Tag enforcement while creating a new resource
My customer is looking for automation to enforce tagging while creating a new resource. Please let me know if any of you have implemented this for your respective customer.
- Le plus récent
- Le plus de votes
- La plupart des commentaires
This is accomplished through two features: tag-based access control's RequestTag IAM condition key and Tag Policies.
The RequestTag condition forces services which support that IAM condition key to supply tags during resource creation (or tag mutation requests) and their Organization's Tag Policy stipulates what tags must be present on supported resources at creation time or during tag mutations.
Here's a sample RequestTags policy (it can be generalized).
Tag policies define which are the correct tags that can be used. Service control policies can be used to prevent resources from being created without a tag. Ref: https://aws.amazon.com/blogs/mt/implement-aws-resource-tagging-strategy-using-aws-tag-policies-and-service-control-policies-scps/
Contenus pertinents
- demandé il y a 7 mois
- demandé il y a un an
- demandé il y a un an
AWS OFFICIELA mis à jour il y a 2 ans- AWS OFFICIELA mis à jour il y a 3 ans
