ec2 tagging launch Archives - Anuj Varma, Hands-On Technology Architect, Clean Air Activist https://www.anujvarma.com/tag/ec2-tagging-launch/ Production Grade Technical Solutions | Data Encryption and Public Cloud Expert Sun, 26 Jan 2020 00:07:41 +0000 en-US hourly 1 https://wordpress.org/?v=6.9.4 https://www.anujvarma.com/wp-content/uploads/anujtech.png ec2 tagging launch Archives - Anuj Varma, Hands-On Technology Architect, Clean Air Activist https://www.anujvarma.com/tag/ec2-tagging-launch/ 32 32 Launch EC2 Instance only if it is Tagged https://www.anujvarma.com/launch-ec2-instance-only-if-it-is-tagged/ https://www.anujvarma.com/launch-ec2-instance-only-if-it-is-tagged/#respond Sun, 26 Jan 2020 00:07:41 +0000 https://www.anujvarma.com/?p=6446 This can apply to EC2 instances, EBS volumes or both.  You can tweak it to work for only key present, key-value present and key value exact match. STEP 1  – […]

The post Launch EC2 Instance only if it is Tagged appeared first on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.

]]>

This can apply to EC2 instances, EBS volumes or both.  You can tweak it to work for only key present, key-value present and key value exact match.

STEP 1  – CREATE A POLICY AS DESCRIBED BELOW

Example Policy – Only launch EC2 if it has all the matching tag keys and values  (see the ‘condition’ in the json below)

STEP 2 – CREATE A GROUP TO ASSIGN THE POLICY TO

 

Example Policy – Only launch EC2 if it has all the matching tag keys and values  (see the ‘condition’ in the json below)

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowToDescribeAll",
            "Effect": "Allow",
            "Action": [
                "ec2:Describe*"
            ],
            "Resource": "*"
        },
        {
            "Sid": "AllowRunInstances",
            "Effect": "Allow",
            "Action": "ec2:RunInstances",
            "Resource": [
                "arn:aws:ec2:*::image/*",
                "arn:aws:ec2:*::snapshot/*",
                "arn:aws:ec2:*:*:subnet/*",
                "arn:aws:ec2:*:*:network-interface/*",
                "arn:aws:ec2:*:*:security-group/*",
                "arn:aws:ec2:*:*:key-pair/*"
            ]
        },
        {
            "Sid": "AllowRunInstancesWithRestrictions",
            "Effect": "Allow",
            "Action": [
                "ec2:CreateVolume",
                "ec2:RunInstances"
            ],
            "Resource": [
                "arn:aws:ec2:*:*:volume/*",
                "arn:aws:ec2:*:*:instance/*"
            ],
            "Condition": {
                "StringEquals": {
                    "aws:RequestTag/key1": "value1",
                    "aws:RequestTag/key2": "value2"
                },
                "ForAllValues:StringEquals": {
                    "aws:TagKeys": [
                        "key1",
                        "key2"
                    ]
                }
            }
        },
        {
            "Sid": "AllowCreateTagsOnlyLaunching",
            "Effect": "Allow",
            "Action": [
                "ec2:CreateTags"
            ],
            "Resource": [
                "arn:aws:ec2:*:*:volume/*",
                "arn:aws:ec2:*:*:instance/*"
            ],
            "Condition": {
                "StringEquals": {
                    "ec2:CreateAction": "RunInstances"
                }
            }
        }
    ]
}

The post Launch EC2 Instance only if it is Tagged appeared first on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.

]]> https://www.anujvarma.com/launch-ec2-instance-only-if-it-is-tagged/feed/ 0