Missing ResourceTag for CloudFormation Condition Keys

Question

Missing ResourceTag for CloudFormation Condition Keys

Closed this issue 5 years ago · 1 comments

Issue Description

As of May 30, 2019, CloudFormation introduced support for Tag-Based Access Control. The related Tag-Based Access Controls are not included in the respective Conditions section, for example: cloudformation:ResourceTag/${TagKey} . In fact this control is not included in the IAM Policy Generator tool as well, this should be updated to reflect the functionality.

I was able to use the following condition effectively, despite no support from the GUI or documentation.

"Condition": {
        "StringEquals": {
            "cloudformation:ResourceTag/myTagKey": [
                "myTagValue"
            ]
    }

Link to Documentation with Issue

https://github.com/awsdocs/iam-user-guide/blob/master/doc_source/list_awscloudformation.md

Answer 1 · 2019-07-12T16:47:02.000Z

Thanks for reporting this.
The list of actions, resources, and conditions that we publish in the IAM user guide is automated based on content from each service. Thanks for letting us know that this service is missing nformation. I will forward this information to the service's engineering team so that they can update the info.