启动EC2实例时的强制标记 [英] Mandatory tagging when launching EC2 instance

问题描述

在AWS中，是否有一种方法可以强迫IAM用户标记他/她将要启动的实例？值是什么都没有关系。我想确保正确标记了它，以便可以正确识别长时间运行的实例并通知所有者。当前标记是可选的。

In AWS, is there a way to force an IAM user to tag the instance he/she is about to launch? It doesn't matter what the value is. I want to make sure it is correctly tagged so that long running instances can be properly identified and the owner notified. Currently tagging is optional.

我目前要做的是使用CloudTrail并与其IAM用户标识实例。我不喜欢它，因为定期运行脚本是一项额外的工作，并且CloudTrail仅拥有7天的数据。如果AWS具有所有者的实例属性，那就太好了。

What I do currently is to use CloudTrail and identify the instances with their IAM users. I do not like it because it is an extra work to run the script periodically and CloudTrail has only 7 days worth of data. It would be nice if AWS has an instance attribute for owner.

在我们的案例中，使用密钥对来标识所有者不是可行的解决方案。任何人以前都遇到过这个问题，您是如何解决的？

Using keypairs to identify the owners is not a viable solution in our case. Anyone faced this problem before and how did you tackle it?

推荐答案

我使用AWS Lambda解决了这个问题。当CloudTrail在S3中创建对象时，它将触发一个事件，该事件导致Lambda函数执行。然后，Lambda函数解析S3对象并创建标签。大约有2分钟的延迟，但解决方案效果很好。

I resolved this by using AWS Lambda. When CloudTrail creates an object in S3, it triggers an event that cause a Lambda function to execute. The Lambda function then parses the S3 object and creates the tag. There is a lag of ~2 mins but the solution works perfectly.

这篇关于启动EC2实例时的强制标记的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！