Creating a rule for tags using AWS Guard Rules

0

We have a specific AMI we use for creating ec2 instances that have a specific application installed.

I'd like to create a rule within AWS Guard Rules that makes sure people are creating the required tags and providing the required values within the keys.

I've tried to use regex and other AWS specific rulesets such as what's listed below but receive the same error, also shown below. Does anyone have any basic rules I can use as a template and I can work from there?

Error

error: error one or more of the specified parameters are invalid.aws guard rule

Code I Searched From GitHub Search

AWS::EC2::VPC Tags == /."Key":"Environment"./ << the mandatory Tag: Environment is not specified AWS::EC2::VPC Tags == /."Key":"ApplicationName"./ << the mandatory Tag: ApplicationName is not specified

Code I Searched From regex

policies: name: ec2-tag-compliance amazon.aws.ec2_tag: region: us-east-1 resource: ec2 filters:

rule check_applepie_year {
let applepie_regex = /ApplePie-(?!0000)\d{4}/
Resources.*[ Type == "AWS::EC2::Instance" ] {
    Properties.Tags[?Key == "Name"].Value == %appplepie_regex
}

}

<<You must follow the format - ApplePie-urlprefix-4digityear-city Example: ApplePie-crusty2023-NY

rule check_tags { Metadata.Tags.Application << /(?i)ApplePie/ Metadata.Tags.Environment << /(?i)Acceptance/ Metadata.Tags.Platform << /(?i)RedHat/ }

<< You must have the following tags - Application, Environment, Platform The key values must contain - Apollo, Production, Ubuntu

let required_tags = ["Project Code", "Web_URL"] rule check_tags { Resources.[ Type == "AWS::EC2::Instance" ] { Properties.Tags[].Key IN %required_tags Properties.Tags[*].Value NOT_EMPTY } }

<< You must have the following tags - Project Code, Web_URL The key values must contain - Requesters project code, URL to be used by clients

actions:
  - stop
질문됨 9달 전413회 조회
1개 답변
0

You can seen the built in required-tags rule for Config? https://docs.aws.amazon.com/config/latest/developerguide/required-tags.html

This checks for a tag but not the value. Does this work or do you need to check value?

profile picture
전문가
답변함 9달 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠