'Prevent SCP IAM on Ec2 that are part of ASG

I need to enforce tag suite on aws resources.

The solution - use SCP Policies

The problem - it would affect existing ec2 instances in the autoscaling groups and new ec2s won't be created.

Anyone knows of a good way to condition the policy not to have effect on ec2 instances part of any autoscaling groups?

amazon-iam


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

IAM Role + Boto3 + Docker container

Why is my access denied on s3 (using the aws-sdk for Node.js)?

AWS IAM Lambda "is not authorized to perform: lambda:GetFunction"

Restrict Lambda function URL access to CloudFront

Athena queries between tables in different accounts

clone AWS codecommit repo via HTTP

AWS S3/IAM CORS/Prefetch error when Uploading Image

How enable access to AWS STS AssumeRole

The IAM authentication failed for the role postgres. Check the IAM token for this role and try again

Cross account access to a CodeArtifact repo

Attributes for access control are null on AWS Identity Pool

User cannot get resource "services" in API group - Jenkins pipeline EKS deployment

RDS Proxy IAM role unable to retrieve credentials from secret

Create AWS Lambda function using Terraform

S3 programmatic access via Java