




In AWS, is there a way to force an IAM user to tag the instance he/she is about to launch? It doesn't matter what the value is. I want to make sure it is correctly tagged so that long running instances can be properly identified and the owner notified. Currently tagging is optional.


What I do currently is to use CloudTrail and identify the instances with their IAM users. I do not like it because it is an extra work to run the script periodically and CloudTrail has only 7 days worth of data. It would be nice if AWS has an instance attribute for owner.


Using keypairs to identify the owners is not a viable solution in our case. Anyone faced this problem before and how did you tackle it?


我使用AWS Lambda解决了这个问题。当CloudTrail在S3中创建对象时,它将触发一个事件,该事件导致Lambda函数执行。然后,Lambda函数解析S3对象并创建标签。大约有2分钟的延迟,但解决方案效果很好。

I resolved this by using AWS Lambda. When CloudTrail creates an object in S3, it triggers an event that cause a Lambda function to execute. The Lambda function then parses the S3 object and creates the tag. There is a lag of ~2 mins but the solution works perfectly.


09-01 20:29