Hello, I need to write an Organizations Tag Policy that carves out an exception for a particular AWS Principal - in this case an IAM role. Is this possible? It's not clear from the documentation https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_example-tag-policies.html ... simply because it doesn't mention Principals, I am thinking they aren't supported.
From my reading I do not think making an exception for a particular Principal is supported with Tag Policy
You may though be able to achieve similar with an SCP which does allow Principal exception
You are not logged in. Log in to post an answer.
A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.