We have a specific AMI we use for creating ec2 instances that have a specific application installed.
I'd like to create a rule within AWS Guard Rules that makes sure people are creating the required tags and providing the required values within the keys.
I've tried to use regex and other AWS specific rulesets such as what's listed below but receive the same error, also shown below. Does anyone have any basic rules I can use as a template and I can work from there?
Error
error: error one or more of the specified parameters are invalid.aws guard rule
Code I Searched From GitHub Search
AWS::EC2::VPC Tags == /."Key":"Environment"./ << the mandatory Tag: Environment is not specified
AWS::EC2::VPC Tags == /."Key":"ApplicationName"./ << the mandatory Tag: ApplicationName is not specified
Code I Searched From regex
policies:
name: ec2-tag-compliance
amazon.aws.ec2_tag:
region: us-east-1
resource: ec2
filters:
rule check_applepie_year {
let applepie_regex = /ApplePie-(?!0000)\d{4}/
Resources.*[ Type == "AWS::EC2::Instance" ] {
Properties.Tags[?Key == "Name"].Value == %appplepie_regex
}
}
<<You must follow the format - ApplePie-urlprefix-4digityear-city
Example: ApplePie-crusty2023-NY
rule check_tags {
Metadata.Tags.Application << /(?i)ApplePie/
Metadata.Tags.Environment << /(?i)Acceptance/
Metadata.Tags.Platform << /(?i)RedHat/
}
<<
You must have the following tags - Application, Environment, Platform
The key values must contain - Apollo, Production, Ubuntu
let required_tags = ["Project Code", "Web_URL"]
rule check_tags {
Resources.[ Type == "AWS::EC2::Instance" ] {
Properties.Tags[].Key IN %required_tags
Properties.Tags[*].Value NOT_EMPTY
}
}
<<
You must have the following tags - Project Code, Web_URL
The key values must contain - Requesters project code, URL to be used by clients
actions:
- stop