation result is Non-compliant.
Rule details
|
Parameter |
Description |
|
Rule name |
ecs-security-group-type-not-normal |
|
Rule identifier |
|
|
Tag |
SecurityGroup |
|
Automatic remediation |
Not supported |
|
Trigger type |
Configuration change |
|
Supported resource type |
ECS security groups |
|
Input parameter |
None |