required-tags - AWS Config

required-tags

Checks if your resources have the tags that you specify. For example, you can check whether your Amazon EC2 instances have the CostCenter tag. Separate multiple values with commas. You can check up to 6 tags at a time.

The AWS-managed AWS Systems Manager automation document AWS-SetRequiredTags does not work as a remediation with this rule. You will need to create your own custom Systems Manager automation documentation for remediation.

Important

The supported resource types for this rule are as follows:

  • ACM::Certificate

  • AutoScaling::AutoScalingGroup

  • CloudFormation::Stack

  • CodeBuild::Project

  • DynamoDB::Table

  • EC2::CustomerGateway

  • EC2::Instance

  • EC2::InternetGateway

  • EC2::NetworkAcl

  • EC2::NetworkInterface

  • EC2::RouteTable

  • EC2::SecurityGroup

  • EC2::Subnet

  • EC2::Volume

  • EC2::VPC

  • EC2::VPNConnection

  • EC2::VPNGateway

  • ElasticLoadBalancing::LoadBalancer

  • ElasticLoadBalancingV2::LoadBalancer

  • RDS::DBInstance

  • RDS::DBSecurityGroup

  • RDS::DBSnapshot

  • RDS::DBSubnetGroup

  • RDS::EventSubscription

  • Redshift::Cluster

  • Redshift::ClusterParameterGroup

  • Redshift::ClusterSecurityGroup

  • Redshift::ClusterSnapshot

  • Redshift::ClusterSubnetGroup

  • S3::Bucket

Identifier: REQUIRED_TAGS

Resource Types: AWS::ACM::Certificate, AWS::AutoScaling::AutoScalingGroup, AWS::CloudFormation::Stack, AWS::CodeBuild::Project, AWS::DynamoDB::Table, AWS::EC2::CustomerGateway, AWS::EC2::Instance, AWS::EC2::InternetGateway, AWS::EC2::NetworkAcl, AWS::EC2::NetworkInterface, AWS::EC2::RouteTable, AWS::EC2::SecurityGroup, AWS::EC2::Subnet, AWS::EC2::Volume, AWS::EC2::VPC, AWS::EC2::VPNConnection, AWS::EC2::VPNGateway, AWS::ElasticLoadBalancing::LoadBalancer, AWS::ElasticLoadBalancingV2::LoadBalancer, AWS::RDS::DBInstance, AWS::RDS::DBSecurityGroup, AWS::RDS::DBSnapshot, AWS::RDS::DBSubnetGroup, AWS::RDS::EventSubscription, AWS::Redshift::Cluster, AWS::Redshift::ClusterParameterGroup, AWS::Redshift::ClusterSecurityGroup, AWS::Redshift::ClusterSnapshot, AWS::Redshift::ClusterSubnetGroup, AWS::S3::Bucket

Trigger type: Configuration changes

AWS Region: All supported AWS regions

Parameters:

tag1Key
Type: String
Default: CostCenter

Key of the required tag.

tag1Value (Optional)
Type: CSV

Optional value of the required tag. Separate multiple values with commas.

tag2Key (Optional)
Type: String

Key of a second required tag.

tag2Value (Optional)
Type: CSV

Optional value of the second required tag. Separate multiple values with commas.

tag3Key (Optional)
Type: String

Key of a third required tag.

tag3Value (Optional)
Type: CSV

Optional value of the third required tag. Separate multiple values with commas.

tag4Key (Optional)
Type: String

Key of a fourth required tag.

tag4Value (Optional)
Type: CSV

Optional value of the fourth required tag. Separate multiple values with commas.

tag5Key (Optional)
Type: String

Key of a fifth required tag.

tag5Value (Optional)
Type: CSV

Optional value of the fifth required tag. Separate multiple values with commas.

tag6Key (Optional)
Type: String

Key of a sixth required tag.

tag6Value (Optional)
Type: CSV

Optional value of the sixth required tag. Separate multiple values with commas.

AWS CloudFormation template

To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.