Checks whether a resource has a specified tag and the value of the tag is in the specified values.

Scenario

You can use this rule to verify that the value of a tag that is added to a resource meets your requirements. This facilitates subsequent O&M.

Risk level

Default risk level: high.

You can change the risk level as required when you apply this rule.

Compliance evaluation logic

  • If a resource has the specified tag and the value of the tag is in the specified values, the evaluation result is compliant.
  • If a resource does have the tag or the value of the tag is not in the specified values, the evaluation result is non-compliant. For more information about how to correct the non-compliant configuration, see Non-compliance remediation.

Rule details

Item Description
Rule name contains-tag
Rule ID contains-tag
Tag Tag
Automatic remediation Not supported
Trigger type Configuration change
Supported resource type
  • Container Service for Kubernetes (ACK) cluster
  • API resource
  • API group
  • Alibaba Cloud CDN domain name
  • Cloud Enterprise Network (CEN) instance
  • Anti-DDoS instance
  • Dedicated host
  • Elastic Compute Service (ECS) disk
  • ECS instance
  • Launch template
  • Elastic network interface (ENI)
  • ECS security group
  • ECS snapshot
  • Elastic IP address (EIP)
  • ApsaraDB for HBase cluster
  • Customer master key (CMK) managed by Key Management Service (KMS)
  • Secret managed by Secrets Manager
  • ApsaraDB for MongoDB instance
  • Apsara File Storage NAS (NAS) file system
  • NAT gateway
  • Object Storage Service (OSS) bucket
  • PolarDB cluster
  • ApsaraDB RDS instance
  • ApsaraDB for Redis instance
  • Server Load Balancer (SLB) instance
  • Virtual Private Cloud (VPC) route table
  • VPC
  • vSwitch
Input parameter
  • key: the key of the tag.
  • value: the value of the tag. You can specify multiple tag values.

Non-compliance remediation

Add the specified tag with one of the specified values to the resource. For more information, see Add a custom tag.