|
|
|
|
|
|
by dragonwriter
2396 days ago
|
|
|
> It's also hard to enforce tagging when you can't automatically destroy non-complaint objects You can automatically destroy non-compliant (with your tagging policy) objects, by querying objects that exist and examining their tags through the API (heck, you could even script the CLI to do this), and, if you use AWS Organizations, you can prevent noncompliant resources with a combination of service control policies (to require tagging) and tag policies (to specify use of tags). > (for instance, by SDK/cli, you can't create an ec2 instance with tags.. you make the instance, then tag it. That's...not true. The runinstances call in the SDK that creates one or more instances from an AMI takes an optional set of tag specifications for tags that can be applied to the instances and/or any of a wide variety of associated resources. (python) https://boto3.amazonaws.com/v1/documentation/api/latest/refe... (Java) https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/am... |
|
|