Skip to main content

ECS instance must not allocate public IP

ID: rule:aliyun:security-ecs-instance-no-public-ip
Severity: high
IaC Types: ROS

Description

Checks ECS public exposure through direct public IP, outbound bandwidth, or EIP association.

Reason for Violation

ECS instance is exposed to the public network.

Recommendation

Disable public IP allocation, set internet outbound bandwidth to 0, and avoid direct EIP association.

Resource Types

  • ALIYUN::ECS::Instance
  • ALIYUN::ECS::InstanceGroup