Amazon recently announced some
new features around tagging permissions that make tags considerably more useful. Although this just came out, I already see a few areas where we can simplify automation scripts. More importantly, since we can limit access to tags by key, this allows us to reserve certain keys for central functions like cost allocation and monitoring, while allowing individual teams to still leverage tags for other purposes without the risk of production required tags being modified.
Resource level permissions are still not to the point where complete isolation of resources for different teams can be implemented in a single account, but this is a huge step forward in enabling developers the access they need without the risk of breaking production automation.
How will you use these new features? Reply below!