Control: RDS DB cluster snapshots should not have prohibited tags
Check if RDS DB cluster snapshots have any prohibited tags.
steampipe check aws_tags.control.rds_db_cluster_snapshot_prohibited
Plugins & Tables
with analysis as (selectarn,array_agg(k) as prohibited_tagsfromaws_rds_db_cluster_snapshot,jsonb_object_keys(tags) as k,unnest($1::text) as prohibited_keywherek = prohibited_keygroup byarn)selectr.arn as resource,casewhen a.prohibited_tags <> array::text then 'alarm'else 'ok'end as status,casewhen a.prohibited_tags <> array::text then r.title || ' has prohibited tags: ' || array_to_string(a.prohibited_tags, ', ') || '.'else r.title || ' has no prohibited tags.'end as reason,r.region, r.account_idfromaws_rds_db_cluster_snapshot as rfull outer joinanalysis as a on a.arn = r.arn