galenatjpl
commented
1 year ago It seems permissions aren't there, and I created this ticket: https://jaas.gsfc.nasa.gov/servicedesk/customer/portal/2/GSD-2683
Open galenatjpl opened 1 year ago
galenatjpl
commented
1 year ago It seems permissions aren't there, and I created this ticket: https://jaas.gsfc.nasa.gov/servicedesk/customer/portal/2/GSD-2683
Use SCPs to prevent tagging for creating new resources You can use SCPs to prevent the creation of new AWS resources that aren't tagged for your Organization’s tagging restriction guidelines. To make sure that the AWS resources are created only if a certain tag is present, use the example SCP policy [to require a tag on specified created resources
See: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples_tagging.html#example-require-tag-on-create
Enforce that if a resource can't be created if it doesn't have the mandatory tags filled out. See: https://unity-sds.gitbook.io/docs/developer-docs/common-services/docs/users-guide/deployment/unity-aws-resource-tagging-conventions#mbt
Do this first on the Unity-Dev account.
After the above is successfully proved on the Unity-Dev account, create a new Github issue for each other venue to apply this to.
Also create another github issue ticket to figure out how this can be automated in the future, so we don't have to do it manually to each account.