2 réponses
- Le plus récent
- Le plus de votes
- La plupart des commentaires
0
Yes I am trying to achieve this thing but I want to achieve this by using AWS SCP. All post which I have seen they all have same json file as mine. But while implementation it is not working.
répondu il y a 2 ans
0
I guess you are trying to achieve something like this: https://aws.amazon.com/premiumsupport/knowledge-center/iam-policy-tags-deny/ (Sid: AllowRunInstancesWithRestrictions1)
Your policy can be modified as follow:
{
"Effect": "Deny",
"Action": [
"ec2: CreateTags",
"ec2: RunInstances"
],
"Resource": [
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ec2:*:*:volume/*"
],
"Condition": {
"StringNotLike": {
"aws:RequestTag/cost_center": "?*"
}
}
}
répondu il y a 2 ans
Contenus pertinents
- demandé il y a 6 mois
- demandé il y a un an
- demandé il y a un mois
- demandé il y a un an
- AWS OFFICIELA mis à jour il y a 6 mois
- AWS OFFICIELA mis à jour il y a 3 ans
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 4 mois
So what condition type you are using?
ForAllValues:StringEquals? Or StringNotLike?
I have used Both but no luck.
Can you also post the policy you use with StringNotLike to see if there is any other issue?
Your policy with
means all your new EC2 instances need to have a tag
environment
and the tag value must be exactlytrue
Is this what you expect and what you get?