Checks whether a resource has all the tags specified in the rule.
Scenarios
Cloud IT management requires cloud resources to have specific tags for permission isolation, bill allocation, and automated O&M.
For example, Company A requires all its cloud resources to have the tag Project=xx. Here, Project is the tag key and xx is the tag value. The value can be an existing project, such as Project A, Project B, or Project C. Because the company allocates cloud costs based on these tags, all resources must have the required tag.
Threat level
Default threat level: High.
You can change the threat level when you use this rule.
Detection logic
- A resource is considered compliant if it has all the tags specified in the rule.Note You can specify up to six tags. These tags are evaluated using a logical AND. A resource is considered compliant only if it has all the tags that you set.
- A resource is non-compliant if it does not have all the tags specified in the rule or if its tags do not match the ones specified in the rule. For more information about how to remediate this issue, see Remediation.
Rule details
| Parameter | Description |
| Rule name | Required tags exist |
| Rule identifier | required-tags |
| Tags | ECS, Tag |
| Automatic remediation | Supported |
| Rule trigger | Configuration change |
| Supported resource types |
|
| Rule parameters |
Note You can define up to six tags. Each tag includes a tag key and a tag value. |
Remediation
- Attach the specified tags to the resource in the Tag console. For more information, see Create and attach custom tags.
- Configure automatic remediation in the Cloud Config console to attach the specified tags to the resource. For more information, see Set template-based remediation or Set custom remediation.
该文章对您有帮助吗?