Checks whether the tag information of each resource is empty. If not, the evaluation result is Compliant.

Scenarios

Cloud-based IT management requires that each resource have one or more specified tags. The tags are used for subsequent management of resources, such as permission isolation, bill splitting, and automatic O&M.

Risk level

Default risk level: medium.

When you apply this rule, you can change the risk level based on your business requirements.

Compliance evaluation logic

  • If the tag information of each resource is not empty, the evaluation result is Compliant.
  • If the tag information of a resource is empty, the evaluation result is Incompliant. For more information about how to remediate an incompliant configuration, see Incompliance remediation.

Rule details

Item Feature
Rule name resources-tags-not-empty
Rule identifier resources-tags-not-empty
Tag Tag
Automatic remediation Not supported
Trigger type Configuration change
Supported resource type
  • Container Service for Kubernetes (ACK) clusters
  • API resources
  • API groups
  • Alibaba Cloud CDN domain names
  • Cloud Enterprise Network (CEN) instances
  • Anti-DDoS instances
  • Dedicated hosts
  • Elastic Compute Service (ECS) disks
  • ECS Instances
  • Launch templates
  • Elastic network interfaces (ENIs)
  • ECS security groups
  • ECS snapshots
  • Elastic IP addresses (EIPs)
  • ApsaraDB for HBase clusters
  • Customer master keys (CMK) managed by Key Management Service (KMS)
  • Credentials managed by KMS
  • ApsaraDB for MongoDB instances
  • Apsara File Storage NAS file systems
  • NAT gateways
  • Object Storage Service (OSS) buckets
  • PolarDB clusters
  • ApsaraDB RDS instances
  • ApsaraDB for Redis instances
  • Server Load Balancer (SLB) instances
  • Virtual Private Cloud (VPC) route tables
  • VPCs
  • vSwitches
Input parameter None

Incompliance remediation

Attach a tag to a resource. For more information, see Add a custom tag.