ESS Scaling Configuration Internet Access Check

ID: rule:aliyun:ess-scaling-configuration-enabled-internet-check
Severity: medium

Description

Ensures that ESS scaling configurations do not enable public IP addresses for instances unless necessary.

Reason for Violation

Enabling public IPs for all instances in a scaling group increases the attack surface.

Recommendation

Use internal IPs and a NAT gateway or SLB for internet access instead of public IPs on each instance.

Resource Types

• ALIYUN::ESS::ScalingConfiguration