Forum Discussion

T3S0r0's avatar
T3S0r0
Icon for Bronze II rankBronze II
2 months ago
Solved

[AWS]IAM: Tagging

Hello everyone.

I'm stuck on Q3 of this lab.

I'm leaving the ec2-custom-read policy as:

{
    "Statement": [
        {
            "Action": [
                "ec2:GetTransitGateway*"
            ],
            "Effect": "Allow",
            "Resource": "*",
            "Condition": {
                "ForAllValues:StringEquals": {
                    "aws:TagKeys": [
                        "automation"
                    ]
                }
            },
            "Sid": "ReadEC2TransitGateways"
        }
    ],
    "Version": "2012-10-17"
}

But if I try to save the policy, it gives me an error:

Access denied to iam:CreatePolicyVersion
You don't have permission to iam:CreatePolicyVersion

Any hints on what I'm missing here? I think I didnt understand what exactly the exercise is asking for here.

Regards,

cloud security
  • LukeKmiotek's avatar
    LukeKmiotek
    2 months ago

    Hi T3S0r0, good question here. It looks like you're trying to adjust the policy via changing the JSON fields - as the lab focuses on tagging, I'd suggest heading over to the "Tags" area of ec2-custom-read and adding in the tag as seen in edit-policy-tags.

2 Replies

Sort By
  • LukeKmiotek's avatar
    LukeKmiotek
    Icon for Immerser rankImmerser
    2 months ago

    Hi T3S0r0, good question here. It looks like you're trying to adjust the policy via changing the JSON fields - as the lab focuses on tagging, I'd suggest heading over to the "Tags" area of ec2-custom-read and adding in the tag as seen in edit-policy-tags.