- Más nuevo
- Más votos
- Más comentarios
You can add an IAM policy to your IAM user that has an allow for ec2:CreateTags
and a deny for ec2:DeleteTags
. Currently, these are the only tag-related permissions available for EC2 service, along with ec2:DescribeTags
.
Note that for existing tags, when you change or update the Tag Key, both ec2:DeleteTags
and ec2:CreateTags
actions will be performed. If you update change or update the Tag Value, ec2:CreateTags
action will be performed.
Check this reference that has an example for using tags: https://aws.amazon.com/premiumsupport/knowledge-center/iam-ec2-resource-tags/
You could use an SCP to manage who is able to change tags. There are some tagging examples on this page : https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples_tagging.html
Contenido relevante
- OFICIAL DE AWSActualizada hace 8 meses
- OFICIAL DE AWSActualizada hace 3 años
- OFICIAL DE AWSActualizada hace un mes
- ¿Cómo puedo resolver el error “Failed to start the job flow due to an internal error” en Amazon EMR?OFICIAL DE AWSActualizada hace un mes