Is your AWS tagging strategy following best practice? This mod checks if your AWS resource tags are set correctly to help you manage them effectively using Powerpipe and Steampipe.
lalit@Lalits-MacBook-Pro:~/WORK/Turbot/steampipe/compliance/steampipe-mod-aws-tags|fix-untagged-control-query⚡ ⇒ steampipe query
Welcome to Steampipe v0.18.0-dev.0
For more information, type .help
> select
arn as resource,
case
when tags = '{}' or tags is null then 'alarm'
else 'ok'
end as status,
case
when tags = '{}' or tags is null then title || ' has no tags.'
else title || ' has tags.'
end as reason,
tags::text,
region
from
aws_vpc_security_group
+------------------------------------------------------------------------+--------+----------------------------------+--------+-----------+
| resource | status | reason | tags | region |
+------------------------------------------------------------------------+--------+----------------------------------+--------+-----------+
| arn:aws:ec2:us-east-1:111122223333:security-group/sg-04248844bcc16931a | alarm | ec2-instance-ssh-sg has no tags. | <null> | us-east-1 |
| arn:aws:ec2:us-east-1:111122223333:security-group/sg-032d3964b79f9a9b5 | alarm | launch-wizard-1 has no tags. | <null> | us-east-1 |
| arn:aws:ec2:us-east-1:111122223333:security-group/sg-074ba8b53208ddedc | alarm | default has no tags. | <null> | us-east-1 |
| arn:aws:ec2:us-east-1:111122223333:security-group/sg-0d3dc24b68e03f111 | alarm | default has no tags. | <null> | us-east-1 |
+------------------------------------------------------------------------+--------+----------------------------------+--------+-----------+
> select
arn as resource,
case
when tags = '{}' or tags is null then 'alarm'
else 'ok'
end as status,
case
when tags = '{}' or tags is null then title || ' has no tags.'
else title || ' has tags.'
end as reason,
tags::text,
region
from
aws_wafv2_rule_group
+----------------------------------------------------------------------------------------------------+--------+-------------------+-------------------+--------+
| resource | status | reason | tags | region |
+----------------------------------------------------------------------------------------------------+--------+-------------------+-------------------+--------+
| arn:aws:wafv2:us-east-1:111122223333:global/rulegroup/testify/445d14f5-8f08-4350-9d7d-d98ed7ecdba5 | ok | testify has tags. | {"Env": "osborn"} | global |
+----------------------------------------------------------------------------------------------------+--------+-------------------+-------------------+--------+
> select
arn as resource,
case
when tags = '{}' or tags is null then 'alarm'
else 'ok'
end as status,
case
when tags = '{}' or tags is null then title || ' has no tags.'
else title || ' has tags.'
end as reason,
tags::text,
region
from
aws_rds_db_subnet_group
+-------------------------------------------------------------------------+--------+--------------------------------------------+------+-----------+
| resource | status | reason | tags | region |
+-------------------------------------------------------------------------+--------+--------------------------------------------+------+-----------+
| arn:aws:rds:us-east-1:111122223333:subgrp:default-vpc-0470811031ac30bee | alarm | default-vpc-0470811031ac30bee has no tags. | {} | us-east-1 |
| arn:aws:rds:us-east-1:111122223333:subgrp:default-vpc-0c9351b21b22877d7 | alarm | default-vpc-0c9351b21b22877d7 has no tags. | {} | us-east-1 |
| arn:aws:rds:us-east-1:111122223333:subgrp:default-vpc-0a197248c3d86a611 | alarm | default-vpc-0a197248c3d86a611 has no tags. | {} | us-east-1 |
| arn:aws:rds:us-east-1:111122223333:subgrp:default-vpc-01343fa40347236f1 | alarm | default-vpc-01343fa40347236f1 has no tags. | {} | us-east-1 |
+-------------------------------------------------------------------------+--------+--------------------------------------------+------+-----------+
LalitLab
commented
1 year ago