{"id":221,"date":"2021-07-24T04:57:13","date_gmt":"2021-07-24T04:57:13","guid":{"rendered":"https:\/\/demo.casethemes.net\/itfirm\/?p=221"},"modified":"2022-08-05T04:14:39","modified_gmt":"2022-08-05T04:14:39","slug":"enforce-aws-tags-while-creating-aws-resources","status":"publish","type":"post","link":"https:\/\/devopspace.com\/ae\/enforce-aws-tags-while-creating-aws-resources\/","title":{"rendered":"Enforce AWS Tags While Creating AWS Resources"},"content":{"rendered":"<p>The infrastructure team at\u00a0<a href=\"http:\/\/devopspace.com\/\" target=\"_blank\" rel=\"noopener\">DevOpSpace\u00a0<\/a>always tries to prove that they\u2019re different from other organizations. And thus the team \u2013 when they don\u2019t have much things going around \u2013 invest time in learning and doing proof of concepts which will help the team to understand how things work, which results in customer appreciation for the team. The below JSON documents are created by our team to enforce AWS tags while creating AWS resources, and we share this to you too!!<\/p>\n<p>Both the documents are IAM policies \u2013 one related to EC2 instances and the other related to EBS Volumes. Coming to the first one:<\/p>\n<h5>Deny Creating EC2 Instance Without AWS Tags<\/h5>\n<p>This JSON based IAM policy, enforces tagging EC2 instances at the time of creation. It restricts creating EC2 instance without pre-defined \u201ctag keys\u201d. This eliminates the need for AWS Lambda script that would automate the tagging process, when you don\u2019t want to spend additional cost on that.<\/p>\n<p>The infrastructure team at\u00a0<a href=\"http:\/\/devopspace.com\/\" target=\"_blank\" rel=\"noopener\">DevOpSpace\u00a0<\/a>always tries to prove that they\u2019re different from other organizations. And thus the team \u2013 when they don\u2019t have much things going around \u2013 invest time in learning and doing proof of concepts which will help the team to understand how things work, which results in customer appreciation for the team. The below JSON documents are created by our team to enforce AWS tags while creating AWS resources, and we share this to you too!!<\/p>\n<p>Both the documents are IAM policies \u2013 one related to EC2 instances and the other related to EBS Volumes. Coming to the first one:<\/p>\n<h5>Deny Creating EC2 Instance Without AWS Tags<\/h5>\n<p>This JSON based IAM policy, enforces tagging EC2 instances at the time of creation. It restricts creating EC2 instance without pre-defined \u201ctag keys\u201d. This eliminates the need for AWS Lambda script that would automate the tagging process, when you don\u2019t want to spend additional cost on that.<\/p>\n<p>\u201c_comment\u201d: \u201cTag based EC2 instance creation created by Team DevOpSpace\u201d<br \/>\n{<br \/>\n\u201cVersion\u201d: \u201c2012-10-17\u201d,<br \/>\n\u201cStatement\u201d: [<br \/>\n{<br \/>\n\u201cSid\u201d: \u201cEC2CreateInstanceWithTag\u201d,<br \/>\n\u201cEffect\u201d: \u201cDeny\u201d,<br \/>\n\u201cAction\u201d: \u201cec2:RunInstances\u201d,<br \/>\n\u201cResource\u201d: \u201carn:aws:ec2:us-east-1:AWSaccount:instance\/*\u201d,<br \/>\n\u201cCondition\u201d: {<br \/>\n\u201cStringNotLike\u201d: {<br \/>\n\u201caws:RequestTag\/environment\u201d: \u201c*\u201d<br \/>\n}<br \/>\n}<br \/>\n}<\/p>\n<p>]<br \/>\n}<\/p>\n<h5>Deny Creating EBS Volumes Without AWS Tags<\/h5>\n<p>This JSON based IAM policy, enforces tagging EBS Volumes at the time of creation. It restricts creating EBS volumes without pre-defined \u201ctag keys\u201d. This would ensure that there will be tags whenever an EBS volume is created.<\/p>\n<p>\u201c_comment\u201d: \u201cTag based EBS volume creation created by Team DevOpSpace\u201d<br \/>\n{<br \/>\n\u201cVersion\u201d: \u201c2012-10-17\u201d,<br \/>\n\u201cStatement\u201d: [<br \/>\n{<br \/>\n\u201cSid\u201d: \u201cEBSVolumeWithTag\u201d,<br \/>\n\u201cEffect\u201d: \u201cDeny\u201d,<br \/>\n\u201cAction\u201d: \u201cec2:CreateVolume\u201d,<br \/>\n\u201cResource\u201d: \u201carn:aws:ec2:us-east-1:AWSaccount:volume\/*\u201d,<br \/>\n\u201cCondition\u201d: {<br \/>\n\u201cForAllValues:StringEqualsIfExists\u201d: {<br \/>\n\u201caws:RequestTag\/environment\u201d: \u201c*\u201d<br \/>\n}<br \/>\n}<br \/>\n}<br \/>\n]<br \/>\n}<\/p>\n<p>There are variables in the code which has to be replaced appropriate values. The code even works for a user who has complete allow permission in EC2\/EBS. It has to be noted that we don\u2019t have any control over tag values. Try this out and let us know how it goes.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>With over a decade experience, we\u2019ve established ourselves as one of the pioneering agencies in the region. We understand the importance of approaching each work integrally and believe in the power of simple and easy communication. <\/p>\n","protected":false},"author":1,"featured_media":4473,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":""},"categories":[52],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.5.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Enforce AWS Tags While Creating AWS Resources - DevOpSpace<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/devopspace.com\/ae\/enforce-aws-tags-while-creating-aws-resources\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Enforce AWS Tags While Creating AWS Resources - DevOpSpace\" \/>\n<meta property=\"og:description\" content=\"With over a decade experience, we\u2019ve established ourselves as one of the pioneering agencies in the region. We understand the importance of approaching each work integrally and believe in the power of simple and easy communication.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/devopspace.com\/ae\/enforce-aws-tags-while-creating-aws-resources\/\" \/>\n<meta property=\"og:site_name\" content=\"DevOpSpace\" \/>\n<meta property=\"article:published_time\" content=\"2021-07-24T04:57:13+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-08-05T04:14:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/devopspace.com\/ae\/wp-content\/uploads\/2021\/12\/h4-section-shape1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"673\" \/>\n\t<meta property=\"og:image:height\" content=\"538\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/devopspace.com\/ae\/enforce-aws-tags-while-creating-aws-resources\/\",\"url\":\"https:\/\/devopspace.com\/ae\/enforce-aws-tags-while-creating-aws-resources\/\",\"name\":\"Enforce AWS Tags While Creating AWS Resources - DevOpSpace\",\"isPartOf\":{\"@id\":\"https:\/\/devopspace.com\/ae\/#website\"},\"datePublished\":\"2021-07-24T04:57:13+00:00\",\"dateModified\":\"2022-08-05T04:14:39+00:00\",\"author\":{\"@id\":\"https:\/\/devopspace.com\/ae\/#\/schema\/person\/12873bdd0626b7803cc0ae79fa3c0209\"},\"breadcrumb\":{\"@id\":\"https:\/\/devopspace.com\/ae\/enforce-aws-tags-while-creating-aws-resources\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/devopspace.com\/ae\/enforce-aws-tags-while-creating-aws-resources\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/devopspace.com\/ae\/enforce-aws-tags-while-creating-aws-resources\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/devopspace.com\/ae\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Enforce AWS Tags While Creating AWS Resources\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/devopspace.com\/ae\/#website\",\"url\":\"https:\/\/devopspace.com\/ae\/\",\"name\":\"DevOpSpace\",\"description\":\"FINITE Solutions, INFINITE Possibilities\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/devopspace.com\/ae\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/devopspace.com\/ae\/#\/schema\/person\/12873bdd0626b7803cc0ae79fa3c0209\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/devopspace.com\/ae\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/1f3f46f7bc46381003d01deccc6a9946?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/1f3f46f7bc46381003d01deccc6a9946?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"http:\/\/devopspace.com\"],\"url\":\"https:\/\/devopspace.com\/ae\/author\/admin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Enforce AWS Tags While Creating AWS Resources - DevOpSpace","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/devopspace.com\/ae\/enforce-aws-tags-while-creating-aws-resources\/","og_locale":"en_US","og_type":"article","og_title":"Enforce AWS Tags While Creating AWS Resources - DevOpSpace","og_description":"With over a decade experience, we\u2019ve established ourselves as one of the pioneering agencies in the region. We understand the importance of approaching each work integrally and believe in the power of simple and easy communication.","og_url":"https:\/\/devopspace.com\/ae\/enforce-aws-tags-while-creating-aws-resources\/","og_site_name":"DevOpSpace","article_published_time":"2021-07-24T04:57:13+00:00","article_modified_time":"2022-08-05T04:14:39+00:00","og_image":[{"width":673,"height":538,"url":"https:\/\/devopspace.com\/ae\/wp-content\/uploads\/2021\/12\/h4-section-shape1.png","type":"image\/png"}],"author":"admin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"admin","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/devopspace.com\/ae\/enforce-aws-tags-while-creating-aws-resources\/","url":"https:\/\/devopspace.com\/ae\/enforce-aws-tags-while-creating-aws-resources\/","name":"Enforce AWS Tags While Creating AWS Resources - DevOpSpace","isPartOf":{"@id":"https:\/\/devopspace.com\/ae\/#website"},"datePublished":"2021-07-24T04:57:13+00:00","dateModified":"2022-08-05T04:14:39+00:00","author":{"@id":"https:\/\/devopspace.com\/ae\/#\/schema\/person\/12873bdd0626b7803cc0ae79fa3c0209"},"breadcrumb":{"@id":"https:\/\/devopspace.com\/ae\/enforce-aws-tags-while-creating-aws-resources\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/devopspace.com\/ae\/enforce-aws-tags-while-creating-aws-resources\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/devopspace.com\/ae\/enforce-aws-tags-while-creating-aws-resources\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/devopspace.com\/ae\/"},{"@type":"ListItem","position":2,"name":"Enforce AWS Tags While Creating AWS Resources"}]},{"@type":"WebSite","@id":"https:\/\/devopspace.com\/ae\/#website","url":"https:\/\/devopspace.com\/ae\/","name":"DevOpSpace","description":"FINITE Solutions, INFINITE Possibilities","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/devopspace.com\/ae\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/devopspace.com\/ae\/#\/schema\/person\/12873bdd0626b7803cc0ae79fa3c0209","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/devopspace.com\/ae\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/1f3f46f7bc46381003d01deccc6a9946?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1f3f46f7bc46381003d01deccc6a9946?s=96&d=mm&r=g","caption":"admin"},"sameAs":["http:\/\/devopspace.com"],"url":"https:\/\/devopspace.com\/ae\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/devopspace.com\/ae\/wp-json\/wp\/v2\/posts\/221"}],"collection":[{"href":"https:\/\/devopspace.com\/ae\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devopspace.com\/ae\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devopspace.com\/ae\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/devopspace.com\/ae\/wp-json\/wp\/v2\/comments?post=221"}],"version-history":[{"count":0,"href":"https:\/\/devopspace.com\/ae\/wp-json\/wp\/v2\/posts\/221\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devopspace.com\/ae\/wp-json\/wp\/v2\/media\/4473"}],"wp:attachment":[{"href":"https:\/\/devopspace.com\/ae\/wp-json\/wp\/v2\/media?parent=221"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devopspace.com\/ae\/wp-json\/wp\/v2\/categories?post=221"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devopspace.com\/ae\/wp-json\/wp\/v2\/tags?post=221"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}