- Le plus récent
- Le plus de votes
- La plupart des commentaires
You can add an IAM policy to your IAM user that has an allow for ec2:CreateTags
and a deny for ec2:DeleteTags
. Currently, these are the only tag-related permissions available for EC2 service, along with ec2:DescribeTags
.
Note that for existing tags, when you change or update the Tag Key, both ec2:DeleteTags
and ec2:CreateTags
actions will be performed. If you update change or update the Tag Value, ec2:CreateTags
action will be performed.
Check this reference that has an example for using tags: https://aws.amazon.com/premiumsupport/knowledge-center/iam-ec2-resource-tags/
You could use an SCP to manage who is able to change tags. There are some tagging examples on this page : https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples_tagging.html
Contenus pertinents
- demandé il y a 6 mois
- demandé il y a 9 mois
- AWS OFFICIELA mis à jour il y a un mois
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 4 ans