turbot/steampipe-mod-aws-compliance

Control: 2 FSx for Lustre file systems should be configured to copy tags to backups

Description

This control checks whether an Amazon FSx for Lustre file system is configured to copy tags to backups and volumes. The control fails if the Lustre file system isn't configured to copy tags to backups and volumes.

Identification and inventory of your IT assets is an important aspect of governance and security. Tags help you categorize your AWS resources in different ways, for example, by purpose, owner, or environment. This is useful when you have many resources of the same type because you can quickly identify a specific resource based on the tags that you assigned to it.

Remediation

For information about configuring an FSx for Lustre file system to copy tags to backups, see Copying backups within the same AWS account in the Amazon FSx for Lustre User Guide.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.foundational_security_fsx_2

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.foundational_security_fsx_2 --share

SQL

This control uses a named query:

select
arn as resource,
case
when file_system_type <> 'LUSTRE' then 'skip'
when (lustre_configuration ->> 'CopyTagsToBackups')::bool then 'ok'
else 'alarm'
end as status,
case
when file_system_type <> 'LUSTRE' then title || ' is of ' || file_system_type || ' type file system.'
when (lustre_configuration ->> 'CopyTagsToBackups')::bool then title || ' copy tags to backup enabled.'
else title || ' copy tags to backup disabled.'
end as reason
, region, account_id
from
aws_fsx_file_system;

Tags