EC2 IAM policy to require tags

0 votes

AWS just released required tag support for EC2/EBS: New – Tag EC2 Instances & EBS Volumes on Creation.

However, the example is given only checks if tags have a fixed value which isn't useful to us because our users can enter free form values for required tags. How can a policy be written to check tags are present?

For example, we need something like this:

"Statement": [
    {
      "Sid": "DenyMissingTags",
      "Effect": "Deny",
      "Action": "ec2:RunInstances",
      "Resource": "arn:aws:ec2:us-east-1:accountid:instance/*",
      "Condition": {
        "StringExists": [
          "aws:RequestTag/costcenter",
          "aws:RequestTag/stack",
         ]
       }
     }
]

Obviously, I made up StringExists

May 15, 2019 in AWS by ArchanaNagur
 • 2,360 points 2,086 views

1 answer to this question.

0 votes 
Use StringLike or StringNotLike to do your work
  "Condition": {
    "StringEquals": {
      "aws:RequestTag/costcenter": "115",
      "aws:RequestTag/stack": "prod"
     },
     "ForAllValues:StringEquals": {
         "aws:TagKeys": ["costcenter","stack"]
     }
   }
answered May 15, 2019 by sunshine
 • 1,300 points

Related Questions In AWS

0 votes
1 answer

How to rename an AWS customer IAM policy?

No you cannot rename a policy The ...READ MORE

answered Jul 11, 2018 in AWS by Priyaj
 • 58,020 points 4,322 views
0 votes
1 answer

How to set up a SPF(Sender Policy Framework) for AWS EC2 instance?

Setting up a SPF record is pretty ...READ MORE

answered Aug 16, 2018 in AWS by Archana
 • 4,170 points 2,466 views
0 votes
1 answer

How to launch an EC2 instance with IAM-Role?

The credentials you are using from your ...READ MORE

answered Sep 3, 2018 in AWS by Archana
 • 4,170 points 3,575 views
0 votes
1 answer

How to attach a managed policy to an IAM group?

Hi@akhtar, You can attach the specified managed policy to ...READ MORE

answered Nov 3, 2020 in AWS by MD
 • 95,460 points 1,062 views
0 votes
1 answer

How to attach a managed policy to an IAM user?

Hi@akhtar, You can attach the specified managed policy ...READ MORE

answered Nov 3, 2020 in AWS by MD
 • 95,460 points 1,075 views
0 votes
0 answers

How to use aws ec2 create-tags (from aws cli) to give different values to the same tag across multiple resources?

Suppose I have a list of instance ...READ MORE

Dec 15, 2022 in AWS by Tejashwini
 • 5,380 points 2,069 views
0 votes
1 answer

Which IAM policy provides the permissions to resolve issues in AWS?

 You can use the AWS-managed policy named ...READ MORE

answered Nov 5, 2024 in AWS by Tarun
 833 views
0 votes
1 answer

Adding Keypair to existing EC2 instance

No you can't. The reason is KeyPair ...READ MORE

answered Apr 8, 2018 in AWS by code_ninja
 • 6,300 points 2,123 views
0 votes
2 answers

How to test credentials for AWS Command Line Tools

This command always works regardless of the ...READ MORE

answered Aug 8, 2018 in AWS by anonymous
 7,002 views
+1 vote
1 answer

How to calculate hours/month usage on Amazon RDS and Pricing?

When you create a database what happens ...READ MORE

answered May 14, 2019 in AWS by sunshine
 • 1,300 points 2,970 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP
"PMP®","PMI®", "PMI-ACP®" and "PMBOK®" are registered marks of the Project Management Institute, Inc. MongoDB®, Mongo and the leaf logo are the registered trademarks of MongoDB, Inc.