SCP not getting applied on EC2 Auto Scaling Groups

Question

I am trying to enforce a tag InfraOwner on ASGS and resources created by it through following SCP but it is not working and ASG is getting created even without InfraOwner tag

```
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "DenyEC2AuxilliaryInfraOwnerTag",
      "Effect": "Deny",
      "Action": [
        "autoscaling:CreateAutoScalingGroup"
      ],
      "Resource": [
        "arn:aws:autoscaling:*:*:autoScalingGroup/*"
      ],
      "Condition": {
        "Null": {
          "aws:RequestTag/InfraOwner": "true"
        }
      }
    }
  ]
}
```
Can someone help here

Answer

Try the following

```
],
  "Condition": {
    "StringNotLike": {
      "aws:RequestTag/InfraOwner": "?*"
    }
  }
}
```

Explanation: The  will be required on all ASGs. The “?*” enforces that there is some value for the key of InfraOwner. Replacing this with “?” doesn’t require the value be present, but still requires the .

Let me know if you have any issues with this, or if it helps you then please accept my answer after you've tried it out - it would be much appreciated! Good luck :)

SCP not getting applied on EC2 Auto Scaling Groups

Relevanter Inhalt