Restrict AWS Tag Names

142 views Asked by At

Is there a way to create an AWS policy that would restrict an AWS tag name?

For example, if I wanted to create a tag namespace like:

admin.env.prod = true
user.system.profile = webserver

To prevent a user from creating a tag with name 'admin.*' but allow 'user.*' (or anything other than 'admin.*' really).

1

There are 1 answers

0
jzonthemtn On

Unfortunately, not at this time. A user with the necessary permissions can set a tag value of anything on a resource as long as the tag meets the AWS tag requirements. You could write a small script using ec2-describe-tags to periodically check your resource tags for compliance to your desired policy (perhaps using a regular expression?) and notify you if a bad tag name is found.