Policy Packs
Enforce Tags on AMIs if They Are Older Than 14 Days

Policy Setting: AWS > EC2 > AMI > Tags > Template

Policies

This policy setting is dependent on the following policy types:

Source

resource "turbot_policy_setting" "aws_ec2_ami_tags_template" {
resource = turbot_policy_pack.main.id
type = "tmod:@turbot/aws-ec2#/policy/types/amiTagsTemplate"
template_input = <<-EOT
- |
{
item: region {
turbot {
id
}
}
}
- |
{
controls(filter: "controlTypeId:tmod:@turbot/aws-ec2#/control/types/amiActive resourceId:{{ $.item.turbot.id }}") {
items {
state
}
}
}
EOT
template = <<-EOT
{%- if $.controls.items[0].state == "alarm" -%}
- termination: "true"
{%- else -%}
[]
{%- endif -%}
EOT
}