required-tags - Cloud Config - Alibaba Cloud Documentation Center

Scenario

Cloud-based IT management requires that each resource have one or more specified tags. These tags are used for the subsequent management of resources, such as permission isolation, bill splitting, and automatic O&M.

For example, Enterprise A requires that all resources in the cloud have the tag Project=xx, in which Project is the key of the tag and xx is the value of the tag. The value of the tag can be the name of an existing project of Enterprise A. For example, the tag can be Project=A, Project=B, or Project=C. The costs of each project in the cloud are calculated based on the tags of resources. Therefore, each resource must have at least one of the specified tags. The key and value of a tag must be in the specified range.

Risk level

Default risk level: high.

You can change the risk level as required when you apply this rule.

Compliance evaluation logic

If a resource has all the specified tags, the evaluation result is compliant.

Note You can define at most six tags in the rule. The resource is evaluated to be compliant only if the resource has all the specified tags.
If a resource does not have all the specified tags or has tags that are not included in the specified tags, the evaluation result is non-compliant. For more information about how to correct the non-compliant configuration, see Non-compliance remediation.

Rule details


Item	Description
Rule name	required-tags
Rule ID	required-tags
Tag	ECS and Tag
Automatic remediation	Supported
Trigger type	Configuration change
Supported resource type	Container Service for Kubernetes (ACK) cluster API resource API group Alibaba Cloud CDN domain name Cloud Enterprise Network (CEN) instance Anti-DDoS instance Dedicated host Elastic Compute Service (ECS) disk ECS instance Launch template Elastic network interface (ENI) ECS security group ECS snapshot Elastic IP address (EIP) ApsaraDB for HBase cluster Customer master key (CMK) managed by Key Management Service (KMS) Secret managed by Secrets Manager ApsaraDB for MongoDB instance Apsara File Storage NAS (NAS) file system NAT gateway Object Storage Service (OSS) bucket PolarDB cluster ApsaraDB RDS instance ApsaraDB for Redis instance Server Load Balancer (SLB) instance Virtual Private Cloud (VPC) route table VPC vSwitch Kafka
Input parameter	`tag1Key`: the key of tag 1. `tag1Value`: the value of tag 1. `tag2Key`: the key of tag 2. `tag2Value`: the value of tag 2. `tag3Key`: the key of tag 3. `tag3Value`: the value of tag 3. `tag4Key`: the key of tag 4. `tag4Value`: the value of tag 4. `tag5Key`: the key of tag 5. `tag5Value`: the value of tag 5. `tag6Key`: the key of tag 6. `tag6Value`: the value of tag 6. Note You can define at most six tags. Each tag must contain a key and a value.

Non-compliance remediation

Add the specified tags to the resource on the Tags page in the Resource Management console. For more information, see Add a custom tag.
Add the specified tags to the resource in the Cloud Config console. For more information, see Configure automatic remediation or Configure manual remediation.