Home › Forums › AWS › AWS Certified Solutions Architect Professional › Help – Is tag policy same as SCP in AWS Organizations › Reply To: Help – Is tag policy same as SCP in AWS Organizations
-
Hello Dash,
Thank you for your feedback.
Using SCP to control tagging policies on resources is a best practice recommended by AWS.
Scroll down on this link: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies-best-practices.html
For an example SCP, see this link: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples.html#example-require-tag-on-create
This SCP will require a TAG for creating an EC2 instance. If there is no specific tag on that instance, the EC2 creation is denied.
Basically, you will create an SCP that has a policy that Denies the creation of a resource if it does not have a proper tag.
For example, in this scenario, all EC2 instances need to have a “Project ID” tag.
So is a user creates a new EC2 instance without the proper “Project ID” on the tags, that action will be denied and the EC2 instance will not be created.
Hope this helps.
Let us know if you need further assistance. The Tutorials Dojo team is dedicated to helping you pass your AWS exam!
Regards,
Kenneth Samonte @ Tutorials Dojo