- Newest
- Most votes
- Most comments
CloudTrail will have a record of this event, which in this case would specifically be 'RunInstances'. Within this event we will be presented with a record of the operation attempted, including the user/role, event source, and tag information that we could use to compare against the configured tag policy. Additionally, we have the ability to centralize our CloudTrail log files from multiple accounts in an AWS Organization, which could be helpful from a reporting perspective.
Depending on the persistence of this issue, you may consider developing a custom notification system on CloudTrail events matching your criteria that would alert you to failed RunInstances operations resulting from a lack of required tag values.
https://aws.amazon.com/premiumsupport/knowledge-center/troubleshoot-iam-permission-errors/ https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-receive-logs-from-multiple-accounts.html
Relevant content
- asked 2 months ago
- Accepted Answerasked 4 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 4 months ago
Thanks @Darren R for your attention. This is a lot of effort for a simple need to show to the user who is trying to launch a resource that violates the tag policy to know what tag they should put. I can't believe there is not simple way to show the error message without this weird encoding.
MLGuy - Running into the same issue. Enforcing tagging becomes way less useful if the error messaging is as bad as it is here. I'm afraid the cons of confusing developers far outweighs the pros of enforcing tagging at a company-wide level. Did you ever come up with a good solution to fix this?