我正在尝试创建一个 AWS SCP 以在资源创建时强制执行一些标签。这对 EC2、LAMBDA 工作正常但对于 AWS RDS 资源创建失败,因为我无法在创建时提供标签
创建 SCP 并尝试通过 cli 创建 RDS 实例能够提供标签和创建实例。但在管理控制台中没有获得选项
这是SCP
{ "版本": "2012-10-17", “陈述”: [ { "Sid": "DenyEC2CreationInfraOwnerTag", “效果”:“拒绝”, “行动”: [ “ec2:运行实例”, “ec2:启动实例” ], “资源”:[ “arn:aws:ec2:::实例/”, “arn:aws:ec2:::volume/” ], “健康)状况”: { “无效的”: { “aws:RequestTag/InfraOwner”:“真” } } }, { "Sid": "DenyEC2CreationProductTag", “效果”:“拒绝”, “行动”: [ “ec2:运行实例”, “ec2:启动实例” ], “资源”:[ “arn:aws:ec2:::实例/”, “arn:aws:ec2:::volume/” ], “健康)状况”: { “无效的”: { “aws:请求标签/产品”:“真” } } }, { "Sid": "DenyEC2CreationNameTag", “效果”:“拒绝”, “行动”: [ “ec2:运行实例”, “ec2:启动实例” ], “资源”:[ “arn:aws:ec2:::实例/”, “arn:aws:ec2:::volume/” ], “健康)状况”: { “无效的”: { “aws:请求标签/名称”:“真” } } }, { "Sid": "DenyLambdaCreationInfraOwnerTag", “效果”:“拒绝”, “行动”: [ “拉姆达:创建*” ], “资源”:[ “” ], “健康)状况”: { “无效的”: { “aws:RequestTag/InfraOwner”:“真” } } }, { "Sid": "DenyLambdaCreationProductTag", “效果”:“拒绝”, “行动”: [ “拉姆达:创建” ], “资源”:[ “” ], “健康)状况”: { “无效的”: { “aws:请求标签/产品”:“真” } } }, { "Sid": "DenyLambdaCreationNameTag", “效果”:“拒绝”, “行动”: [ “拉姆达:创建” ], “资源”:[ “” ], “健康)状况”: { “无效的”: { “aws:请求标签/名称”:“真” } } }, { "Sid": "DenyRDSCreationInfraOwnerTag", “效果”:“拒绝”, “行动”: [ “rds:创建数据库实例”, “rds:CreateDBCluster” ], “资源”:[ “” ], “健康)状况”: { “无效的”: { “aws:RequestTag/InfraOwner”:“真” } } }, { "Sid": "DenyRDSCreationProductTag", “效果”:“拒绝”, “行动”: [ “rds:创建数据库实例”, “rds:CreateDBCluster” ], “资源”:[ “” ], “健康)状况”: { “无效的”: { “aws:请求标签/产品”:“真” } } }, { "Sid": "DenyRDSCreationNameTag", “效果”:“拒绝”, “行动”: [ “rds:创建数据库实例”, “rds:CreateDBCluster” ], “资源”:[ “” ], “健康)状况”: { “无效的”: { “aws:请求标签/名称”:“真” } } }, { "Sid": "DenyDynamoDBCreationInfraOwnerTag", “效果”:“拒绝”, “行动”: [ “dynamodb:创建表” ], “资源”:[ “” ], “健康)状况”: { “无效的”: { “aws:RequestTag/InfraOwner”:“真” } } }, { "Sid": "DenyDynamoDBCreationProductTag", “效果”:“拒绝”, “行动”: [ “dynamodb:创建表” ], “资源”:[ “” ], “健康)状况”: { “无效的”: { “aws:请求标签/产品”:“真” } } }, { "Sid": "DenyDynamoDBCreationNameTag", “效果”:“拒绝”, “行动”: [ “dynamodb:创建表” ], “资源”:[ “*” ], “健康)状况”: { “无效的”: { “aws:请求标签/名称”:“真” } } } ] }