Department
needs to be applied to both sub-user 1 and sub-user 2.Department: DepartmentOne
, while sub-user 2 can only use Department: DepartmentTwo
and Department: DepartmentThree
."auto_assign": {"@@assign": "on"}
indicates that the tag key for Department
has auto-assignment enabled for both sub-user 1 and sub-user 2."tag_deletion_disable": { "@@assign": "on" }
indicates that the Department
tag key is not allowed to be deleted (that is, the delete button is disabled)."auto_assign_value": {"@@assign": "on"}
in sub-user 1's policy indicates that the tag value has auto-assignment for sub-user 1 because its tag value is unique and does not require manual selection. However, the Department tag value for sub-user 2 is not unique, so sub-user 2 needs to select it manually and it is not set in the policy.{"tags": {"Department": {"tag_key": {"@@assign": "Department"},"tag_value": {"@@assign": ["DepartmentOne"]},"resource_type_scope": {"@@assign": ["*"]},"auto_assign": {"@@assign": "on"},"auto_assign_value": {"@@assign": "on"},"tag_deletion_disable": {"@@assign": "on"}}}}
{"tags": {"Department": {"tag_key": {"@@assign": "Department"},"tag_value": {"@@assign": ["DepartmentTwo","DepartmentThree"]},"resource_type_scope": {"@@assign": ["*"]},"auto_assign": {"@@assign": "on"},"tag_deletion_disable": {"@@assign": "on"}}}}
Condition | Use Tag Policy with Key-Value Restrictions Enabled | Use Tag Policy Without Key-Value Restrictions Enabled | Use No Tag Policy |
Effect | | | |
Condition | Use Tag Policy with Key-Value Restrictions Enabled | Use Tag Policy Without Key-Value Restrictions Enabled | Use No Tag Policy |
Effect | | | |
Was this page helpful?