SCP not getting applied on EC2 Auto Scaling Groups

I am trying to enforce a tag InfraOwner on ASGS and resources created by it through following SCP but it is not working and ASG is getting created even without InfraOwner tag

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "DenyEC2AuxilliaryInfraOwnerTag",
      "Effect": "Deny",
      "Action": [
        "autoscaling:CreateAutoScalingGroup"
      ],
      "Resource": [
        "arn:aws:autoscaling:*:*:autoScalingGroup/*"
      ],
      "Condition": {
        "Null": {
          "aws:RequestTag/InfraOwner": "true"
        }
      }
    }
  ]
}

Can someone help here

D G
1年前
Hey @ashish0093 Just checking base with you about the answer provided.

Let me know if you have any issues with this, or if it helps you then please accept my answer after you've tried it out - it would be much appreciated! Good luck :)

トピック

セキュリティ、アイデンティティ、コンプライアンス管理とガバナンス計算する

タグ

AWS Identity and Access Management AWS コマンドラインインターフェイス AWS CloudFormation Amazon EC2 Auto Scaling IAM ポリシー

言語

English

ashish0093

質問済み 1年前417ビュー

1回答

新しい順
投票が多い順
コメントが多い順

これらの回答は役に立ちましたか？コミュニティがあなたの知識を活用できるように、正解に賛成票を投じてください。

Try the following

],
  "Condition": {
    "StringNotLike": {
      "aws:RequestTag/InfraOwner": "?*"
    }
  }
}

Explanation: The <InfraOwner> will be required on all ASGs. The “?*” enforces that there is some value for the key of InfraOwner. Replacing this with “?” doesn’t require the value be present, but still requires the <InfraOwner>.

Let me know if you have any issues with this, or if it helps you then please accept my answer after you've tried it out - it would be much appreciated! Good luck :)

D G

回答済み 1年前

SCP not getting applied on EC2 Auto Scaling Groups

関連するコンテンツ