Checks whether the configuration read-only mode is enabled for each Server Load Balancer (SLB) instance.
Scenarios
After you modify the configurations of an SLB instance, high security risks may occur. Proceed with caution when you perform the operation.
Risk level
Default risk level: low.
When you apply this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
- If the configuration read-only mode is enabled for each SLB instance, the evaluation result is compliant.
- If the configuration read-only mode is disabled for an SLB instance, the evaluation result is non-compliant. For more information about how to remediate a non-compliant configuration, see Non-compliance remediation.
Rule details
| Item | Description |
|---|---|
| Rule name | slb-modify-protection-check |
| Rule ID | slb-modify-protection-check |
| Tag | SLB |
| Automatic remediation | Yes |
| Trigger type | Configuration change. |
| Supported resource type | SLB |
| Input parameter | None |
Non-compliance remediation
Enable the configuration read-only mode for an SLB instance. Call the SetLoadBalancerModificationProtection operation to enable the configuration read-only mode for the SLB instance.