Policy: AWS > VPC > Security Group Rule > Tags > Template

The template is used to generate the keys and values for AWS VPC security group rule.

Tags not defined in Security Group Rule Tags Template will not be modified or deleted. Setting a tag value to undefined will result in the tag being deleted.

See Tags for more information.

Resource Types

This policy targets the following resource types:

AWS > VPC > Security Group Rule

Primary Policy

This policy is used with the following primary policy:

AWS > VPC > Security Group Rule > Tags

Controls

AWS > VPC > Security Group Rule > Tags

Policy Specification

Default template	`{%- if $.defaultTags.value \| length == 0 %} [] {%- elif $.defaultTags.value != undefined %}{{ $.defaultTags.value \| dump \| safe }}{%- else %}{% for item in $.defaultTags.value %}- {{ item }}{% endfor %}{% endif %}`
Default template input	`- \| { account { turbot { id } } } - \| { defaultTags: policyValue(uri:"tmod:@turbot/aws-vpc-core#/policy/types/vpcServiceTagsTemplate" resourceId: "{{ $.account.turbot.id }}") { value } }`
Examples [YAML]	`foo: bar environment: prod` `- foo123: bar - environment: dev` `- cost-center: zz123 - delete-me: undefined`

Default template

{%- if $.defaultTags.value | length == 0 %} [] {%- elif $.defaultTags.value != undefined %}{{ $.defaultTags.value | dump | safe }}{%- else %}{% for item in $.defaultTags.value %}- {{ item }}{% endfor %}{% endif %}

Default template input

- |
  {
    account {
      turbot {
        id
      }
    }
  }
- |
  {
    defaultTags: policyValue(uri:"tmod:@turbot/aws-vpc-core#/policy/types/vpcServiceTagsTemplate" resourceId: "{{ $.account.turbot.id }}") {
      value
    }
  }

Examples [YAML]

foo: bar
environment: prod

- foo123: bar
- environment: dev

- cost-center: zz123
- delete-me: undefined

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/turbot#/control/categories/resourceTags

Policy Type URI

tmod:@turbot/aws-vpc-security#/policy/types/securityGroupRuleTagsTemplate

GraphQL

query policyType(id: "tmod:@turbot/aws-vpc-security#/policy/types/securityGroupRuleTagsTemplate") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/aws-vpc-security#/policy/types/securityGroupRuleTagsTemplate'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/aws-vpc-security#/policy/types/securityGroupRuleTagsTemplate'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/aws-vpc-security#/policy/types/securityGroupRuleTagsTemplate"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/aws-vpc-security#/policy/types/securityGroupRuleTagsTemplate"