[][src]Crate rusoto_resourcegroupstaggingapi

Resource Groups Tagging API

This guide describes the API operations for the resource groups tagging.

A tag is a label that you assign to an AWS resource. A tag consists of a key and a value, both of which you define. For example, if you have two Amazon EC2 instances, you might assign both a tag key of "Stack." But the value of "Stack" might be "Testing" for one and "Production" for the other.

Tagging can help you organize your resources and enables you to simplify resource management, access management and cost allocation.

You can use the resource groups tagging API operations to complete the following tasks:

  • Tag and untag supported resources located in the specified Region for the AWS account.

  • Use tag-based filters to search for resources located in the specified Region for the AWS account.

  • List all existing tag keys in the specified Region for the AWS account.

  • List all existing values for the specified key in the specified Region for the AWS account.

To use resource groups tagging API operations, you must add the following permissions to your IAM policy:

  • tag:GetResources

  • tag:TagResources

  • tag:UntagResources

  • tag:GetTagKeys

  • tag:GetTagValues

You'll also need permissions to access the resources of individual services so that you can tag and untag those resources.

For more information on IAM policies, see Managing IAM Policies in the IAM User Guide.

You can use the Resource Groups Tagging API to tag resources for the following AWS services.

  • Alexa for Business (a4b)

  • API Gateway

  • Amazon AppStream

  • AWS AppSync

  • AWS App Mesh

  • Amazon Athena

  • Amazon Aurora

  • AWS Backup

  • AWS Certificate Manager

  • AWS Certificate Manager Private CA

  • Amazon Cloud Directory

  • AWS CloudFormation

  • Amazon CloudFront

  • AWS CloudHSM

  • AWS CloudTrail

  • Amazon CloudWatch (alarms only)

  • Amazon CloudWatch Events

  • Amazon CloudWatch Logs

  • AWS CodeBuild

  • AWS CodeCommit

  • AWS CodePipeline

  • AWS CodeStar

  • Amazon Cognito Identity

  • Amazon Cognito User Pools

  • Amazon Comprehend

  • AWS Config

  • AWS Data Exchange

  • AWS Data Pipeline

  • AWS Database Migration Service

  • AWS DataSync

  • AWS Device Farm

  • AWS Direct Connect

  • AWS Directory Service

  • Amazon DynamoDB

  • Amazon EBS

  • Amazon EC2

  • Amazon ECR

  • Amazon ECS

  • Amazon EKS

  • AWS Elastic Beanstalk

  • Amazon Elastic File System

  • Elastic Load Balancing

  • Amazon ElastiCache

  • Amazon Elasticsearch Service

  • AWS Elemental MediaLive

  • AWS Elemental MediaPackage

  • AWS Elemental MediaTailor

  • Amazon EMR

  • Amazon FSx

  • Amazon S3 Glacier

  • AWS Glue

  • Amazon GuardDuty

  • Amazon Inspector

  • AWS IoT Analytics

  • AWS IoT Core

  • AWS IoT Device Defender

  • AWS IoT Device Management

  • AWS IoT Events

  • AWS IoT Greengrass

  • AWS IoT 1-Click

  • AWS IoT Things Graph

  • AWS Key Management Service

  • Amazon Kinesis

  • Amazon Kinesis Data Analytics

  • Amazon Kinesis Data Firehose

  • AWS Lambda

  • AWS License Manager

  • Amazon Machine Learning

  • Amazon MQ

  • Amazon MSK

  • Amazon Neptune

  • AWS OpsWorks

  • AWS Organizations

  • Amazon Quantum Ledger Database (QLDB)

  • Amazon RDS

  • Amazon Redshift

  • AWS Resource Access Manager

  • AWS Resource Groups

  • AWS RoboMaker

  • Amazon Route 53

  • Amazon Route 53 Resolver

  • Amazon S3 (buckets only)

  • Amazon SageMaker

  • AWS Secrets Manager

  • AWS Security Hub

  • AWS Service Catalog

  • Amazon Simple Email Service (SES)

  • Amazon Simple Notification Service (SNS)

  • Amazon Simple Queue Service (SQS)

  • Amazon Simple Workflow Service

  • AWS Step Functions

  • AWS Storage Gateway

  • AWS Systems Manager

  • AWS Transfer for SFTP

  • AWS WAF Regional

  • Amazon VPC

  • Amazon WorkSpaces

If you're using the service, you're probably looking for ResourceGroupsTaggingApiClient and ResourceGroupsTaggingApi.



Information that shows whether a resource is compliant with the effective tag policy, including details on any noncompliant tag keys.


Information about the errors that are returned for each failed resource. This information can include InternalServiceException and InvalidParameterException errors. It can also include any valid error code returned by the AWS service that hosts the resource that the ARN key represents.

The following are common error codes that you might receive from other AWS services:

  • InternalServiceException – This can mean that the Resource Groups Tagging API didn't receive a response from another AWS service. It can also mean the the resource type in the request is not supported by the Resource Groups Tagging API. In these cases, it's safe to retry the request and then call GetResources to verify the changes.

  • AccessDeniedException – This can mean that you need permission to calling tagging operations in the AWS service that contains the resource. For example, to use the Resource Groups Tagging API to tag a CloudWatch alarm resource, you need permission to call TagResources and TagResource in the CloudWatch API.

For more information on errors that are generated from other AWS services, see the documentation for that service.


A client for the AWS Resource Groups Tagging API API.


A list of resource ARNs and the tags (keys and values) that are associated with each.


A count of noncompliant resources.


The metadata that you apply to AWS resources to help you categorize and organize them. Each tag consists of a key and a value, both of which you define. For more information, see Tagging AWS Resources in the AWS General Reference.


A list of tags (keys and values) that are used to specify the associated resources.




Errors returned by DescribeReportCreation


Errors returned by GetComplianceSummary


Errors returned by GetResources


Errors returned by GetTagKeys


Errors returned by GetTagValues


Errors returned by StartReportCreation


Errors returned by TagResources


Errors returned by UntagResources



Trait representing the capabilities of the AWS Resource Groups Tagging API API. AWS Resource Groups Tagging API clients implement this trait.