Checks whether a resource has at least one of the specified tags.


This rule is used to check whether a resource has at least one of the specified tags. Tags are used in regular resource management scenarios, such as permission isolation, bill splitting, and automatic O&M. We recommend that you establish a tag system for all resources and use tags for resource management.

Risk level

Default risk level: high.

You can change the risk level as required when you apply this rule.

Compliance evaluation logic

  • If a resource has at least one of the specified tags, the evaluation result is compliant.
  • If a resource does not have one of the specified tags, the evaluation result is non-compliant. For more information about how to correct the non-compliant configuration, see Non-compliance remediation.

Rule details

Item Description
Rule name required-any-tags
Rule ID required-any-tags
Tag ECS and Tag
Automatic remediation Not supported
Trigger type Configuration change
Supported resource type
  • Container Service for Kubernetes (ACK) cluster
  • API resource
  • API group
  • Alibaba Cloud CDN domain name
  • Cloud Enterprise Network (CEN) instance
  • Anti-DDoS instance
  • Dedicated host
  • Elastic Compute Service (ECS) disk
  • ECS instance
  • Launch template
  • Elastic network interface (ENI)
  • ECS security group
  • ECS snapshot
  • Elastic IP address (EIP)
  • ApsaraDB for HBase cluster
  • Customer master key (CMK) managed by Key Management Service (KMS)
  • Secret managed by Secrets Manager
  • ApsaraDB for MongoDB instance
  • Apsara File Storage NAS (NAS) file system
  • NAT gateway
  • Object Storage Service (OSS) bucket
  • PolarDB cluster
  • ApsaraDB RDS instance
  • ApsaraDB for Redis instance
  • Server Load Balancer (SLB) instance
  • Virtual Private Cloud (VPC) route table
  • VPC
  • vSwitch
Input parameter
  • tag1Key: the key of tag 1.
  • tag1Value: the value of tag 1.
  • tag2Key: the key of tag 2.
  • tag2Value: the value of tag 2.
  • tag3Key: the key of tag 3.
  • tag3Value: the value of tag 3.
  • tag4Key: the key of tag 4.
  • tag4Value: the value of tag 4.
  • tag5Key: the key of tag 5.
  • tag5Value: the value of tag 5.
  • tag6Key: the key of tag 6.
  • tag6Value: the value of tag 6.
Note You can define at most six tags. Each tag must contain a key and a value.

Non-compliance remediation

Add one of the specified tags to the resource. For more information, see Add a custom tag.