I tried to define a tagging policy (for ec2 instance) at Org level and have attached to a child account. JSON looks something like below. I’m not able to see any tags after instance creation in the child account. However, if I try to manually add the tag for same key, it does evaluate as per the policy .
Say - I can define a tag with key as ‘Function’ and value as ‘Devops’ , I’m not allowed add a tag with other value with the Function as key . Is this the expected behaviour, any leads ?
{
"tags": {
"Function": {
"tag_key": {
"@@assign": "Function"
},
"tag_value": {
"@@assign": [
"Devops",
"DevOps"
]
},
"enforced_for": {
"@@assign": [
"ec2:elastic-ip",
"ec2:instance",
"ec2:volume"
]
}
},
"Name": {
"tag_key": {
"@@assign": "Name"
},
"enforced_for": {
"@@assign": [
"ec2:instance"
]
}
},
"Instance Owner": {
"tag_key": {
"@@assign": "Instance Owner"
},
"tag_value": {
"@@assign": [
"*example.com"
]
},
"enforced_for": {
"@@assign": [
"ec2:instance"
]
}
}
}
}
AWS 官方已更新 2 年前