Enforcing Tag Policies on existing instances
0
A customer is using tagging policies and enforcing them SCP, so that an instance can't run unless it's tagged with relevant required tags.
If they were to attach that SCP, currently triggered on ec2:RunInstances, to an account with already running instances and potentially untagged or tagged in a non-compliant way, what would happen? Would it stop the instances or only prevent them from restarting once stopped?
demandé il y a 4 ans295 vues
1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
0
RunInstances is the API for launching instances so an SCP that limits use of it with conditions will only apply to launching new ones.
StartInstances and StopInstances are for stop/start actions.
Contenus pertinents
- demandé il y a un an
- demandé il y a un an
- demandé il y a 2 mois
AWS OFFICIELA mis à jour il y a 3 ans- AWS OFFICIELA mis à jour il y a 3 ans
- AWS OFFICIELA mis à jour il y a 6 mois
After attaching the above SCP policy to an account, I am unable (with Administrator access) to launch an instance with all the compliant tags. The policy is working fine when I deploy an instance with incorrect tags. Does it require an special permissions? Any advice please.