All Products
Search

This Product

    Cloud Config:required-any-tags

    Document Center

    Cloud Config:required-any-tags

    Last Updated:Nov 01, 2024

    Checks whether a resource has at least one of the specified tags.

    Scenario

    This rule is used to check whether a resource has at least one of the specified tags. Tags are used in regular resource management scenarios, such as permission isolation, bill splitting, and automatic O&M. We recommend that you establish a tag system for all resources and use tags for resource management.

    Risk level

    Default risk level: high.

    You can change the risk level as required when you apply this rule.

    Compliance evaluation logic

    • If a resource has at least one of the specified tags, the evaluation result is compliant.

    • If a resource does not have one of the specified tags, the evaluation result is non-compliant. For more information about how to correct the non-compliant configuration, see Non-compliance remediation.

    Rule details

    Item

    Description

    Rule name

    required-any-tags

    Rule ID

    required-any-tags

    Tag

    ECS and Tag

    Automatic remediation

    Not supported

    Trigger type

    Configuration change

    Supported resource type

    • Container Service for Kubernetes (ACK) cluster

    • API resource

    • API group

    • Alibaba Cloud CDN domain name

    • Cloud Enterprise Network (CEN) instance

    • Anti-DDoS instance

    • Dedicated host

    • Elastic Compute Service (ECS) disk

    • ECS instance

    • Launch template

    • Elastic network interface (ENI)

    • ECS security group

    • ECS snapshot

    • Elastic IP address (EIP)

    • ApsaraDB for HBase cluster

    • Customer master key (CMK) managed by Key Management Service (KMS)

    • Secret managed by Secrets Manager

    • ApsaraDB for MongoDB instance

    • File Storage NAS (NAS) file system

    • NAT gateway

    • Object Storage Service (OSS) bucket

    • PolarDB cluster

    • ApsaraDB RDS instance

    • ApsaraDB for Redis instance

    • Server Load Balancer (SLB) instance

    • Virtual Private Cloud (VPC) route table

    • VPC

    • vSwitch

    Input parameter

    • tag1Key: the key of tag 1.

    • tag1Value: the value of tag 1.

    • tag2Key: the key of tag 2.

    • tag2Value: the value of tag 2.

    • tag3Key: the key of tag 3.

    • tag3Value: the value of tag 3.

    • tag4Key: the key of tag 4.

    • tag4Value: the value of tag 4.

    • tag5Key: the key of tag 5.

    • tag5Value: the value of tag 5.

    • tag6Key: the key of tag 6.

    • tag6Value: the value of tag 6.

    Note

    You can define at most six tags. Each tag must contain a key and a value.

    Non-compliance remediation

    Add one of the specified tags to the resource. For more information, see Add a custom tag.