Feedback would be appreciated. Once this is approved, I will finalize the pull request.
Description
Compares the tags of the EC2 instance and the related resources (VPC, SecurityGroups, ENIs, Subnet and Volumes). The rule parameters define which tag will be compared (TagName) and which infrastracture resources will be evaluated.
Trigger
Configuration Change on AWS::EC2::Instance
Reports on:
AWS::EC2::Instance
Rule Parameters:
TagName (mandatory):
The name of the Tag which is compared.
VPC (mandatory):
True/False - If True, the value of Tag "TagName" attached to this resource is compared to the value of the same Tag on the EC2 instance. If False, this resource is ignored for the evaluation.
SecurityGroups (optional):
True/False - If True, the value of Tag "TagName" attached to this resource is compared to the value of the same Tag on the EC2 instance. If False, this resource is ignored for the evaluation.
ENIs (optional):
True/False - If True, the value of Tag "TagName" attached to this resource is compared to the value of the same Tag on the EC2 instance. If False, this resource is ignored for the evaluation.
Subnet (optional):
True/False - If True, the value of Tag "TagName" attached to this resource is compared to the value of the same Tag on the EC2 instance. If False, this resource is ignored for the evaluation.
Volumes (optional):
True/False - If True, the value of Tag "TagName" attached to this resource is compared to the value of the same Tag on the EC2 instance. If False, this resource is ignored for the evaluation.
Scenarios:
Scenario 1:
Given: EC2 instance not tagged with "TagName".
Then: Return NOT_APPLICABLE
Scenario 2:
Given: Resource is not tagged with "TagName"
And: Rule Parameter for these Resources are set to "True"
Then: Return NON_COMPLIANT
Scenario 3:
Given: Resource is not tagged with "TagName"
And: Rule Parameter for these Resources are set to "False"
Then: Return COMPLIANT
Scenario 4:
Given: Resource Tag and EC2 Tag do not match
And: Rule Parameter for this Resource is set to "True"
Then: Return NON_COMPLIANT
Scenario 5:
Given: Resource Tag and EC2 Tag do not match
And: Rule Parameter for these Resources are set to "False"
Then: Return COMPLIANT
Scenario 6:
Given: Resource Tag and EC2 Tag do match
And: Rule Parameter for these Resources are set to "True"
Then: Return COMPLIANT
Feedback would be appreciated. Once this is approved, I will finalize the pull request.