in AWS

Controlling User Actions Using AWS Tags

AWS tags can be used to organize your deployed resources, for billing for example, but they can also be used as a condition for policies.

This will allow you to allow or deny an action based on the tag value.

In this video, I explain the concept of using AWS tags for that purpose.

If the mood strike, subscribe and hit that like button 👍

Policy json code:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ec2:DescribeInstances",
                "ec2:StartInstances",
                "ec2:StopInstances",
                "ec2:DescribeInstanceStatus"
            ],
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "aws:PrincipalTag/Operator": "true"
                }
            }
        }
    ]
}

Share your thoughts

Comment