{{ }} Substitute variables
Adjust the variable values according to your preference.
Policy Code
Referenced from: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples_tagging.html
1{
2 "Version": "2012-10-17",
3 "Statement": [
4 {
5 "Sid": "DenyCreateSecretWithNoProjectTag",
6 "Effect": "Deny",
7 "Action": "secretsmanager:CreateSecret",
8 "Resource": "*",
9 "Condition": {
10 "Null": {
11 "aws:RequestTag/Project": "true"
12 }
13 }
14 },
15 {
16 "Sid": "DenyRunInstanceWithNoProjectTag",
17 "Effect": "Deny",
18 "Action": "ec2:RunInstances",
19 "Resource": [
20 "arn:aws:ec2:*:*:instance/*",
21 "arn:aws:ec2:*:*:volume/*"
22 ],
23 "Condition": {
24 "Null": {
25 "aws:RequestTag/Project": "true"
26 }
27 }
28 },
29 {
30 "Sid": "DenyCreateSecretWithNoCostCenterTag",
31 "Effect": "Deny",
32 "Action": "secretsmanager:CreateSecret",
33 "Resource": "*",
34 "Condition": {
35 "Null": {
36 "aws:RequestTag/CostCenter": "true"
37 }
38 }
39 },
40 {
41 "Sid": "DenyRunInstanceWithNoCostCenterTag",
42 "Effect": "Deny",
43 "Action": "ec2:RunInstances",
44 "Resource": [
45 "arn:aws:ec2:*:*:instance/*",
46 "arn:aws:ec2:*:*:volume/*"
47 ],
48 "Condition": {
49 "Null": {
50 "aws:RequestTag/CostCenter": "true"
51 }
52 }
53 }
54 ]
55}