add sec.md

terraform · Jul 28, 2025 · 28e4ad1 · 28e4ad1
1 parent 5eae58c
commit 28e4ad1
Show file tree

Hide file tree

Showing 2 changed files with 61 additions and 3 deletions.
diff --git a/aws/documentation/naming-tagging-standard/tags/README.md b/aws/documentation/naming-tagging-standard/tags/README.md
@@ -20,9 +20,6 @@ Tags from Wiki located [here](wiki.tags.md).
   * [mon_visibility](mon.md#mon_visibility)
   * [mon_extended](mon.md#mon_extended)
 
-# [ops_](ops.md)
-  * [ops_contact](ops.md#ops_contact)
-
 # [Networking](networking.md)
   * [vpc](networking.md#vpc)
   * [subnet](networking.md#subnet)
@@ -32,6 +29,12 @@ Tags from Wiki located [here](wiki.tags.md).
   * [transit-gateway](networking.md#transit-gateway)
   * [transit-gateway-route-table](networking.md#transit-gateway-route-table)
 
+# [ops_](ops.md)
+  * [ops_contact](ops.md#ops_contact)
+
+# [sec_](sec.md)
+  * [sec_csam_id](sec.md#sec_csam_id)
+
 # Third Party Tagging
 
 * [Axonius](third-party/axonius.md)
@@ -55,3 +58,5 @@ Tags from Wiki located [here](wiki.tags.md).
   - add networking
 - 1.0.6 -- 2025-01-14
   - add ops_contact, mon_extended
+- 1.0.7 -- 2025-07-28
+  - add sec_
diff --git a/aws/documentation/naming-tagging-standard/tags/sec.md b/aws/documentation/naming-tagging-standard/tags/sec.md
@@ -0,0 +1,53 @@
+# AWS Tags | sec_
+
+The Security tag groups are used to identify specific attributes of a resource which are important to the
+security teams in OCIO.  They are expected to aid in identifying contact information, perhaps with references
+into our Configuration Management Database (CMDB) or associated security systems.
+
+They are prefixed with a label of `sec_`.
+
+The following tags are to be applied to resources which support tagging.
+
+| Tag key               | Status   |
+|-----------------------|----------|
+| [sec_csam_id](#sec_csam_id) | Required for specific resource types |
+
+# Applicability
+
+## Resources which support tagging and require tags as above
+
+(add to this list)
+
+* EC2
+
+## Resources which support tagging but are not considered within scope of specific `sec_` tags
+
+* IAM
+  * Roles
+  * Policies
+  * SAML Provider
+
+## Other Resources
+
+# Tags
+
+## sec_csam_id
+
+(describe)
+
+This is `REQUIRED` for these resources:
+
+* EC2 deployed as a general use OS
+
+### Format
+
+The tag name is all lowercase, and *must* be set to `sec_csam_id`.
+
+### Values
+
+The value is an integer. This reflects and ID maintained by OIS and provided in the CSAM System (add URL).
+
+# CHANGELOG
+
+- 1.0.0 -- 2025-07-28
+  - initial