terraform.aws.best-practice.missing-aws-autoscaling-tags.missing-aws-autoscaling-tags

profile photo of semgrepsemgrep
Author
unknown
Download Count*

The AWS Autoscaling Group is not tagged.

Run Locally

Run in CI

Defintion

rules:
  - id: missing-aws-autoscaling-tags
    patterns:
      - pattern: |
          resource "aws_autoscaling_group" $ANYTHING {
            ...
          }
      - pattern-not-inside: |
          resource "aws_autoscaling_group" $ANYTHING {
            ...
            tag {
              ...
            }
            ...
          }
      - pattern-not-inside: |
          resource "aws_autoscaling_group" $ANYTHING {
            ...
            tags = concat(
              ...
            )
            ...
          }
    message: The AWS Autoscaling Group is not tagged.
    languages:
      - hcl
    severity: WARNING
    metadata:
      category: best-practice
      technology:
        - terraform
        - aws
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]

Examples

missing-aws-autoscaling-tags.tf

resource "aws_autoscaling_group" "passtag" {
  name                      = "foobar3-terraform-test"
  max_size                  = 5
  min_size                  = 2
  health_check_grace_period = 300
  health_check_type         = "ELB"
  desired_capacity          = 4
  force_delete              = true
  placement_group           = aws_placement_group.test.id
  launch_configuration      = aws_launch_configuration.foobar.name
  vpc_zone_identifier       = [aws_subnet.example1.id, aws_subnet.example2.id]

  tag {
    key                 = "foo"
    value               = "bar"
    propagate_at_launch = true
  }

  tag {
    key                 = "lorem"
    value               = "ipsum"
    propagate_at_launch = false
  }
}


resource "aws_autoscaling_group" "passtags" {
  name                 = "foobar3-terraform-test"
  max_size             = 5
  min_size             = 2
  launch_configuration = aws_launch_configuration.foobar.name
  vpc_zone_identifier  = [aws_subnet.example1.id, aws_subnet.example2.id]

  tags = concat(
    [
      {
        "key"                 = "interpolation1"
        "value"               = "value3"
        "propagate_at_launch" = true
      },
      {
        "key"                 = "interpolation2"
        "value"               = "value4"
        "propagate_at_launch" = true
      },
    ],
    var.extra_tags,
  )
}

# ruleid: missing-aws-autoscaling-tags
resource "aws_autoscaling_group" "fail" {
  name                 = "foobar3-terraform-test"
  max_size             = 5
  min_size             = 2
  launch_configuration = aws_launch_configuration.foobar.name
  vpc_zone_identifier  = [aws_subnet.example1.id, aws_subnet.example2.id]
}