[AWS]IAM: Tagging
Hello everyone.
I'm stuck on Q3 of this lab.
I'm leaving the ec2-custom-read policy as:
{
"Statement": [
{
"Action": [
"ec2:GetTransitGateway*"
],
"Effect": "Allow",
"Resource": "*",
"Condition": {
"ForAllValues:StringEquals": {
"aws:TagKeys": [
"automation"
]
}
},
"Sid": "ReadEC2TransitGateways"
}
],
"Version": "2012-10-17"
}
But if I try to save the policy, it gives me an error:
Access denied to iam:CreatePolicyVersion
You don't have permission to iam:CreatePolicyVersion
Any hints on what I'm missing here? I think I didnt understand what exactly the exercise is asking for here.
Regards,
Hi T3S0r0, good question here. It looks like you're trying to adjust the policy via changing the JSON fields - as the lab focuses on tagging, I'd suggest heading over to the "Tags" area of ec2-custom-read and adding in the tag as seen in edit-policy-tags.