Azure and GCP Perimeter Security, CIS Updates, and Enhanced Plugins →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-alicloud-compliance
Overview
1Dashboards
78Benchmarks
40Queries
2Variables
GitHub

Control: 3.1 Ensure legacy networks does not exist

Description

In order to prevent use of legacy networks, ECS instances should not have a legacy network configured.

Remediation

From Console

  1. Logon to ECS Console.
  2. In the left-side navigation pane, choose Instance & Image > Instances.
  3. Click Create Instance.
  4. Specify the basic instance information required by following the instruction and click Next: Networking.
  5. Select the Network Type of VPC.

Usage

Run the control in your terminal:

powerpipe control run alicloud_compliance.control.cis_v100_3_1

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run alicloud_compliance.control.cis_v100_3_1 --share

SQL

This control uses a named query:

select
  arn as resource,
  case
    when instance_network_type = 'vpc' then 'ok'
    else 'alarm'
  end as status,
  case
    when instance_network_type = 'vpc' then title || ' has VPC network.'
    else title || ' has legacy network.'
  end as reason
  
  , account_id as account_id, region as region
from
  alicloud_ecs_instance;

Tags

category = Compliance
cis = true
cis_item_id = 3.1
cis_level = 1
cis_section_id = 3
cis_type = manual
cis_version = v1.0.0
plugin = alicloud
service = AliCloud/ECS