EFS without tags

Docs > Datadog Security > Code Security > Infrastructure as Code (IaC) Security > IaC Security Rules > EFS without tags

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Metadata

Id: b8a9852c-9943-4973-b8d5-77dae9352851

Cloud Provider: AWS

Platform: Ansible

Severity: Low

Category: Build Process

Learn More

Provider Reference

Description

EFS filesystems must have tags defined to support asset identification, tag-based access control, cost allocation, and automated lifecycle or compliance policies. For Ansible tasks using the community.aws.efs or efs modules, the tags property must be present and contain at least one key/value pair. Tasks that omit the tags property or provide an empty mapping are flagged as missing required metadata.

Secure example:

- name: Create EFS filesystem
  community.aws.efs:
    state: present
    name: my-efs
    performance_mode: generalPurpose
    tags:
      Name: my-efs
      Environment: production

Compliant Code Examples

- name: EFS provisioning
  community.aws.efs:
    state: present
    name: myTestEFS
    tags:
      Name: myTestNameTag
      purpose: file-storage
    targets:
      - subnet_id: subnet-748c5d03
        security_groups: [ "sg-1a2b3c4d" ]

Non-Compliant Code Examples

- name: EFS provisioning without tags
  community.aws.efs:
    state: present
    name: myTestEFS
    targets:
      - subnet_id: subnet-748c5d03
        security_groups: [ "sg-1a2b3c4d" ]