Why is this an issue?

Shared conventions allow teams to collaborate effectively. This rule allows to check that all tag keys match a provided regular expression.

Noncompliant code example

With default provided regular expression ^([A-Z]:)([A-Z][A-Za-z]*)$:

resource "aws_s3_bucket" "mynoncompliantbucket" {
  bucket = "mybucketname"

  tags = {
    "anycompany:cost-center" = "Accounting" # Noncompliant
  }
}

Compliant solution

resource "aws_s3_bucket" "mycompliantbucket" {
  bucket = "mybucketname"

  tags = {
    "AnyCompany:CostCenter" = "Accounting"
  }
}

Resources

• AWS Documentation: Adopt a Standardized Approach for Tag Names