Benchmark: Limit
Description
The number of tags on each resource should be monitored to avoid hitting the limit unexpectedly.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-tags
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select Limit.
Run this benchmark in your terminal:
powerpipe benchmark run aws_tags.benchmark.limit
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_tags.benchmark.limit --share
Controls
- Access Analyzer analyzers should not exceed tag limit
- API Gateway stages should not exceed tag limit
- CloudFront distributions should not exceed tag limit
- CloudTrail trails should not exceed tag limit
- CloudWatch alarms should not exceed tag limit
- CloudWatch log groups should not exceed tag limit
- CodeBuild projects should not exceed tag limit
- CodeCommit repositories should not exceed tag limit
- CodePipeline pipelines should not exceed tag limit
- Config rules should not exceed tag limit
- DAX clusters should not exceed tag limit
- Directory Service directories should not exceed tag limit
- DMS replication instances should not exceed tag limit
- DynamoDB tables should not exceed tag limit
- EBS snapshots should not exceed tag limit
- EBS volumes should not exceed tag limit
- EC2 application load balancers should not exceed tag limit
- EC2 classic load balancers should not exceed tag limit
- EC2 gateway load balancers should not exceed tag limit
- EC2 instances should not exceed tag limit
- EC2 network load balancers should not exceed tag limit
- EC2 reserved instances should not exceed tag limit
- ECR repositories should not exceed tag limit
- ECS container instances should not exceed tag limit
- ECS services should not exceed tag limit
- EFS file systems should not exceed tag limit
- EKS addons should not exceed tag limit
- EKS clusters should not exceed tag limit
- EKS identity provider configs should not exceed tag limit
- Elastic beanstalk applications should not exceed tag limit
- Elastic beanstalk environments should not exceed tag limit
- ElastiCache clusters should not exceed tag limit
- ElasticSearch domains should not exceed tag limit
- EventBridge rules should not exceed tag limit
- GuardDuty detectors should not exceed tag limit
- IAM roles should not exceed tag limit
- IAM server certificates should not exceed tag limit
- IAM users should not exceed tag limit
- Inspector assessment templates should not exceed tag limit
- Kinesis firehose delivery streams should not exceed tag limit
- KMS keys should not exceed tag limit
- Lambda functions should not exceed tag limit
- RDS DB cluster parameter groups should not exceed tag limit
- RDS DB cluster snapshots should not exceed tag limit
- RDS DB clusters should not exceed tag limit
- RDS DB instances should not exceed tag limit
- RDS DB option groups should not exceed tag limit
- RDS DB parameter groups should not exceed tag limit
- RDS DB snapshots should not exceed tag limit
- RDS DB subnet groups should not exceed tag limit
- Redshift clusters should not exceed tag limit
- Route53 domains should not exceed tag limit
- Route 53 Resolver endpoints should not exceed tag limit
- S3 buckets should not exceed tag limit
- SageMaker endpoint configurations should not exceed tag limit
- SageMaker models should not exceed tag limit
- SageMaker notebook instances should not exceed tag limit
- SageMaker training jobs should not exceed tag limit
- Secrets Manager secrets should not exceed tag limit
- SSM parameters should not exceed tag limit
- VPC elastic IP addresses should not exceed tag limit
- VPC NAT gateways should not exceed tag limit
- VPC network ACLs should not exceed tag limit
- VPC security groups should not exceed tag limit
- VPCs should not exceed tag limit
- VPC VPN connections should not exceed tag limit
- WAFV2 ip sets should not exceed tag limit
- WAFV2 regex pattern sets should not exceed tag limit
- WAFV2 rule groups should not exceed tag limit
- WAFV2 web acls should not exceed tag limit