En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

SCP not getting applied on EC2 Auto Scaling Groups

0

I am trying to enforce a tag InfraOwner on ASGS and resources created by it through following SCP but it is not working and ASG is getting created even without InfraOwner tag

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "DenyEC2AuxilliaryInfraOwnerTag",
      "Effect": "Deny",
      "Action": [
        "autoscaling:CreateAutoScalingGroup"
      ],
      "Resource": [
        "arn:aws:autoscaling:*:*:autoScalingGroup/*"
      ],
      "Condition": {
        "Null": {
          "aws:RequestTag/InfraOwner": "true"
        }
      }
    }
  ]
}

Can someone help here

  • D G
    il y a un an

    Hey @ashish0093 Just checking base with you about the answer provided.

    Let me know if you have any issues with this, or if it helps you then please accept my answer after you've tried it out - it would be much appreciated! Good luck :)

Sujets
Sécurité, identité et conformitéGestion et gouvernanceCalcul
Balises
Gestion des identités et des accès AWSInterface à ligne de commande AWSAWS CloudFormationAmazon EC2 Auto ScalingPolitiques IAM
Langue
English
ashish0093
demandé il y a un an417 vues
1 réponse
0

Try the following

],
  "Condition": {
    "StringNotLike": {
      "aws:RequestTag/InfraOwner": "?*"
    }
  }
}

Explanation: The <InfraOwner> will be required on all ASGs. The “?*” enforces that there is some value for the key of InfraOwner. Replacing this with “?” doesn’t require the value be present, but still requires the <InfraOwner>.

Let me know if you have any issues with this, or if it helps you then please accept my answer after you've tried it out - it would be much appreciated! Good luck :)

profile picture
D G
répondu il y a un an

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents