iCompaas Support

Profile Applicability:

• Level 1

Description:

FSx file systems can be configured to copy tags from the file system to the volumes that are created from them. This ensures consistency and allows you to use AWS resource tags effectively for management, billing, and automation tasks. It is recommended to verify that tags are copied to volumes for better resource tracking and management.

Rationale:

Copying tags from the FSx file system to its volumes ensures that resource tags are applied uniformly. This is helpful for organizing resources, managing billing, and applying automation. Additionally, it simplifies the task of tracking which resources are associated with specific departments, projects, or use cases.

Impact:

• Positive Impact: Ensures better tracking, auditing, and cost management for volumes associated with the FSx file system.

• Negative Impact: Minimal impact if the configuration is missing. It just requires manually tagging volumes separately.

Default Value:

By default, FSx file systems do not automatically copy tags to volumes when they are created. This setting must be enabled manually.

Pre-Requisite:

• AWS Account Access: Ensure that you have the necessary permissions to view and update FSx file systems and volumes.

• IAM Permissions: Ensure you have permission to view and update resource tags for FSx resources.

Remediation:

Test Plan

Using AWS Console:

1. Sign in to the AWS Management Console.

2. Navigate to the Amazon FSx Console at https://console.aws.amazon.com/fsx/.

3. In the left panel, choose File systems.

4. Select the FSx file system you want to examine.

5. In the File system details page, check for a section called Tags.

6. Ensure that there is a setting configured to Copy tags to volumes

7. If not, edit the configuration to enable the automatic copying of tags to the associated volumes.

Using AWS CLI:

1. Run the following command to describe the FSx file system and check if tags are copied to volumes:

aws fsx describe-file-systems --query "FileSystems[*].Tags"

2. Look for the tag property that indicates whether tags are copied to volumes.
   
   

3. If not configured, use the following command to enable the configuration:
   

aws fsx update-file-system --file-system-id fs-0123456789abcdef0 --copy-tags-to-volumes

Implementation Steps:

Using AWS Console:

1. Sign in to the AWS Management Console.

2. Go to the Amazon FSx Console at https://console.aws.amazon.com/fsx/.

3. Choose File systems from the left panel.

4. Select the FSx file system.

5. Under File system details, locate the Tags section.

6. Edit the file system settings to enable the option to Copy tags to volumes.

7. Save the changes.

Using AWS CLI:

1. Run the following command to check current tag settings:

aws fsx describe-file-systems --query "FileSystems[*].Tags"

2. To configure the file system to copy tags to volumes, run the following command:

aws fsx update-file-system --file-system-id fs-0123456789abcdef0 --copy-tags-to-volumes

Backout Plan:

Using AWS Management Console:

1. Sign in to the AWS Management Console.

2. Navigate to Amazon FSx > File Systems.

3. Select the file system for which the "Copy Tags to Volumes" setting was enabled.

4. Under the Tags or Settings section, locate the "Copy Tags to Volumes" option.

5. Disable the "Copy Tags to Volumes" setting by unchecking the relevant box or toggling the option off.

6. Save the changes to revert the configuration.

Using AWS CLI:

Retrieve the current configuration of the FSx file system:

aws fsx describe-file-systems --file-system-id <file-system-id>

Update the file system to disable the "Copy Tags to Volumes" setting:

aws fsx update-file-system \
--file-system-id <file-system-id> \
--no-copy-tags-to-volumes
Verify the updated configuration:
aws fsx describe-file-systems --file-system-id <file-system-id>

References:

• AWS FSx Documentation

• Amazon FSx Console User Guide

CIS Controls Mapping: