For AI agents: A markdown version of this page is available at https://docs.datadoghq.com/security/code_security/iac_security/iac_rules/terraform-azure-team-tag-not-present.md.
A documentation index is available at /llms.txt.
To ensure proper resource ownership and management accountability in Azure environments, all resources should include a team tag within their tags block. Without this tag, as shown below, it becomes difficult to identify who is responsible for the resource, increasing the risk of unmanaged assets, security oversights, and operational inefficiencies:
Properly tagging resources with a team value, such as in this example, helps organizations implement cost controls, streamline incident response, and maintain compliance by ensuring every asset has clear ownership:
resource"azurerm_storage_account""good_example"{name="goodstorageacct"resource_group_name="example-rg"location="East US"account_tier="Standard"account_replication_type="LRS"tags={team="DevOps" # Required tag is present
environment="prod"}}
# ✅ "team" label is not a valid attribute for this resource type
resource"azurerm_postgresql_test""good_example"{name="good-postgresql-server"location="East US"resource_group_name="example-rg"public_network_access_enabled=[false]version="9.6"ssl_enforcement_enabled=truesku_name="B_Gen5_1"}
Non-Compliant Code Examples
# Example 1: Missing tags block entirely
resource"azurerm_storage_account""bad_example_no_tags"{name="badstorageacct"resource_group_name="example-rg"location="East US"account_tier="Standard"account_replication_type="LRS"}# Example 2: Tags block exists, but missing the "team" tag
resource"azurerm_storage_account""bad_example_missing_team"{name="badstorageacct2"resource_group_name="example-rg"location="East US"account_tier="Standard"account_replication_type="LRS"tags={environment="prod"}}
1
2
rulesets:- Terraform / Azure # Rules to enforce / Azure.
Request a personalized demo
Get Started with Datadog
Ask AI
AI-generated responses may be inaccurate. Verify important info.
