- 최신
- 최다 투표
- 가장 많은 댓글
If you only want to manage tags for specific services, you can get granular with your permissions. Here's a basic example for granting tag-editing permissions for EC2 and S3:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "TagEditorPermissions",
"Effect": "Allow",
"Action": [
"ec2:CreateTags",
"ec2:DeleteTags",
"s3:PutBucketTagging",
"s3:DeleteBucketTagging"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "tag:GetResources",
"Resource": "*"
}
]
}
This policy allows tag management for EC2 and S3. However, if you want to expand to other services, you'd have to include the appropriate tag management permissions for those as well.
If you want to do this across all services, here is an example:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ComprehensiveTaggingPermissions",
"Effect": "Allow",
"Action": [
"tag:TagResources",
"tag:UntagResources",
"tag:GetResources",
"tag:GetTagKeys",
"tag:GetTagValues",
"resource-explorer:List*"
],
"Resource": "*"
}
]
}
With this policy, you're allowing operations related to tagging, untagging, getting resources, tag keys, tag values, and any List* operation from the resource-explorer service, across all AWS services.
Note: A word of caution on using broad permissions; always ensure they are granted judiciously and reviewed regularly.
Hope this helps!
