3 Answers
- Newest
- Most votes
- Most comments
0
Did you follow all of the steps:
- Enable tag policies for the organization
- Create the tag policy for the Name and Product tags (your code snippet above only shows a policy for a Product tag)
- Attach the tag policy to the Account or OU containing the account your testing in?
- Create the SCP(s) to enforce the presence of the the two required tags? -- the tag policy in step 2 only enforces the required tag value, not that the tag itself is present
- Attach the 'tag present' SCP to the Account or OU containing the account your testing in?
answered 2 years ago
0
I don't think I did 4. I did the other items already. Let me work on these and will report back. Thanks for your help.
answered 2 years ago
0
I did this although I am not 100% sure I am doing it correctly. I want the 'Product' tag to be only these values specified and if they are not, or the tag is not even added, then enforce for the instance to error out and not launch. What am I missing here?
{
"tags": {
"Product": {
"tag_key": {
"@@assign": "Product"
},
"tag_value": {
"@@assign": [
"Name1",
"Name2",
"Name3",
"Name4",
"Name5",
"Name6",
"Name7",
"Name8"
]
},
"enforced_for": {
"@@assign": [
"ec2:instance",
"ec2:volume"
]
}
}
}
}
answered 2 years ago
Relevant content
- asked a year ago
- asked 8 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago