Benchmark: Untagged
Description
Untagged resources are difficult to monitor and should be identified and remediated.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-tagsStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select Untagged.
Run this benchmark in your terminal:
powerpipe benchmark run aws_tags.benchmark.untaggedSnapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_tags.benchmark.untagged --shareControls
- Access Analyzer analyzers should be tagged
- API Gateway stages should be tagged
- CloudFront distributions should be tagged
- CloudTrail trails should be tagged
- CloudWatch alarms should be tagged
- CloudWatch log groups should be tagged
- CodeBuild projects should be tagged
- CodeCommit repositories should be tagged
- CodePipeline pipelines should be tagged
- Config rules should be tagged
- DAX clusters should be tagged
- Directory Service directories should be tagged
- Dms replication instances should be tagged
- DynamoDB tables should be tagged
- EBS snapshots should be tagged
- EBS volumes should be tagged
- EC2 application load balancers should be tagged
- EC2 classic load balancers should be tagged
- EC2 gateway load balancers should be tagged
- EC2 instances should be tagged
- EC2 network load balancers should be tagged
- EC2 reserved instances should be tagged
- ECR repositories should be tagged
- ECS container instances should be tagged
- ECS services should be tagged
- EFS file systems should be tagged
- EKS addons should be tagged
- EKS clusters should be tagged
- EKS identity provider configs should be tagged
- Elastic beanstalk applications should be tagged
- Elastic beanstalk environments should be tagged
- ElastiCache clusters should be tagged
- ElasticSearch domains should be tagged
- EventBridge rules should be tagged
- GuardDuty detectors should be tagged
- IAM roles should be tagged
- IAM server certificates should be tagged
- IAM users should be tagged
- Inspector assessment templates should be tagged
- Kinesis firehose delivery streams should be tagged
- KMS keys should be tagged
- Lambda functions should be tagged
- RDS DB cluster parameter groups should be tagged
- RDS DB cluster snapshots should be tagged
- RDS DB clusters should be tagged
- RDS DB instances should be tagged
- RDS DB option groups should be tagged
- RDS DB parameter groups should be tagged
- RDS DB snapshots should be tagged
- RDS DB subnet groups should be tagged
- Redshift clusters should be tagged
- Route53 domains should be tagged
- Route 53 Resolver endpoints should be tagged
- S3 buckets should be tagged
- SageMaker endpoint configurations should be tagged
- SageMaker models should be tagged
- SageMaker notebook instances should be tagged
- SageMaker training jobs should be tagged
- Secrets Manager secrets should be tagged
- SSM parameters should be tagged
- VPC elastic IP addresses should be tagged
- VPC NAT gateways should be tagged
- VPC network ACLs should be tagged
- VPC security groups should be tagged
- VPCs should be tagged
- VPC VPN connections should be tagged
- WAFV2 ip sets should be tagged
- WAFV2 regex pattern sets should be tagged
- WAFV2 rule groups should be tagged
- WAFV2 web acls should be tagged