In order to maintain compatibility with older versions, we used to overlook the AccessDenied exception when a customer lacked the permission to add stack level tags. This PR aims to rectify this behavior by following to the latest CloudFormation guidelines and instead throwing an UnauthorizedTaggingOperation error code.
However, we still have the tagging logic in place to distinguish between access denied for resource tags and access denied for stack level tags. Once CloudFormation confirms that it is safe to convert UnauthorizedTaggingOperation to the regular AccessDenied error code, we can safely remove all the logic related to tag error management and the safeCreate mechanism.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
Description of changes:
In order to maintain compatibility with older versions, we used to overlook the AccessDenied exception when a customer lacked the permission to add stack level tags. This PR aims to rectify this behavior by following to the latest CloudFormation guidelines and instead throwing an
UnauthorizedTaggingOperation
error code.However, we still have the tagging logic in place to distinguish between access denied for resource tags and access denied for stack level tags. Once CloudFormation confirms that it is safe to convert
UnauthorizedTaggingOperation
to the regularAccessDenied
error code, we can safely remove all the logic related to tag error management and thesafeCreate
mechanism.By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.