Control: IAM roles should not exceed tag limit
Description
Check if the number of tags on IAM roles do not exceed the limit.
Usage
Run the control in your terminal:
powerpipe control run aws_tags.control.iam_role_tag_limit
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_tags.control.iam_role_tag_limit --share
Steampipe Tables
Params
Args | Name | Default | Description | Variable |
---|---|---|---|---|
$1 | tag_limit |
|
SQL
with analysis as ( select arn, title, cardinality(array(select jsonb_object_keys(tags))) as num_tag_keys, region, account_id, tags, _ctx from aws_iam_role)select arn as resource, case when num_tag_keys > $1::integer then 'alarm' else 'ok' end as status, title || ' has ' || num_tag_keys || ' tag(s).' as reason , region, account_idfrom analysis;