AWS tags can be used to organize your deployed resources, for billing for example, but they can also be used as a condition for policies.
This will allow you to allow or deny an action based on the tag value.
In this video, I explain the concept of using AWS tags for that purpose.
If the mood strike, subscribe and hit that like button 👍
Policy json code:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:DescribeInstanceStatus"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:PrincipalTag/Operator": "true"
}
}
}
]
}