All Products
Search
Document Center

Cloud Config:ecs-security-group-type-not-normal

Last Updated:Jun 23, 2026

Checks whether the Security Group Type parameter of each ECS instance is set to Advanced Security Group. If so, the evaluation result is Compliant.

Scenarios

Advanced security groups offer stronger security features and management capabilities, more advanced network protection, and finer-grained access control, helping you meet security requirements across various scenarios.

Risk level

Default risk level: low.

When you apply this rule, you can change the risk level based on your business requirements.

Compliance evaluation logic

  • If the Security Group Type parameter of each ECS instance is set to Advanced Security Group, the evaluation result is Compliant.

  • If the Security Group Type parameter of an ECS instance is set to Basic Security Group, the evaluation result is Non-compliant.

Rule details

Parameter

Description

Rule name

ecs-security-group-type-not-normal

Rule identifier

ecs-security-group-type-not-normal

Tag

SecurityGroup

Automatic remediation

Not supported

Trigger type

Configuration change

Supported resource type

ECS security groups

Input parameter

None