ECSs Have IAM Agencies Attached
Rule Details
Parameter |
Description |
---|---|
Rule Name |
ecs-instance-agency-attach-iam-agency |
Identifier |
ECSs Have IAM Agencies Attached |
Description |
If an ECS does not have any IAM agencies attached, this ECS is non-compliant. |
Tag |
ecs |
Trigger Type |
Configuration change |
Filter Type |
ecs.cloudservers |
Rule Parameters |
None |
Application Scenarios
An agency is created by the tenant administrator in IAM and provides a temporary credential for an ECS to access cloud services. You can determine whether to use an agency based on application scenarios and security requirements.
The advantages of using an agency are as follows:
- Minimum permissions: IAM agencies ensure that only the minimum permissions required to complete a task are granted.
- Simplified management: IAM agencies can be dynamically assigned, eliminating the need to manually manage credentials.
- Enhanced security: IAM agencies provide temporary security credentials, reducing the risk of credential leakage.
- Flexibility: Different tasks can use different IAM agencies, meeting diversified requirements.
The disadvantages of using an agency are as follows:
- Complex configuration: Configuring and managing IAM agencies can be complex, especially when fine-grained permissions control is required.
- Incorrect configuration: Incorrect IAM policies may prevent tasks from accessing required resources.
- Unauthorized access: Improper IAM agency configuration may cause unauthorized access or security vulnerabilities.
You are advised to use this rule only in the following scenarios:
- Multi-task environment: Tasks require different permissions.
- High security requirements: IAM agencies are required for managing permissions on sensitive data to meet high security requirements.
- Cross-service access: Tasks need to access other Huawei Cloud services, such as OBS and RDS.
Solution
Configure appropriate IAM agencies for your ECSs.
Rule Logic
- If an ECS has an IAM agency attached, this ECS is compliant.
- If an ECS does not have any IAM agencies attached, this ECS is non-compliant.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot