Control: 2 FSx for Lustre file systems should be configured to copy tags to backups
Description
This control checks whether an Amazon FSx for Lustre file system is configured to copy tags to backups and volumes. The control fails if the Lustre file system isn't configured to copy tags to backups and volumes.
Identification and inventory of your IT assets is an important aspect of governance and security. Tags help you categorize your AWS resources in different ways, for example, by purpose, owner, or environment. This is useful when you have many resources of the same type because you can quickly identify a specific resource based on the tags that you assigned to it.
Remediation
For information about configuring an FSx for Lustre file system to copy tags to backups, see Copying backups within the same AWS account in the Amazon FSx for Lustre User Guide.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.foundational_security_fsx_2
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.foundational_security_fsx_2 --share
SQL
This control uses a named query:
select arn as resource, case when file_system_type <> 'LUSTRE' then 'skip' when (lustre_configuration ->> 'CopyTagsToBackups')::bool then 'ok' else 'alarm' end as status, case when file_system_type <> 'LUSTRE' then title || ' is of ' || file_system_type || ' type file system.' when (lustre_configuration ->> 'CopyTagsToBackups')::bool then title || ' copy tags to backup enabled.' else title || ' copy tags to backup disabled.' end as reason , region, account_idfrom aws_fsx_file_system;