Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add policy pack - Add created by tag to EC2 instances #856

Open
Joeturbot opened this issue Sep 19, 2024 · 1 comment · May be fixed by #866
Open

Add policy pack - Add created by tag to EC2 instances #856

Joeturbot opened this issue Sep 19, 2024 · 1 comment · May be fixed by #866
Assignees
@dboeke
Labels
enhancement New feature or request

Comments

@Joeturbot
Copy link
Contributor

Control objective
Compound Objective:

  1. Add createdBy and createTimestamp tags to EC2 instances.
  2. Halt any EC2 instance that doesn't have the createdBy tag and Guardrails can't populate that tag.

Remediation

  1. Enforce those two tags.
  2. Enforce: Stop unapproved for instances without the

Categories

  • Tagging
  • Compliance

Additional context
Beware of the 30 second cooldown for that AWS has when applying tags to EC2 instance. It's possible for Guardrails to respond (and halt the instance) before AWS can apply the tags. Avoid this false positive of missing tags.
@Joeturbot Joeturbot added the enhancement New feature or request label Sep 19, 2024
@dboeke
Copy link
Contributor

dboeke commented Sep 25, 2024

Customer updated the requirement here. They only want to add the created by tag to the instance.

@dboeke dboeke changed the title Add policy pack - Halt EC2 Instances without requried Tags and Add those required tags Add policy pack - Add created by tag to EC2 instances Sep 25, 2024
dboeke added a commit that referenced this issue Sep 25, 2024
@dboeke
add new policy pack for instance creator metadata tracking. closes #856
6f349a0
@rajlearner17 rajlearner17 linked a pull request Sep 27, 2024 that will close this issue
add new policy pack for instance creator metadata tracking. closes #856 #866
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dboeke dboeke

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

add new policy pack for instance creator metadata tracking. closes #856 turbot/guardrails-samples
2 participants
@dboeke @Joeturbot