强制在AWS中标记资源? [英] Enforcing tagging for resources in AWS?

问题描述

我们可以在创建资源时在AWS中强制执行标记，以便除非在创建时手动将标签赋予资源的情况下才能创建资源吗?

Can we enforce tagging in AWS while creating a resource so that the resource will not be created unless a tag is given manually to the resource while creating?

推荐答案

简短答案:无法通过针对所有资源的策略强制实施.

Short Answer: Cannot enforce through policies for All resources.

有许多资源支持AWS中的标记.

There are many resources which support tagging in AWS.

但是，只有在您使用CLI/API标记的情况下，才能在创建期间广泛支持该标记.例如:从API/CLI创建RDS，您可以在创建过程中指定标签.但是从控制台，只能在从控制台创建实例后将标签添加到实例.

But only if you use CLI/API tags are widely supported during creation time. eg: RDS creation from API/CLI you can specify tags during creation. But from console, you can only add tags to instance after it is created from Console.

但是对于EC2和EBS，您可以在此处中指定的策略进行控制

But for EC2 and EBS you can control through policies as specified here

{
    "Sid": "AllowLaunchOnlyWithRequiredTags1",
    "Effect": "Deny",
    "Action": "ec2:RunInstances",
    "Resource": "arn:aws:ec2:us-east-1:accountid:instance/*",
    "Condition": {
        "Null": {"aws:RequestTag/dept": "true"}
    } }, {
    "Sid": "AllowLaunchOnlyWithRequiredTags2",
    "Effect": "Deny",
    "Action": "ec2:RunInstances",
    "Resource": "arn:aws:ec2:us-east-1:accountid:instance/*",
    "Condition": {
        "Null": {"aws:RequestTag/projectCode": "true"}
    } }

并非所有资源都支持上述条件，尽管它们支持标签.因此，目前看来似乎很不一致.

The above Condition is not supported by all resources, though they support tags. So, It seems like an inconsistency for now.

这篇关于强制在AWS中标记资源?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！