ECS Instance Should Not Bind Public IP or Allow Any IP Access

ID: rule:aliyun:ecs-instance-no-public-and-anyip
Severity: medium
IaC Types: ROS, Terraform

Description

ECS instances should not directly bind IPv4 public IPs or Elastic IPs, and associated security groups should not expose 0.0.0.0/0. Compliant when no public IP is bound.

Reason for Violation

ECS instance has public IP allocation enabled or uses unrestricted internet bandwidth

Recommendation

Disable public IP allocation (AllocatePublicIP=false) and set InternetMaxBandwidthOut to 0. Use NAT Gateway or SLB for internet access instead.

Resource Types

ROS: ALIYUN::ECS::Instance
ROS: ALIYUN::ECS::InstanceGroup
Terraform: alicloud_instance

Description​

Reason for Violation​

Recommendation​

Resource Types​

Description

Reason for Violation

Recommendation

Resource Types