icy-controller-6092
07/06/2023, 6:24 AMaws:defaultTags
in the config, and then trying to write a policy for the deployment user that allows it to work with any resources that have the user:Project=myproject
taglittle-cartoon-10569
07/06/2023, 8:30 PMicy-controller-6092
07/06/2023, 11:22 PMNew resources won't have any existing tags, so you can't say "create resource X if resource X has tag Y".I think I might have got this working, just need to use
aws:RequestTag
instead of aws:ResourceTag
config:
aws:defaultTags:
tags:
user:Project: my_pulumi_project
2. tagging policy
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "tag:*",
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:RequestTag/user:Project": "my_pulumi_project"
}
}
}
]
}
3. manage resources
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iam:*",
"s3:*",
"lambda:*"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:ResourceTag/user:Project": "my_pulumi_project"
}
}
}
]
}
little-cartoon-10569
07/07/2023, 1:23 AM