Security Group Check by ID

Rule Details

Application Scenarios

A security group is a collection of access control rules for ECSs that have the same security requirements and are mutually trusted. After a security group is created, you can add different access rules to the security group, and these rules will apply to all ECSs added to this security group. For details, see Security Group Overview.

Security groups control the network traffic to and from ECSs in the following ways:

• Traffic filtering: You can configure security group rules to allow or deny traffic from specific IP addresses or IP address ranges. This helps prevent traffic from known malicious IP addresses.
• Port control: By specifying allowed ports, security groups can prevent access to idle or insecure services. For example, if a server does not need to provide HTTP services for external systems, you can use security group rules to forbid external access on port 80.
• Protocol restriction: Security groups can also control traffic based on different network protocols (such as TCP and UDP). This is useful for ensuring that only necessary communication types are allowed.
• Inbound and outbound rules: Inbound rules control which traffic can enter the server, while outbound rules control where the server can send data. This bidirectional control provides more comprehensive security protection.

Solution

You can change the security groups of one or more ECSs. For details, see Changing a Security Group.

Rule Logic

• The specifiedSecurityGroupIds parameter specifies the high-risk security groups.
• Any ECS that is not added to a high-risk security group is compliant.
• If an ECS is added to any high-risk security group and matches the tag specified by the key and value parameters, the ECS is compliant.
• If an ECS is added to any high-risk security group and does not match any tag specified by the key and value parameters, the ECS is non-compliant.