EC2 IAM policy to require tags

0 votes

AWS just released required tag support for EC2/EBS: New – Tag EC2 Instances & EBS Volumes on Creation.

However, the example is given only checks if tags have a fixed value which isn't useful to us because our users can enter free form values for required tags. How can a policy be written to check tags are present?

For example, we need something like this:

"Statement": [
    {
      "Sid": "DenyMissingTags",
      "Effect": "Deny",
      "Action": "ec2:RunInstances",
      "Resource": "arn:aws:ec2:us-east-1:accountid:instance/*",
      "Condition": {
        "StringExists": [
          "aws:RequestTag/costcenter",
          "aws:RequestTag/stack",
         ]
       }
     }
]

Obviously, I made up StringExists

May 15, 2019 in AWS by ArchanaNagur
• 2,340 points
923 views

1 answer to this question.

0 votes
Use StringLike or StringNotLike to do your work
  "Condition": {
    "StringEquals": {
      "aws:RequestTag/costcenter": "115",
      "aws:RequestTag/stack": "prod"
     },
     "ForAllValues:StringEquals": {
         "aws:TagKeys": ["costcenter","stack"]
     }
   }
answered May 15, 2019 by sunshine
• 1,280 points

Related Questions In AWS

0 votes
1 answer
0 votes
1 answer

How to set up a SPF(Sender Policy Framework) for AWS EC2 instance?

Setting up a SPF record is pretty ...READ MORE

answered Aug 16, 2018 in AWS by Archana
• 4,150 points
1,068 views
0 votes
1 answer

How to launch an EC2 instance with IAM-Role?

The credentials you are using from your ...READ MORE

answered Sep 3, 2018 in AWS by Archana
• 4,150 points
1,985 views
0 votes
1 answer

How to attach a managed policy to an IAM group?

Hi@akhtar, You can attach the specified managed policy to ...READ MORE

answered Nov 3, 2020 in AWS by MD
• 95,360 points
119 views
0 votes
1 answer

How to attach a managed policy to an IAM user?

Hi@akhtar, You can attach the specified managed policy ...READ MORE

answered Nov 3, 2020 in AWS by MD
• 95,360 points
139 views
0 votes
1 answer

Adding Keypair to existing EC2 instance

No you can't. The reason is KeyPair ...READ MORE

answered Apr 8, 2018 in AWS by code_ninja
• 6,290 points
664 views
+2 votes
3 answers

Is it possible to ping AWS EC2 instance

1.Go to EC2 Dashboard and click "Running ...READ MORE

answered Nov 13, 2020 in AWS by shivam
• 140 points

edited Nov 13, 2020 by Gitika 12,547 views
0 votes
2 answers

How to test credentials for AWS Command Line Tools

This command always works regardless of the ...READ MORE

answered Aug 8, 2018 in AWS by anonymous
4,556 views
webinar REGISTER FOR FREE WEBINAR X
Send OTP
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP