Ensure that your AWS Virtual Private Clouds (VPCs) are using appropriate naming conventions for tagging in order to manage them more efficiently and adhere to AWS resource tagging best practices. A naming convention is a well-defined set of rules useful for choosing the name of an AWS resource. Cloud Conformity strongly recommends using the following pattern (default pattern) for naming your AWS VPCs:
^vpc-(ue1|uw1|uw2|ew1|ec1|an1|an2|as1|as2|se1)-(d|t|s|p)-([a-z0-9\\-]+)$. In case you need to create your custom naming pattern, the default one can be easily replaced within the rule configuration settings available in your Conformity account.
This rule can help you with the following compliance standards:
- APRA
- MAS
- NIST4
For further details on compliance standards supported by Conformity, see here.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Naming (tagging) your Virtual Private Clouds (VPCs) consistently has several advantages such as providing additional information about the network location and usage, promoting consistency within the selected AWS cloud region, avoiding naming collisions, improving clarity in cases of potential ambiguity and enhancing the aesthetic and professional appearance.
Default Pattern Format
vpc-RegionCode-EnvironmentCode-ApplicationStackCode
Default Pattern Components
- RegionCode
-
(ue1|uw1|uw2|ew1|ec1|an1|an2|as1|as2|se1)
for us-east-1, us-west-1, us-west-2, eu-west-1, eu-central-1, ap-northeast-1, ap-northeast-2, ap-southeast-1, ap-southeast-2, sa-east-1. - EnvironmentCode
-
(d|t|s|p)
for development, test, staging, production. - ApplicationCode
-
([a-z0-9\-]+)
for the application stack that runs within the VPC network.
Default Pattern Examples
vpc-us-east-1-p-web-app-stack
vpc-us-west-2-p-big-data-app-stack
Audit
To determine if your Amazon Virtual Private Clouds (VPCs) are using appropriate naming conventions, perform the following operations:
Remediation / Resolution
To implement a consistent naming convention for tagging your Amazon Virtual Private Clouds (VPCs) based on the rule default pattern (i.e. ^vpc-(ue1|uw1|uw2|ew1|ec1|an1|an2|as1|as2|se1)-(d|t|s|p)-([a-z0-9\\-]+)$) or using a well-defined custom pattern, perform the following operations:
Note: As an example, the tagging pattern used within the Remediation/Resolution section is the default one, i.e. ^vpc-(ue1|uw1|uw2|ew1|ec1|an1|an2|as1|as2|se1)-(d|t|s|p)-([a-z0-9\\-]+)$).References
- AWS Documentation
- Tag your Amazon EC2 resources
- User-Defined Tag Restrictions
- AWS Command Line Interface (CLI) Documentation
- ec2
- describe-vpcs
- create-tags
- CloudFormation Documentation
- AWS::EC2::VPC
- Terraform Documentation
- AWS Provider