ECS Instance No Public IP
ID: rule:aliyun:ecs-running-instance-no-public-ip
Severity: high
Description
ECS instances should not have a public IP address to reduce direct internet exposure.
Reason for Violation
Public IP addresses allow direct access from the internet, increasing the attack surface.
Recommendation
Remove public IP assignment by setting AllocatePublicIP to false or using a NAT gateway for egress.
Resource Types
ALIYUN::ECS::InstanceALIYUN::ECS::InstanceGroup