Autoscaling groups should supply tags to launch configurations

Error: No tags supplied by Autoscaling groups to launch configurations

Bridgecrew Policy ID: BC_AWS_GENERAL_82
Checkov Check ID: CKV_AWS_153
Severity: LOW

No tags supplied by Autoscaling groups to launch configurations

Description

Tags help you do the following:

  • Control access to Auto Scaling groups based on tags. You can use conditions in your IAM policies to control access to Auto Scaling groups based on the tags on that group.
  • Identify and organize your AWS resources. Many AWS services support tagging, so you can assign the same tag to resources from different services to indicate that the resources are related.
    You can apply tag-based, resource-level permissions in the identity-based policies that you create for Amazon EC2 Auto Scaling. This gives you better control over which resources a user can create, modify, use, or delete.

Fix - Buildtime

Terraform

  • Resource: aws_autoscaling_group
  • Argument: launch_configuration, tags
resource "aws_autoscaling_group" "passtag" {
	...
+ launch_configuration      = aws_launch_configuration.foobar.name
+  tags = concat(
    [
      {
        "key"                 = "interpolation1"
        "value"               = "value3"
        "propagate_at_launch" = true
      },
      ...
}