'Create a IAM policy on tags and resources

Can I create a policy that deny removing a specific tag on an AWS resource or secret and allow creating other tags on the same resource?

For example I have a resource with tag "Dont touch" I would like to deny others to remove or edit this tag but allow others to add whatever other tags that they want. Is this possible? How?

amazon-iam


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

IAM Role + Boto3 + Docker container

Why is my access denied on s3 (using the aws-sdk for Node.js)?

AWS IAM Lambda "is not authorized to perform: lambda:GetFunction"

Restrict Lambda function URL access to CloudFront

Athena queries between tables in different accounts

clone AWS codecommit repo via HTTP

AWS S3/IAM CORS/Prefetch error when Uploading Image

How enable access to AWS STS AssumeRole

The IAM authentication failed for the role postgres. Check the IAM token for this role and try again

Cross account access to a CodeArtifact repo

Attributes for access control are null on AWS Identity Pool

User cannot get resource "services" in API group - Jenkins pipeline EKS deployment

RDS Proxy IAM role unable to retrieve credentials from secret

Create AWS Lambda function using Terraform

S3 programmatic access via Java