AWS.ResourceGroupsTaggingAPI (aws-elixir v0.7.0) View Source
Resource Groups Tagging API
This guide describes the API operations for the resource groups tagging.
A tag is a label that you assign to an AWS resource. A tag consists of a key and a value, both of which you define. For example, if you have two Amazon EC2 instances, you might assign both a tag key of "Stack." But the value of "Stack" might be "Testing" for one and "Production" for the other.
Do not store personally identifiable information (PII) or other confidential or sensitive information in tags. We use tags to provide you with billing and administration services. Tags are not intended to be used for private or sensitive data.
Tagging can help you organize your resources and enables you to simplify resource management, access management and cost allocation.
You can use the resource groups tagging API operations to complete the following tasks:
Tag and untag supported resources located in the specified Region for the AWS account.
Use tag-based filters to search for resources located in the specified Region for the AWS account.
List all existing tag keys in the specified Region for the AWS account.
List all existing values for the specified key in the specified Region for the AWS account.
To use resource groups tagging API operations, you must add the following permissions to your IAM policy:
tag:GetResources
tag:TagResources
tag:UntagResources
tag:GetTagKeys
tag:GetTagValues
You'll also need permissions to access the resources of individual services so that you can tag and untag those resources.
For more information on IAM policies, see Managing IAM Policies in the IAM User Guide.
- Services that support the Resource Groups Tagging API *
You can use the Resource Groups Tagging API to tag resources for the following AWS services.
Link to this section Summary
Functions
Describes the status of the StartReportCreation
operation.
Returns a table that shows counts of resources that are noncompliant with their tag policies.
Returns all the tagged or previously tagged resources that are located in the specified Region for the AWS account.
Returns all tag keys in the specified Region for the AWS account.
Returns all tag values for the specified key in the specified Region for the AWS account.
Generates a report that lists all tagged resources in accounts across your organization and tells whether each resource is compliant with the effective tag policy.
Applies one or more tags to the specified resources.
Removes the specified tags from the specified resources.
Link to this section Functions
Describes the status of the StartReportCreation
operation.
You can call this operation only from the organization's master account and from the us-east-1 Region.
Returns a table that shows counts of resources that are noncompliant with their tag policies.
For more information on tag policies, see Tag Policies in the AWS Organizations User Guide.
You can call this operation only from the organization's master account and from the us-east-1 Region.
Returns all the tagged or previously tagged resources that are located in the specified Region for the AWS account.
Depending on what information you want returned, you can also specify the following:
Filters that specify what tags and resource types you want returned. The response includes all tags that are associated with the requested resources.
Information about compliance with the account's effective tag policy. For more information on tag policies, see Tag Policies in the AWS Organizations User Guide.
You can check the PaginationToken
response parameter to determine if a query
is complete. Queries occasionally return fewer results on a page than allowed.
The PaginationToken
response parameter value is null
only when there are
no more results to display.
Returns all tag keys in the specified Region for the AWS account.
Returns all tag values for the specified key in the specified Region for the AWS account.
Generates a report that lists all tagged resources in accounts across your organization and tells whether each resource is compliant with the effective tag policy.
Compliance data is refreshed daily.
The generated report is saved to the following location:
s3://example-bucket/AwsTagPolicies/o-exampleorgid/YYYY-MM-ddTHH:mm:ssZ/report.csv
You can call this operation only from the organization's master account and from the us-east-1 Region.
Applies one or more tags to the specified resources.
Note the following:
Not all resources can have tags. For a list of services that support tagging, see this list.
Each resource can have up to 50 tags. For other limits, see Tag Naming and Usage Conventions in the AWS General Reference.
You can only tag resources that are located in the specified Region for the AWS account.
To add tags to a resource, you need the necessary permissions for the service that the resource belongs to as well as permissions for adding tags. For more information, see this list.
Do not store personally identifiable information (PII) or other confidential or sensitive information in tags. We use tags to provide you with billing and administration services. Tags are not intended to be used for private or sensitive data.
Removes the specified tags from the specified resources.
When you specify a tag key, the action removes both that key and its associated value. The operation succeeds even if you attempt to remove tags from a resource that were already removed. Note the following:
To remove tags from a resource, you need the necessary permissions for the service that the resource belongs to as well as permissions for removing tags. For more information, see this list.
You can only tag resources that are located in the specified Region for the AWS account.