Delete tags via Tag Editor

0

I want to delete a tag from all my services via Tag Editor, but when I try to do this operation I get the following error: AccessDeniedException: User

I have permission to edit only tags for some services, but when I try to delete them through the Tag Editor, it doesn't let me delete even the ones I have permission to. Which IAM policy do I need to be able to manage tags via Tag Editor?

Thanks!

natte
asked 10 months ago385 views
2 Answers
0
profile pictureAWS
EXPERT
kentrad
answered 10 months ago
0

If you only want to manage tags for specific services, you can get granular with your permissions. Here's a basic example for granting tag-editing permissions for EC2 and S3:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "TagEditorPermissions",
            "Effect": "Allow",
            "Action": [
                "ec2:CreateTags",
                "ec2:DeleteTags",
                "s3:PutBucketTagging",
                "s3:DeleteBucketTagging"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "tag:GetResources",
            "Resource": "*"
        }
    ]
}

This policy allows tag management for EC2 and S3. However, if you want to expand to other services, you'd have to include the appropriate tag management permissions for those as well.

If you want to do this across all services, here is an example:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "ComprehensiveTaggingPermissions",
            "Effect": "Allow",
            "Action": [
                "tag:TagResources",
                "tag:UntagResources",
                "tag:GetResources",
                "tag:GetTagKeys",
                "tag:GetTagValues",
                "resource-explorer:List*"
            ],
            "Resource": "*"
        }
    ]
}

With this policy, you're allowing operations related to tagging, untagging, getting resources, tag keys, tag values, and any List* operation from the resource-explorer service, across all AWS services.

Note: A word of caution on using broad permissions; always ensure they are granted judiciously and reviewed regularly.

Hope this helps!

profile picture
answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions