Enforcing Tag Policies on existing instances
0
A customer is using tagging policies and enforcing them SCP, so that an instance can't run unless it's tagged with relevant required tags.
If they were to attach that SCP, currently triggered on ec2:RunInstances, to an account with already running instances and potentially untagged or tagged in a non-compliant way, what would happen? Would it stop the instances or only prevent them from restarting once stopped?
已提問 4 年前檢視次數 295 次
1 個回答
- 最新
- 最多得票
- 最多評論
0
RunInstances is the API for launching instances so an SCP that limits use of it with conditions will only apply to launching new ones.
StartInstances and StopInstances are for stop/start actions.
相關內容
- 已提問 6 個月前
AWS 官方已更新 7 個月前- AWS 官方已更新 2 年前
After attaching the above SCP policy to an account, I am unable (with Administrator access) to launch an instance with all the compliant tags. The policy is working fine when I deploy an instance with incorrect tags. Does it require an special permissions? Any advice please.