Bridgecrew compliance (#125)

cloudposse · Feb 7, 2021 · cf38625 · cf38625
1 parent dc69999
commit cf38625
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 4 deletions.
diff --git a/.gitignore b/.gitignore
@@ -4,6 +4,7 @@
 # .tfstate files
 *.tfstate
 *.tfstate.*
+**/.terraform.lock.hcl
 
 # .tfvars files
 *.tfvars

diff --git a/README.md b/README.md
@@ -37,7 +37,7 @@ you can exclude environment and the label `id` will look like `{namespace}-{stag
 - If you want the attributes in a different order, you can specify that, too, with the `label_order` list.
 - You can set a maximum length for the name, and the module will create a unique name that fits within that length.
 - You can control the letter case of the generated labels which make up the `id` using `var.label_value_case`.
-- The labels are also exported as tags. You can control the case of the tag names (keys) using `var.label_tag_case`.
+- The labels are also exported as tags. You can control the case of the tag names (keys) using `var.label_key_case`.
 
 It's recommended to use one `terraform-null-label` module for every unique resource of a given resource type.
 For example, if you have 10 instances, there should be 10 different labels.

diff --git a/README.yaml b/README.yaml
@@ -34,7 +34,7 @@ description: |-
   - If you want the attributes in a different order, you can specify that, too, with the `label_order` list.
   - You can set a maximum length for the name, and the module will create a unique name that fits within that length.
   - You can control the letter case of the generated labels which make up the `id` using `var.label_value_case`.
-  - The labels are also exported as tags. You can control the case of the tag names (keys) using `var.label_tag_case`.
+  - The labels are also exported as tags. You can control the case of the tag names (keys) using `var.label_key_case`.
 
   It's recommended to use one `terraform-null-label` module for every unique resource of a given resource type.
   For example, if you have 10 instances, there should be 10 different labels.

diff --git a/examples/autoscalinggroup/main.tf b/examples/autoscalinggroup/main.tf
@@ -23,11 +23,21 @@ resource "aws_launch_template" "default" {
     enabled = false
   }
 
-  # terraform-null-label example used here: Set tags on volumes
+  # terraform-null-label example used here: Set tags on everything that can be tagged
   tag_specifications {
-    resource_type = "volume"
+    for_each = ["instance", "volume", "elastic-gpu", "spot-instance-request"]
+
+    resource_type = each.value
     tags          = module.label.tags
   }
+
+  # Bridgecrew BC_AWS_GENERAL_26
+  tags = module.label.tags
+
+  # Bridgecrew compliance: Ensure Instance Metadata Service Version 1 is not enabled (BC_AWS_GENERAL_31)
+  metadata_options {
+    http_tokens = "required"
+  }
 }
 
 ######################