Is your AWS tagging strategy following best practice? This mod checks if your AWS resource tags are set correctly to help you manage them effectively using Powerpipe and Steampipe.
Updates in this PR :-
When a resource has no tags, kept the reason as it is and updated the status to ‘skip’ earlier the status was ‘ok’
When a resource has tags but none of those tags match the tag keys in the expected_tag_values var, then have updated the reason to say the resource has no matching tag keys and status to ‘skip’ earlier this condition was not addressed so it was coming as false positive with status ‘ok’ and reason has expected tag values for tags: CostCenter, Environment, created_by .
Current Output :-
steampipe-mod-aws-tags % steampipe check control.s3_bucket_expected_tag_values
+ S3 buckets should have appropriate tag values .......................................................................... 1 / 6 [==========]
|
ALARM: steampipe-expected-tag-alarm-pc has unexpected tag values for tags: CostCenter, Environment. ............... ap-south-1 211111111111
OK : steampipe-tag-test-pc has expected tag values for tags: CostCenter, Environment, created_by. ............... ap-south-1 211111111111
SKIP : steampipe-other-tags-test-pc resource has no matching tag keys. ............................................ ap-south-1 211111111111
SKIP : aws-cloudtrail-logs-211111111111-ad80af06 has no tags. ..................................................... ap-south-1 211111111111
SKIP : elasticbeanstalk-us-east-1-211111111111 has no tags. ........................................................ us-east-1 211111111111
SKIP : elasticbeanstalk-us-east-2-211111111111 has no tags. ........................................................ us-east-2 211111111111
Summary
OK ........................................................................................................................... 1 [== ]
SKIP ......................................................................................................................... 4 [======= ]
INFO ......................................................................................................................... 0 [ ]
ALARM ........................................................................................................................ 1 [== ]
ERROR ........................................................................................................................ 0 [ ]
TOTAL .................................................................................................................... 1 / 6 [==========]
Earlier Output :-
steampipe-mod-aws-tags % steampipe check control.s3_bucket_expected_tag_values
+ S3 buckets should have appropriate tag values ...................................................... 1 / 6 [==========]
|
ALARM: steampipe-expected-tag-alarm-pc has unexpected tag values for tags: CostCenter, Environment. ......... ap-south-1 211111111111
OK : steampipe-other-tags-test-pc has expected tag values for tags: CostCenter, Environment, created_by. ........ ap-south-1 211111111111
OK : steampipe-tag-test-pc has expected tag values for tags: CostCenter, Environment, created_by. ........ ap-south-1 211111111111
OK : aws-cloudtrail-logs-211111111111-ad80af06 has no tags. ................. ap-south-1 211111111111
OK : elasticbeanstalk-us-east-1-211111111111 has no tags. .................. us-east-1 211111111111
OK : elasticbeanstalk-us-east-2-211111111111 has no tags. ......................... us-east-2 211111111111
Summary
OK ..................................... 5 [========= ]
SKIP ................................... 0 [ ]
INFO ............................ 0 [ ]
ALARM .............................. 1 [== ]
ERROR .................................. 0 [ ]
TOTAL ............................ 1 / 6 [==========]
Updates in this PR :- When a resource has no tags, kept the reason as it is and updated the status to ‘skip’ earlier the status was ‘ok’ When a resource has tags but none of those tags match the tag keys in the expected_tag_values var, then have updated the reason to say the resource has no matching tag keys and status to ‘skip’ earlier this condition was not addressed so it was coming as false positive with status ‘ok’ and reason has expected tag values for tags: CostCenter, Environment, created_by . Current Output :-
Earlier Output :-