I cant find an answer that clears this up for me
Im looking at this example: https://docs.aws.amazon.com/systems-manager/latest/userguide/getting-started-restrict-access-examples.html
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ssm:StartSession"
],
"Resource": [
"arn:aws:ec2:*:*:instance/*"
],
"Condition": {
"StringLike": {
"ssm:resourceTag/Finance": [
"WebServers"
]
}
}
}
]
}
what is the difference between aws:TagKeys, ssm:resourceTag/tag-key, aws:ResourceTag/${TagKey}
what is ssm:resourceTag? is it different than aws:ResourceTag/${TagKey}? Is it a special tag applied by systems manager? i dont use systems manager to apply tags to ec2 instances, I just tag them manually. How do I restrict session manager access to my ec2 instances via tags I have manually applied to them?