Resource Not Using Tags
- Query id: e38a8e0a-b88b-4902-b3fe-b0fcb17d5c10
- Query name: Resource Not Using Tags
- Platform: Terraform
- Severity: Info
- Category: Best Practices
- CWE: 665
- URL: Github
Description¶
AWS services resource tags are an essential part of managing components. As a best practice, the field 'tags' should have additional tags defined other than 'Name'
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_acm_certificate" "cert" {
domain_name = "example.com"
validation_method = "DNS"
lifecycle {
create_before_destroy = true
}
}
resource "aws_acm_certificate" "cert_2" {
domain_name = "example.com"
validation_method = "DNS"
tags = {
Name = "test"
}
lifecycle {
create_before_destroy = true
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "aws_acm_certificate" "cert" {
domain_name = "example.com"
validation_method = "DNS"
tags = {
Environment = "test"
}
lifecycle {
create_before_destroy = true
}
}
resource "aws_acm_certificate_validation" "example" {
certificate_arn = aws_acm_certificate.example.arn
validation_record_fqdns = [for record in aws_route53_record.example : record.fqdn]
}