v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/aws_compliance
Overview
32Dashboards
1295Controls
585Queries
4Variables
GitHub

Control: 2.14 Ensure EC2 Auto Scaling Groups Propagate Tags to EC2 Instances that it launches

Description

Tags can help with managing, identifying, organizing, searching for, and filtering resources. Additionally, tags can help with security and compliance. Tags can be propagated from an Auto Scaling group to the EC2 instances that it launches.

Remediation

AWS Console

  1. Login to AWS Console using https://console.aws.amazon.com.
  2. Click All services and click EC2 under Compute.
  3. Select Auto Scaling Groups.
  4. Click Edit for each Auto Scaling Group.
  5. Check the Tag new instances Box for the Auto Scaling Group.
  6. Click Update.
  7. Repeat Steps 1-6 for each AWS Region used.

AWS CLI

  1. Run aws autoscaling create-or-update-tags for tags that are not set to PropogateAtLaunch for each Auto Scaling Group that does not have this property set to true.
aws autoscaling create-or-update-tags \
--tags ResourceId=example-autoscaling-group,ResourceType=auto-scaling-
group,Key=TagKey,Value=TagValue,PropagateAtLaunch=true
  1. Repeat Step 1 for each AWS Region used.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.cis_compute_service_v100_2_14

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.cis_compute_service_v100_2_14 --share

SQL

This control uses a named query:

autoscaling_group_propagate_tags_to_ec2_instance_enabled

Tags

category = Compliance
cis = true
cis_item_id = 2.14
cis_level = 1
cis_section_id = 2
cis_type = automated
cis_version = v1.0.0
plugin = aws
service = AWS/EC2