Benchmark: Mandatory
Description
Resources should all have a standard set of tags applied for functions like resource organization, automation, cost control, and access control.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-tags
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select Mandatory.
Run this benchmark in your terminal:
powerpipe benchmark run aws_tags.benchmark.mandatory
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_tags.benchmark.mandatory --share
Controls
- Access Analyzer analyzers should have mandatory tags
- API Gateway stages should have mandatory tags
- CloudFront distributions should have mandatory tags
- CloudTrail trails should have mandatory tags
- CloudWatch alarms should have mandatory tags
- CloudWatch log groups should have mandatory tags
- CodeBuild projects should have mandatory tags
- CodeCommit repositories should have mandatory tags
- CodePipeline pipelines should have mandatory tags
- Config rules should have mandatory tags
- DAX clusters should have mandatory tags
- Directory Service directories should have mandatory tags
- DMS replication instances should have mandatory tags
- DynamoDB tables should have mandatory tags
- EBS snapshots should have mandatory tags
- EBS volumes should have mandatory tags
- EC2 application load balancers should have mandatory tags
- EC2 classic load balancers should have mandatory tags
- EC2 gateway load balancers should have mandatory tags
- EC2 instances should have mandatory tags
- EC2 network load balancers should have mandatory tags
- EC2 reserved instances should have mandatory tags
- ECR repositories should have mandatory tags
- ECS container instances should have mandatory tags
- ECS services should have mandatory tags
- EFS file systems should have mandatory tags
- EKS addons should have mandatory tags
- EKS clusters should have mandatory tags
- EKS identity provider configs should have mandatory tags
- Elastic beanstalk applications should have mandatory tags
- Elastic beanstalk environments should have mandatory tags
- ElastiCache clusters should have mandatory tags
- ElasticSearch domains should have mandatory tags
- EventBridge rules should have mandatory tags
- GuardDuty detectors should have mandatory tags
- IAM roles should have mandatory tags
- IAM server certificates should have mandatory tags
- IAM users should have mandatory tags
- Inspector assessment templates should have mandatory tags
- Kinesis firehose delivery streams should have mandatory tags
- KMS keys should have mandatory tags
- Lambda functions should have mandatory tags
- RDS DB clusters should have mandatory tags
- RDS DB cluster parameter groups should have mandatory tags
- RDS DB cluster snapshots should have mandatory tags
- RDS DB instances should have mandatory tags
- RDS DB option groups should have mandatory tags
- RDS DB parameter groups should have mandatory tags
- RDS DB snapshots should have mandatory tags
- RDS DB subnet groups should have mandatory tags
- Redshift clusters should have mandatory tags
- Route53 domains should have mandatory tags
- Route 53 Resolver endpoints should have mandatory tags
- S3 buckets should have mandatory tags
- SageMaker endpoint configurations should have mandatory tags
- SageMaker models should have mandatory tags
- SageMaker notebook instances should have mandatory tags
- SageMaker training jobs should have mandatory tags
- Secrets Manager secrets should have mandatory tags
- SSM parameters should have mandatory tags
- VPC elastic IP addresses should have mandatory tags
- VPCs should have mandatory tags
- VPC NAT gateways should have mandatory tags
- VPC network ACLs should have mandatory tags
- VPC security groups should have mandatory tags
- VPC VPN connections should have mandatory tags
- WAFV2 ip sets should have mandatory tags
- WAFV2 regex pattern sets should have mandatory tags
- WAFV2 rule groups should have mandatory tags
- WAFV2 web acls should have mandatory tags