Help Center> Elastic Cloud Server> User Guide (ME-Abu Dhabi Region)> Security> Protection for Mission-Critical Operations
Updated on 2024-04-15 GMT+08:00
View PDF

Protection for Mission-Critical Operations

Scenarios

ECS protects against mission-critical operations. If you want to perform a mission-critical operation on the management console, you must enter a credential for identity verification. You can perform the operation only after your identity is verified. For account security, it is a good practice to enable operation protection. The setting will take effect for both the account and users under the account.

The following operations can be protected: Stop, restart, or delete an ECS; detach a disk from an ECS; unbind an EIP from an ECS.

Enabling Operation Protection

Operation protection is disabled by default. Perform the following operations to enable it:

  1. Log in to the management console.
  2. Click . Under Management & Deployment, choose Identity and Access Management.
  3. In the left navigation pane of the IAM console, choose Security Settings.
  4. On the Security Settings page, choose Critical Operations > Operation Protection > Enable.
    Figure 1 Critical Operations
  5. On the Operation Protection page, select Enable to enable operation protection.
    When you or the IAM users under your account perform critical operations, for example, deleting ECS resources, you are required to enter a verification code based on the selected verification method.
    Figure 2 Operation Protection
    • When performing a critical operation, you will be asked to choose a verification method from email, SMS, and virtual MFA device.
      • If you have bound only a mobile number, only SMS verification is available.
      • If you have bound only an email address, only email verification is available.
      • If you have not bound an email address, mobile number, or virtual MFA device, you are required to bind one to continue with the critical operation.
    • You can change the mobile number, email address, and virtual MFA device on the Account Settings page.

Verifying an Identity

After operation protection is enabled, when you perform a mission-critical operation, the system will verify your identity.

  • If you have bound an email address, enter the email verification code.
  • If you have bound a mobile number, enter the SMS verification code.
  • If you have bound a virtual MFA device, enter a 6-digit dynamic verification code of the MFA device.

When you attempt to stop an ECS, select a verification method.

Figure 3 Identity Verification
Figure 4 Identity Verification

Disabling Operation Protection

Perform the following operations to disable operation protection.

  1. Log in to the management console.
  2. Click . Under Management & Deployment, choose Identity and Access Management.
  3. In the left navigation pane of the IAM console, choose Security Settings.
  4. On the Security Settings page, choose Critical Operations > Operation Protection > Change.
    Figure 5 Modifying operation protection settings
  5. On the Operation Protection page, select Disable and click OK.
    Figure 6 Disabling Operation Protection

Helpful Links

Parent topic: Security