feature: Controlling access using tags

[shinitiandrei]

Hi there,
Firstly, thanks for providing this amazing tool for the community :).

So, I've been going through your docs and tutorials, but I wasn't able to see anywhere where we can set rules/permissions based on tags, so I believe that is not done yet.
As for https://docs.aws.amazon.com/IAM/latest/UserGuide/access_iam-tags.html, can you guys add this to your backlog and get this feature added? Not sure what it would look like but anything like this would help :)

mode: crud
name: 'read-only'
read:
- 'arn:aws:ssm:ap-southeast-2:123456789012:parameter/myparameter'
   tags: 
   - squad: my-squad

Thank you very much!

[kmcquade]

Thanks so much 😊 I'm glad you like it!

We've had this request for ABAC support a few times. Most notably, #365, #21. But to be honest, I've tried to come up with a solution a bunch of times (see #21 for some of my more in depth thoughts on it). I ultimately decided that it would be a pain in the ass to implement and since my organization wouldn't benefit from it (heavy reliance multi-account architectures don't need tag-based access IMHO) that I didn't need to add that.

If someone wanted to champion this, I am all ears, and the Conditions Keys and Query functions are available in Policy sentry right now. But I don't have time for it personally.

[kmcquade]

I'm going to close this. Happy to re-open if someone submits a PR to add this feature. But if nobody picks it up I can't keep it open forever :)