Hi all ! Our org is implementing Service Control Policies on all resources to make sure all of them are tagged. That being said we are facing issues where in we are unable to tag resources created by AWS as a part of EKS Cluster bring up. For example, resources like ASGs, EC2 and EBS volumes. What would be the best approach to tag these resources before SCP rules kick in and prevent infrastructure provisioning. We used this example for our tagging strategy in AWS. link