AWS Config now supports resource tags for IAM Policies
AWS Config now tracks resource tags for IAM policy resource types, enhancing the granularity of metadata you can capture to assess, audit, and evaluate configurations of your IAM policies.
With this enhancement, you can now track resource tags and their changes for IAM Policies directly in your Config recorder. This capability allows you to scope both Config-managed and custom rule evaluations based on resource tags, ensuring your IAM policies maintain desired configurations. Additionally, you can leverage Config aggregators to selectively aggregate IAM policies across multiple accounts using tags, streamlining your multi-account governance.
This feature is now available across all supported AWS Regions at no additional cost. Resource tags are automatically populated in Config when you record IAM policy resource types. For recording IAM policy resource type in your Config recorder, please refer our documentation.