This only applies to tagging operations, which are often separate from resource creation operations. For example, you can require a particular tag on an S3 bucket, but you can still just create a completely untagged bucket. The policy doesn't come into play unless you try to tag the bucket.