Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Require specific tags as well as allowing for additional tags at user's discretion

0

Is there a way that I can enforce the existence/usage of 5 specific tag key values as well as allow developers and other individuals the ability to add additional tags as needed? Currently, in our development environment, I have the following configured on an IAM role that we assume for Terraform deployments, but if an individual were to add a tag key value not like the ones below, they would be met with an error.

Any guidance would be much appreciated since it seems as though everything I've tried thus far has failed.

    {
      "Sid": "S3",
      "Effect": "Allow",
      "Action": [
        "s3:*"
      ],
      "Resource": "*",
      "Condition": {
        "ForAllValues:StringEquals": {
          "aws:TagKeys": [
            "Application",
            "CreatedBy",
            "Department",
            "Environment"
            "Owner"
          ]
        }
      }
    },
Themen
SpeicherManagement & UnternehmensführungSicherheit, Identität & Konformität
Tags
Amazon Simple Storage ServiceManagement & UnternehmensführungIAM-RichtlinienTerraform
Sprache
English
Jax
gefragt vor 9 Monaten388 Aufrufe
1 Antwort
0

Hello, Have you tried using Service Control Policies? https://aws.amazon.com/blogs/mt/implement-aws-resource-tagging-strategy-using-aws-tag-policies-and-service-control-policies-scps/

profile pictureAWS
EXPERTE
David
beantwortet vor 9 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt