EC2 IAM policy to require tags

0 votes

AWS just released required tag support for EC2/EBS: New – Tag EC2 Instances & EBS Volumes on Creation.

However, the example is given only checks if tags have a fixed value which isn't useful to us because our users can enter free form values for required tags. How can a policy be written to check tags are present?

For example, we need something like this:

"Statement": [
    {
      "Sid": "DenyMissingTags",
      "Effect": "Deny",
      "Action": "ec2:RunInstances",
      "Resource": "arn:aws:ec2:us-east-1:accountid:instance/*",
      "Condition": {
        "StringExists": [
          "aws:RequestTag/costcenter",
          "aws:RequestTag/stack",
         ]
       }
     }
]

Obviously, I made up StringExists

May 15 in AWS by ArchanaNagur
• 2,270 points
62 views

1 answer to this question.

0 votes
Use StringLike or StringNotLike to do your work
  "Condition": {
    "StringEquals": {
      "aws:RequestTag/costcenter": "115",
      "aws:RequestTag/stack": "prod"
     },
     "ForAllValues:StringEquals": {
         "aws:TagKeys": ["costcenter","stack"]
     }
   }
answered May 15 by sunshine
• 1,240 points

Related Questions In AWS

0 votes
1 answer
0 votes
1 answer

How to set up a SPF(Sender Policy Framework) for AWS EC2 instance?

Setting up a SPF record is pretty ...READ MORE

answered Aug 16, 2018 in AWS by Archana
• 4,090 points
242 views
0 votes
1 answer

How to launch an EC2 instance with IAM-Role?

The credentials you are using from your ...READ MORE

answered Sep 3, 2018 in AWS by Archana
• 4,090 points
270 views
0 votes
1 answer

Adding Keypair to existing EC2 instance

No you can't. The reason is KeyPair ...READ MORE

answered Apr 8, 2018 in AWS by code_ninja
• 6,220 points
49 views
+2 votes
2 answers

Is it possible to ping AWS EC2 instance

Start by adding a new EC2 security group inbound ...READ MORE

answered Apr 9, 2018 in AWS by hemant
• 5,750 points
551 views
0 votes
3 answers
0 votes
2 answers