- Newest
- Most votes
- Most comments
It is recommended that you break up policies by resource type. If you want to define more than one permission for an entity (user or role), you can use multiple statements in a single policy. You can also attach multiple policies. If you try to define multiple permissions in a single statement, your policy might not grant the access that you expect.
For more info please review "Multiple statements and multiple policies" section in the documentation here. https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html
Yes, this way the policy attached to role or user would give access to that role/user access to perform those tagging actions to all the resources as long as there is no explicit deny in that particular resource policy.
However, it's always recommended to keep your policies least permissive and granular. With this policy, later you may see a requirement of limiting it to certain resource of that service type. Refer Policies and permissions in IAM for more details.
Hope you find this helpful.
Comment here if you have additional questions, happy to help.
Abhishek
Relevant content
- Accepted Answerasked a year ago
- asked 2 months ago
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago