User create services already tagged

Hi

• Here is the below Example you can define a condition key that checks for the presence of specific tags on the resource being created

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "glue:*",
        "athena:*",
        "lambda:*"
      ],
      "Resource": [
        "arn:aws:glue:*:*:glue:table",  //  resource for Glue
        "arn:aws:athena:*:*:workgroup",  // resource for Athena
        "arn:aws:lambda:*:*:function"    // resource for Lambda
      ],
      "Condition": {
        "StringLike": {
          "aws:resourceTag/tagName1": "value1",
          "aws:resourceTag/tagName2": "value2"
        }
      }
    }
  ]
}

• AWS Resource tagging - https://aws.amazon.com/blogs/aws/resource-groups-and-tagging/

Hello Marcelo,

As far as I know, there are no native solutions that can automate the tagging based on user, but you can enforce tagging in your environment as described here.

With that said, AWS provides building blocks that you can use to tag the resources automatically as described here and here

Let me know if this helps.

Best regards, Mukul Dharwadkar

There is another way to look at it. How about if you set a permission boundary or Service Control Policy(SCP), which restricts user to create resources if not appropriately tagged.

Refer following blog and re:Post Knowledge Center Article:

• https://repost.aws/knowledge-center/organizations-scp-tag-policies
• https://aws.amazon.com/blogs/mt/implement-aws-resource-tagging-strategy-using-aws-tag-policies-and-service-control-policies-scps/#:~:text=When%20a%20tag%20policy%20is,that%20supports%20tag%20policy%20enforcement.

Comment here if you have additional questions. Happy to help.

Abhishek