1 Answer
- Newest
- Most votes
- Most comments
0
This is the expected behaviour; Tag Policies only enforce values for tags which are present and do not enforce the presence of a tag: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies-enforcement.html
As alternatives you could specify in the IAM policy that the tag must be specified on creation of the resource, and/or you can use AWS Config to report compliance on tag presence or not.
Relevant content
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 2 years ago