Enforcing Tag Policies on existing instances

A customer is using tagging policies and enforcing them SCP, so that an instance can't run unless it's tagged with relevant required tags.

If they were to attach that SCP, currently triggered on ec2:RunInstances, to an account with already running instances and potentially untagged or tagged in a non-compliant way, what would happen? Would it stop the instances or only prevent them from restarting once stopped?

rePost-User-0981058
2 years ago
After attaching the above SCP policy to an account, I am unable (with Administrator access) to launch an instance with all the compliant tags. The policy is working fine when I deploy an instance with incorrect tags. Does it require an special permissions? Any advice please.

Topics

Management & Governance

Relevant content

Organisation level tag policies are not enforcing tags while creating resources
keyanke
asked 6 months ago
SCP Enforce Tags on resource creation fail
Accepted Answer
Hicaro Ferreira
asked 3 months ago
SCP to enforce tags fails
rePost-User-0981058
asked 2 years ago
Scp Tag enforcement is not working on Ec2.
Shubham
asked 2 years ago
How can I use IAM policy tags to restrict how an EC2 instance or EBS volume can be created?
AWS OFFICIALUpdated 2 years ago
How can I use SCPs and tag policies to prevent users in my AWS Organizations member accounts from creating resources?
AWS OFFICIALUpdated 2 years ago
How do I restrict access so that users launch Amazon EC2 instances from only tagged AMIs?
AWS OFFICIALUpdated 4 months ago
How do I create an IAM policy to explicitly grant permissions to create and manage EC2 instances in a specified VPC that has tags?
AWS OFFICIALUpdated 9 days ago
Provisioning with Tags on VMware Cloud on AWS using Terraform
EXPERT
Puneet Arora
published 10 months ago
How to add tags to existing jobs in AWS Elemental MediaConvert
EXPERT
Bo_L
published 5 months ago