By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Tag enforcement while creating a new resource

0

My customer is looking for automation to enforce tagging while creating a new resource. Please let me know if any of you have implemented this for your respective customer.

Topics
Security, Identity, & ComplianceManagement & Governance
Tags
AWS Identity and Access ManagementAWS Organizations
Language
English
AWS
Chetan Makvana
asked 4 years ago308 views
2 Answers
0
Accepted Answer

This is accomplished through two features: tag-based access control's RequestTag IAM condition key and Tag Policies.
The RequestTag condition forces services which support that IAM condition key to supply tags during resource creation (or tag mutation requests) and their Organization's Tag Policy stipulates what tags must be present on supported resources at creation time or during tag mutations.

Here's a sample RequestTags policy (it can be generalized).

AWS
AWS-User-4959820
answered 4 years ago
0

Tag policies define which are the correct tags that can be used. Service control policies can be used to prevent resources from being created without a tag. Ref: https://aws.amazon.com/blogs/mt/implement-aws-resource-tagging-strategy-using-aws-tag-policies-and-service-control-policies-scps/

AWS
Andrew_B
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content