I am getting an error while creating below SCP in AWS Organization.
Below is the error
The provided policy document does not meet the requirements of the specified policy type.
code
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": " DenyEC2CreationSCP1",
"Effect": "Deny",
"Action": [
"ec2:RunInstances"
],
"Resource": [
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ec2:*:*:volume/*",
"arn:aws:ec2:*:*:elasticloadbalancing/*"
],
"Condition": {
"Null": {
"aws:RequestTag/techops-system": "true"
}
}
},
{
"Sid": "DenyEC2CreationSCP2",
"Effect": "Deny",
"Action": [
"ec2:RunInstances"
],
"Resource": [
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ec2:*:*:volume/*",
"arn:aws:ec2:*:*:elasticloadbalancing/*"
],
"Condition": {
"Null": {
"aws:RequestTag/engineering-group": "true"
}
}
},
{
"Sid": "DenyEC2CreationSCP3",
"Effect": "Deny",
"Action": [
"ec2:RunInstances"
],
"Resource": [
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ec2:*:*:volume/*",
"arn:aws:ec2:*:*:elasticloadbalancing/*"
],
"Condition": {
"Null": {
"aws:RequestTag/environment": "true"
}
}
},
{
"Sid": "DenyEC2CreationSCP4",
"Effect": "Deny",
"Action": [
"ec2:RunInstances"
],
"Resource": [
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ec2:*:*:volume/*",
"arn:aws:ec2:*:*:elasticloadbalancing/*"
],
"Condition": {
"Null": {
"aws:RequestTag/product": "true"
}
}
},
{
"Sid": "DenyEC2CreationSCP5",
"Effect": "Deny",
"Action": [
"ec2:RunInstances"
],
"Resource": [
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ec2:*:*:volume/*",
"arn:aws:ec2:*:*:elasticloadbalancing/*"
],
"Condition": {
"Null": {
"aws:RequestTag/cost-type": "true"
}
}
},
{
"Sid": " DenyEC2CreationSCP6",
"Effect": "Deny",
"Action": [
"ec2:RunInstances"
],
"Resource": [
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ec2:*:*:volume/*",
"arn:aws:ec2:*:*:elasticloadbalancing/*"
],
"Condition": {
"Null": {
"aws:RequestTag/account": "true"
}
}
},
{
"Sid": "DenyEC2CreationSCP6",
"Effect": "Deny",
"Action": [
"ec2:RunInstances"
],
"Resource": [
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ec2:*:*:volume/*",
"arn:aws:ec2:*:*:elasticloadbalancing/*"
],
"Condition": {
"Null": {
"aws:RequestTag/account-grouping": "true"
}
}
},
{
"Sid": "DenyEC2CreationSCP7",
"Effect": "Deny",
"Action": [
"ec2:RunInstances"
],
"Resource": [
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ec2:*:*:volume/*",
"arn:aws:ec2:*:*:elasticloadbalancing/*"
],
"Condition": {
"Null": {
"aws:RequestTag/account-grouping": "true"
}
}
},
{
"Sid": "DenyEC2CreationSCP8",
"Effect": "Deny",
"Action": [
"ec2:RunInstances"
],
"Resource": [
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ec2:*:*:volume/*",
"arn:aws:ec2:*:*:elasticloadbalancing/*"
],
"Condition": {
"Null": {
"aws:RequestTag/customer": "true"
}
}
},
{
"Sid": "DenyEC2CreationSCP8",
"Effect": "Deny",
"Action": [
"ec2:RunInstances"
],
"Resource": [
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ec2:*:*:volume/*",
"arn:aws:ec2:*:*:elasticloadbalancing/*"
],
"Condition": {
"Null": {
"aws:RequestTag/Name": "true"
}
}
}
]
}
I removed white spaces and validated syntax by YAML lint. All things are OK.
