EC2 IAM policy to require tags

0 votes

AWS just released required tag support for EC2/EBS: New – Tag EC2 Instances & EBS Volumes on Creation.

However, the example is given only checks if tags have a fixed value which isn't useful to us because our users can enter free form values for required tags. How can a policy be written to check tags are present?

For example, we need something like this:

"Statement": [
    {
      "Sid": "DenyMissingTags",
      "Effect": "Deny",
      "Action": "ec2:RunInstances",
      "Resource": "arn:aws:ec2:us-east-1:accountid:instance/*",
      "Condition": {
        "StringExists": [
          "aws:RequestTag/costcenter",
          "aws:RequestTag/stack",
         ]
       }
     }
]

Obviously, I made up StringExists

May 15, 2019 in AWS by ArchanaNagur
• 2,360 points
1,329 views

1 answer to this question.

0 votes
Use StringLike or StringNotLike to do your work
  "Condition": {
    "StringEquals": {
      "aws:RequestTag/costcenter": "115",
      "aws:RequestTag/stack": "prod"
     },
     "ForAllValues:StringEquals": {
         "aws:TagKeys": ["costcenter","stack"]
     }
   }
answered May 15, 2019 by sunshine
• 1,300 points

Related Questions In AWS

0 votes
1 answer
0 votes
1 answer

How to set up a SPF(Sender Policy Framework) for AWS EC2 instance?

Setting up a SPF record is pretty ...READ MORE

answered Aug 16, 2018 in AWS by Archana
• 4,170 points
1,378 views
0 votes
1 answer

How to launch an EC2 instance with IAM-Role?

The credentials you are using from your ...READ MORE

answered Sep 3, 2018 in AWS by Archana
• 4,170 points
2,769 views
0 votes
1 answer

How to attach a managed policy to an IAM group?

Hi@akhtar, You can attach the specified managed policy to ...READ MORE

answered Nov 3, 2020 in AWS by MD
• 95,440 points
386 views
0 votes
1 answer

How to attach a managed policy to an IAM user?

Hi@akhtar, You can attach the specified managed policy ...READ MORE

answered Nov 3, 2020 in AWS by MD
• 95,440 points
425 views
0 votes
1 answer

Adding Keypair to existing EC2 instance

No you can't. The reason is KeyPair ...READ MORE

answered Apr 8, 2018 in AWS by code_ninja
• 6,290 points
1,133 views
+2 votes
3 answers

Is it possible to ping AWS EC2 instance

1.Go to EC2 Dashboard and click "Running ...READ MORE

answered Nov 13, 2020 in AWS by shivam
• 140 points

edited Nov 13, 2020 by Gitika 19,824 views
0 votes
2 answers

How to test credentials for AWS Command Line Tools

This command always works regardless of the ...READ MORE

answered Aug 8, 2018 in AWS by anonymous
5,665 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP