Hub
Hub
Plugins
Mods
Docs
Home
Mods
turbot
/
aws_tags
Overview
4
Dashboards
284
Controls
0
Queries
3
Variables
GitHub
Install Mod
Limit
Access Analyzer analyzers should not exceed tag limit
API Gateway stages should not exceed tag limit
CloudFront distributions should not exceed tag limit
CloudTrail trails should not exceed tag limit
CloudWatch alarms should not exceed tag limit
CloudWatch log groups should not exceed tag limit
CodeBuild projects should not exceed tag limit
CodeCommit repositories should not exceed tag limit
CodePipeline pipelines should not exceed tag limit
Config rules should not exceed tag limit
DAX clusters should not exceed tag limit
Directory Service directories should not exceed tag limit
DMS replication instances should not exceed tag limit
DynamoDB tables should not exceed tag limit
EBS snapshots should not exceed tag limit
EBS volumes should not exceed tag limit
EC2 application load balancers should not exceed tag limit
EC2 classic load balancers should not exceed tag limit
EC2 gateway load balancers should not exceed tag limit
EC2 instances should not exceed tag limit
EC2 network load balancers should not exceed tag limit
EC2 reserved instances should not exceed tag limit
ECR repositories should not exceed tag limit
ECS container instances should not exceed tag limit
ECS services should not exceed tag limit
EFS file systems should not exceed tag limit
EKS addons should not exceed tag limit
EKS clusters should not exceed tag limit
EKS identity provider configs should not exceed tag limit
Elastic beanstalk applications should not exceed tag limit
Elastic beanstalk environments should not exceed tag limit
ElastiCache clusters should not exceed tag limit
ElasticSearch domains should not exceed tag limit
EventBridge rules should not exceed tag limit
GuardDuty detectors should not exceed tag limit
IAM roles should not exceed tag limit
IAM server certificates should not exceed tag limit
IAM users should not exceed tag limit
Inspector assessment templates should not exceed tag limit
Kinesis firehose delivery streams should not exceed tag limit
KMS keys should not exceed tag limit
Lambda functions should not exceed tag limit
RDS DB cluster parameter groups should not exceed tag limit
RDS DB cluster snapshots should not exceed tag limit
RDS DB clusters should not exceed tag limit
RDS DB instances should not exceed tag limit
RDS DB option groups should not exceed tag limit
RDS DB parameter groups should not exceed tag limit
RDS DB snapshots should not exceed tag limit
RDS DB subnet groups should not exceed tag limit
Redshift clusters should not exceed tag limit
Route53 domains should not exceed tag limit
Route 53 Resolver endpoints should not exceed tag limit
S3 buckets should not exceed tag limit
SageMaker endpoint configurations should not exceed tag limit
SageMaker models should not exceed tag limit
SageMaker notebook instances should not exceed tag limit
SageMaker training jobs should not exceed tag limit
Secrets Manager secrets should not exceed tag limit
SSM parameters should not exceed tag limit
Tagging resources should not exceed tag limit
VPC elastic IP addresses should not exceed tag limit
VPC NAT gateways should not exceed tag limit
VPC network ACLs should not exceed tag limit
VPC security groups should not exceed tag limit
VPCs should not exceed tag limit
VPC VPN connections should not exceed tag limit
WAFV2 ip sets should not exceed tag limit
WAFV2 regex pattern sets should not exceed tag limit
WAFV2 rule groups should not exceed tag limit
WAFV2 web acls should not exceed tag limit
Mandatory
Access Analyzer analyzers should have mandatory tags
API Gateway stages should have mandatory tags
CloudFront distributions should have mandatory tags
CloudTrail trails should have mandatory tags
CloudWatch alarms should have mandatory tags
CloudWatch log groups should have mandatory tags
CodeBuild projects should have mandatory tags
CodeCommit repositories should have mandatory tags
CodePipeline pipelines should have mandatory tags
Config rules should have mandatory tags
DAX clusters should have mandatory tags
Directory Service directories should have mandatory tags
DMS replication instances should have mandatory tags
DynamoDB tables should have mandatory tags
EBS snapshots should have mandatory tags
EBS volumes should have mandatory tags
EC2 application load balancers should have mandatory tags
EC2 classic load balancers should have mandatory tags
EC2 gateway load balancers should have mandatory tags
EC2 instances should have mandatory tags
EC2 network load balancers should have mandatory tags
EC2 reserved instances should have mandatory tags
ECR repositories should have mandatory tags
ECS container instances should have mandatory tags
ECS services should have mandatory tags
EFS file systems should have mandatory tags
EKS addons should have mandatory tags
EKS clusters should have mandatory tags
EKS identity provider configs should have mandatory tags
Elastic beanstalk applications should have mandatory tags
Elastic beanstalk environments should have mandatory tags
ElastiCache clusters should have mandatory tags
ElasticSearch domains should have mandatory tags
EventBridge rules should have mandatory tags
GuardDuty detectors should have mandatory tags
IAM roles should have mandatory tags
IAM server certificates should have mandatory tags
IAM users should have mandatory tags
Inspector assessment templates should have mandatory tags
Kinesis firehose delivery streams should have mandatory tags
KMS keys should have mandatory tags
Lambda functions should have mandatory tags
RDS DB clusters should have mandatory tags
RDS DB cluster parameter groups should have mandatory tags
RDS DB cluster snapshots should have mandatory tags
RDS DB instances should have mandatory tags
RDS DB option groups should have mandatory tags
RDS DB parameter groups should have mandatory tags
RDS DB snapshots should have mandatory tags
RDS DB subnet groups should have mandatory tags
Redshift clusters should have mandatory tags
Route53 domains should have mandatory tags
Route 53 Resolver endpoints should have mandatory tags
S3 buckets should have mandatory tags
SageMaker endpoint configurations should have mandatory tags
SageMaker models should have mandatory tags
SageMaker notebook instances should have mandatory tags
SageMaker training jobs should have mandatory tags
Secrets Manager secrets should have mandatory tags
SSM parameters should have mandatory tags
Tagging resources should have mandatory tags
VPCs should have mandatory tags
VPC elastic IP addresses should have mandatory tags
VPC NAT gateways should have mandatory tags
VPC network ACLs should have mandatory tags
VPC security groups should have mandatory tags
VPC VPN connections should have mandatory tags
WAFV2 ip sets should have mandatory tags
WAFV2 regex pattern sets should have mandatory tags
WAFV2 rule groups should have mandatory tags
WAFV2 web acls should have mandatory tags
Prohibited
Access Analyzer analyzers should not have prohibited tags
API Gateway stages should not have prohibited tags
CloudFront distributions should not have prohibited tags
CloudTrail trails should not have prohibited tags
CloudWatch alarms should not have prohibited tags
CloudWatch log groups should not have prohibited tags
CodeBuild projects should not have prohibited tags
CodeCommit repositories should not have prohibited tags
CodePipeline pipelines should not have prohibited tags
Config rules should not have prohibited tags
DAX clusters should not have prohibited tags
Directory Service directories should not have prohibited tags
DMS replication instances should not have prohibited tags
DynamoDB tables should not have prohibited tags
EBS snapshots should not have prohibited tags
EBS volumes should not have prohibited tags
EC2 application load balancers should not have prohibited tags
EC2 classic load balancers should not have prohibited tags
EC2 gateway load balancers should not have prohibited tags
EC2 instances should not have prohibited tags
EC2 network load balancers should not have prohibited tags
EC2 reserved instances should not have prohibited tags
ECR repositories should not have prohibited tags
ECS container instances should not have prohibited tags
ECS services should not have prohibited tags
EFS file systems should not have prohibited tags
EKS addons should not have prohibited tags
EKS clusters should not have prohibited tags
EKS identity provider configs should not have prohibited tags
Elastic beanstalk applications should not have prohibited tags
Elastic beanstalk environments should not have prohibited tags
ElastiCache clusters should not have prohibited tags
ElasticSearch domains should not have prohibited tags
EventBridge rules should not have prohibited tags
GuardDuty detectors should not have prohibited tags
IAM roles should not have prohibited tags
IAM server certificates should not have prohibited tags
IAM users should not have prohibited tags
Inspector assessment templates should not have prohibited tags
Kinesis firehose delivery streams should not have prohibited tags
KMS keys should not have prohibited tags
Lambda functions should not have prohibited tags
RDS DB cluster parameter groups should not have prohibited tags
RDS DB clusters should not have prohibited tags
RDS DB cluster snapshots should not have prohibited tags
RDS DB instances should not have prohibited tags
RDS DB option groups should not have prohibited tags
RDS DB parameter groups should not have prohibited tags
RDS DB snapshots should not have prohibited tags
RDS DB subnet groups should not have prohibited tags
Redshift clusters should not have prohibited tags
Route53 domains should not have prohibited tags
Route 53 Resolver endpoints should not have prohibited tags
S3 buckets should not have prohibited tags
SageMaker endpoint configurations should not have prohibited tags
SageMaker models should not have prohibited tags
SageMaker notebook instances should not have prohibited tags
SageMaker training jobs should not have prohibited tags
Secrets Manager secrets should not have prohibited tags
SSM parameters should not have prohibited tags
Tagging resources should not have prohibited tags
VPC elastic IP addresses should not have prohibited tags
VPC NAT gateways should not have prohibited tags
VPC network ACLs should not have prohibited tags
VPCs should not have prohibited tags
VPC security groups should not have prohibited tags
Vpc VPN connections should not have prohibited tags
WAFV2 ip sets should not have prohibited tags
WAFV2 regex pattern sets should not have prohibited tags
WAFV2 rule groups should not have prohibited tags
WAFV2 web acls should not have prohibited tags
Untagged
Access Analyzer analyzers should be tagged
API Gateway stages should be tagged
CloudFront distributions should be tagged
CloudTrail trails should be tagged
CloudWatch alarms should be tagged
CloudWatch log groups should be tagged
CodeBuild projects should be tagged
CodeCommit repositories should be tagged
CodePipeline pipelines should be tagged
Config rules should be tagged
DAX clusters should be tagged
Directory Service directories should be tagged
Dms replication instances should be tagged
DynamoDB tables should be tagged
EBS snapshots should be tagged
EBS volumes should be tagged
EC2 application load balancers should be tagged
EC2 classic load balancers should be tagged
EC2 gateway load balancers should be tagged
EC2 instances should be tagged
EC2 network load balancers should be tagged
EC2 reserved instances should be tagged
ECR repositories should be tagged
ECS container instances should be tagged
ECS services should be tagged
EFS file systems should be tagged
EKS addons should be tagged
EKS clusters should be tagged
EKS identity provider configs should be tagged
Elastic beanstalk applications should be tagged
Elastic beanstalk environments should be tagged
ElastiCache clusters should be tagged
ElasticSearch domains should be tagged
EventBridge rules should be tagged
GuardDuty detectors should be tagged
IAM roles should be tagged
IAM server certificates should be tagged
IAM users should be tagged
Inspector assessment templates should be tagged
Kinesis firehose delivery streams should be tagged
KMS keys should be tagged
Lambda functions should be tagged
RDS DB clusters should be tagged
RDS DB cluster parameter groups should be tagged
RDS DB cluster snapshots should be tagged
RDS DB instances should be tagged
RDS DB option groups should be tagged
RDS DB parameter groups should be tagged
RDS DB snapshots should be tagged
RDS DB subnet groups should be tagged
Redshift clusters should be tagged
Route53 domains should be tagged
Route 53 Resolver endpoints should be tagged
S3 buckets should be tagged
SageMaker endpoint configurations should be tagged
SageMaker models should be tagged
SageMaker notebook instances should be tagged
SageMaker training jobs should be tagged
Secrets Manager secrets should be tagged
SSM parameters should be tagged
Tagging resources should be tagged
VPCs should be tagged
VPC elastic IP addresses should be tagged
VPC NAT gateways should be tagged
VPC network ACLs should be tagged
VPC security groups should be tagged
VPC VPN connections should be tagged
WAFV2 ip sets should be tagged
WAFV2 regex pattern sets should be tagged
WAFV2 rule groups should be tagged
WAFV2 web acls should be tagged
Benchmarks & Controls in AWS Tags
The AWS Tags mod includes 4 benchmarks & 284 controls.
Usage
steampipe check all
Benchmarks
Limit
Mandatory
Prohibited
Untagged