[AWS]IAM: Tagging

Question

Hello everyone.I'm stuck on Q3 of this lab.I'm leaving the ec2-custom-read policy as:{&nbsp; &nbsp; "Statement": [&nbsp; &nbsp; &nbsp; &nbsp; {&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; "Action": [&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; "ec2:GetTransitGateway*"&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ],&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; "Effect": "Allow",&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; "Resource": "*",&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; "Condition": {&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; "ForAllValues:StringEquals": {&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; "aws:TagKeys": [&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; "automation"&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ]&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; },&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; "Sid": "ReadEC2TransitGateways"&nbsp; &nbsp; &nbsp; &nbsp; }&nbsp; &nbsp; ],&nbsp; &nbsp; "Version": "2012-10-17"}But if I try to save the policy, it gives me an error:Access denied to iam:CreatePolicyVersionYou don't have permission to iam:CreatePolicyVersionAny hints on what I'm missing here? I think I didnt understand what exactly the exercise is asking for here.Regards,

lukekmiotek · Accepted Answer

Hi T3S0r0, good question here. It looks like you're trying to adjust the policy via changing the JSON fields - as the lab focuses on tagging, I'd suggest heading over to the "Tags" area of ec2-custom-read and adding in the tag as seen in edit-policy-tags.