Tag-based Policies
Amazon SWF supports policies based on tags. For instance, you could restrict Amazon SWF domains
that include a tag with the key environment
and the value
production
:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Action": "swf:*",
"Resource": "arn:aws:swf:*:123456789012:/domain/*",
"Condition": {
"StringEquals": {"aws:ResourceTag/environment": "production"}
}
}
]
}
This policy will Deny
the access to any domain that has been tagged as
environment/production
.
For more information on tagging, see: