ECS instance must not allocate public IP
ID: rule:aliyun:security-ecs-instance-no-public-ip
Severity: high
IaC Types: ROS
Description
Checks ECS public exposure through direct public IP, outbound bandwidth, or EIP association.
Reason for Violation
ECS instance is exposed to the public network.
Recommendation
Disable public IP allocation, set internet outbound bandwidth to 0, and avoid direct EIP association.
Resource Types
ALIYUN::ECS::InstanceALIYUN::ECS::InstanceGroup