Boost your tagging strategy using Bridgecrew's IaC auto-tagging and centralized management
One of the key cloud security and asset management best practices is using tagging strategy for your runtime environments. AWS and Azure support resource tags, and GCP supports labels that enable users to understand resource ownership, cost allocation, access control, traceability, and more.
Bridgecrew now supports tagging management for IaC templates, both for Terraform and CloudFormation, based on Bridgecrew’s open-source tool Yor. With Tag Rules, you can manage your tagging strategies easily across providers and repositories, even before they go live. Using such an approach, tagging enforcement is more flexible and maintainable.
As part of “Resource Inventory” and “Projects” screens, users have access to a brand new Tag Rule Manager where you can:
- Enable or disable out-of-the-box Bridgecrew tag rules such as the traceability tag (“yor_trace”) used for code to cloud resource tracing and drift detection.
- Custom tag rule creation and management (edit, clone, enable, disable,and delete)
Custom Tag Rule logic can be used for any of these use cases:
- Basic: Assign a tag and value to all resources in the selected repositories.
- Conditional: Assign a tag and value to all resources in the selected repositories that meet a certain condition. For example, assign
team:devto all resources that already have the tag key:value pair
- Conditional with Multiple Conditions: You can define multiple conditions per rule with different tag key:value pairs per condition. For example, you could assign a rule that adds
team:dev_USAto all resources in selected repositories that have both meet condition A (for example, resources with
team:dev_europefor those resources that meet condition B (for example, resources with
- Conditional with default: You can define a rule that applies a name-value pair if a certain condition is met and define a different default key:value pair tag to any IaC resource that does not meet any of the defined conditions.
By enabling a tag rule, Bridgecrew will open a pull request after each default branch, scanning in case IaC resources are missing a tag based on an enabled tag rule.
Check out full documentation here