Enforcing Tag Policies on existing instances
0
A customer is using tagging policies and enforcing them SCP, so that an instance can't run unless it's tagged with relevant required tags.
If they were to attach that SCP, currently triggered on ec2:RunInstances, to an account with already running instances and potentially untagged or tagged in a non-compliant way, what would happen? Would it stop the instances or only prevent them from restarting once stopped?
已提问 4 年前295 查看次数
1 回答
- 最新
- 投票最多
- 评论最多
0
RunInstances is the API for launching instances so an SCP that limits use of it with conditions will only apply to launching new ones.
StartInstances and StopInstances are for stop/start actions.
相关内容
AWS 官方已更新 2 年前- AWS 官方已更新 7 个月前
- AWS 官方已更新 3 年前
After attaching the above SCP policy to an account, I am unable (with Administrator access) to launch an instance with all the compliant tags. The policy is working fine when I deploy an instance with incorrect tags. Does it require an special permissions? Any advice please.