SDK for PHP V3

AWS Resource Groups Tagging API 2017-01-26

Client: Aws\ResourceGroupsTaggingAPI\ResourceGroupsTaggingAPIClient
Service ID: resourcegroupstaggingapi
Version: 2017-01-26

This page describes the parameters and results for the operations of the AWS Resource Groups Tagging API (2017-01-26), and shows how to use the Aws\ResourceGroupsTaggingAPI\ResourceGroupsTaggingAPIClient object to call the described operations. This documentation is specific to the 2017-01-26 API version of the service.

Operation Summary

Each of the following operations can be created from a client using $client->getCommand('CommandName'), where "CommandName" is the name of one of the following operations. Note: a command is a value that encapsulates an operation and the parameters used to create an HTTP request.

You can also create and send a command immediately using the magic methods available on a client object: $client->commandName(/* parameters */). You can send the command asynchronously (returning a promise) by appending the word "Async" to the operation name: $client->commandNameAsync(/* parameters */).

DescribeReportCreation ( array $params = [] )
Describes the status of the StartReportCreation operation.
GetComplianceSummary ( array $params = [] )
Returns a table that shows counts of resources that are noncompliant with their tag policies.
GetResources ( array $params = [] )
Returns all the tagged or previously tagged resources that are located in the specified Amazon Web Services Region for the account.
GetTagKeys ( array $params = [] )
Returns all tag keys currently in use in the specified Amazon Web Services Region for the calling account.
GetTagValues ( array $params = [] )
Returns all tag values for the specified key that are used in the specified Amazon Web Services Region for the calling account.
ListRequiredTags ( array $params = [] )
Lists the required tags for supported resource types in an Amazon Web Services account.
StartReportCreation ( array $params = [] )
Generates a report that lists all tagged resources in the accounts across your organization and tells whether each resource is compliant with the effective tag policy.
TagResources ( array $params = [] )
Applies one or more tags to the specified resources.
UntagResources ( array $params = [] )
Removes the specified tags from the specified resources.

Paginators

Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:

GetComplianceSummary
GetResources
GetTagKeys
GetTagValues
ListRequiredTags

Operations

DescribeReportCreation 

$result = $client->describeReportCreation([/* ... */]);
$promise = $client->describeReportCreationAsync([/* ... */]);

Describes the status of the StartReportCreation operation.

You can call this operation only from the organization's management account and from the us-east-1 Region.

Parameter Syntax

$result = $client->describeReportCreation([
]);

Parameter Details

Members

Result Syntax

[
    'ErrorMessage' => '<string>',
    'S3Location' => '<string>',
    'Status' => '<string>',
]

Result Details

Members
ErrorMessage
Type: string

Details of the common errors that all operations return.

S3Location
Type: string

The path to the Amazon S3 bucket where the report was stored on creation.

Status
Type: string

Reports the status of the operation.

The operation status can be one of the following:

  • RUNNING - Report creation is in progress.

  • SUCCEEDED - Report creation is complete. You can open the report from the Amazon S3 bucket that you specified when you ran StartReportCreation.

  • FAILED - Report creation timed out or the Amazon S3 bucket is not accessible.

  • NO REPORT - No report was generated in the last 90 days.

Errors

ConstraintViolationException:

The request failed because performing the operation would violate a constraint.

Some of the reasons in the following list might not apply to this specific operation.

  • You must meet the prerequisites for using tag policies. For information, see Prerequisites and permissions in the Tagging Amazon Web Services resources and Tag Editor user guide.

  • You must enable the tag policies service principal (tagpolicies.tag.amazonaws.com) to integrate with Organizations For information, see EnableAWSServiceAccess.

  • You must have a tag policy attached to the organization root, an OU, or an account.

InternalServiceException:

The request processing failed because of an unknown error, exception, or failure. You can retry the request.

InvalidParameterException:

The request failed because of one of the following reasons:

  • A required parameter is missing.

  • A provided string parameter is malformed.

  • An provided parameter value is out of range.

  • The target ID is invalid, unsupported, or doesn't exist.

  • You can't access the Amazon S3 bucket for report storage. For more information, see Amazon S3 bucket policy for report storage in the Tagging Amazon Web Services resources and Tag Editor user guide.

  • The partition specified in an ARN parameter in the request doesn't match the partition where you invoked the operation. The partition is specified by the second field of the ARN.

ThrottledException:

The request failed because it exceeded the allowed frequency of submitted requests.

GetComplianceSummary 

$result = $client->getComplianceSummary([/* ... */]);
$promise = $client->getComplianceSummaryAsync([/* ... */]);

Returns a table that shows counts of resources that are noncompliant with their tag policies.

For more information on tag policies, see Tag Policies in the Organizations User Guide.

You can call this operation only from the organization's management account and from the us-east-1 Region.

This operation supports pagination, where the response can be sent in multiple pages. You should check the PaginationToken response parameter to determine if there are additional results available to return. Repeat the query, passing the PaginationToken response parameter value as an input to the next request until you recieve a null value. A null value for PaginationToken indicates that there are no more results waiting to be returned.

Parameter Syntax

$result = $client->getComplianceSummary([
    'GroupBy' => ['<string>', ...],
    'MaxResults' => <integer>,
    'PaginationToken' => '<string>',
    'RegionFilters' => ['<string>', ...],
    'ResourceTypeFilters' => ['<string>', ...],
    'TagKeyFilters' => ['<string>', ...],
    'TargetIdFilters' => ['<string>', ...],
]);

Parameter Details

Members
GroupBy
Type: Array of strings

Specifies a list of attributes to group the counts of noncompliant resources by. If supplied, the counts are sorted by those attributes.

MaxResults
Type: int

Specifies the maximum number of results to be returned in each page. A query can return fewer than this maximum, even if there are more results still to return. You should always check the PaginationToken response value to see if there are more results. You can specify a minimum of 1 and a maximum value of 100.

PaginationToken
Type: string

Specifies a PaginationToken response value from a previous request to indicate that you want the next page of results. Leave this parameter empty in your initial request.

RegionFilters
Type: Array of strings

Specifies a list of Amazon Web Services Regions to limit the output to. If you use this parameter, the count of returned noncompliant resources includes only resources in the specified Regions.

ResourceTypeFilters
Type: Array of strings

Specifies that you want the response to include information for only resources of the specified types. The format of each resource type is service[:resourceType]. For example, specifying a resource type of ec2 returns all Amazon EC2 resources (which includes EC2 instances). Specifying a resource type of ec2:instance returns only EC2 instances.

The string for each service name and resource type is the same as that embedded in a resource's Amazon Resource Name (ARN). Consult the Amazon Web Services General Reference for the following:

For the list of services whose resources you can tag using the Resource Groups Tagging API, see Services that support the Resource Groups Tagging API. If an Amazon Web Services service isn't listed on that page, you might still be able to tag that service's resources by using that service's native tagging operations instead of using Resource Groups Tagging API operations. All tagged resources, whether the tagging used the Resource Groups Tagging API or not, are returned by the Get* operation.

You can specify multiple resource types by using a comma separated array. The array can include up to 100 items. Note that the length constraint requirement applies to each resource type filter.

TagKeyFilters
Type: Array of strings

Specifies that you want the response to include information for only resources that have tags with the specified tag keys. If you use this parameter, the count of returned noncompliant resources includes only resources that have the specified tag keys.

TargetIdFilters
Type: Array of strings

Specifies target identifiers (usually, specific account IDs) to limit the output by. If you use this parameter, the count of returned noncompliant resources includes only resources with the specified target IDs.

Result Syntax

[
    'PaginationToken' => '<string>',
    'SummaryList' => [
        [
            'LastUpdated' => '<string>',
            'NonCompliantResources' => <integer>,
            'Region' => '<string>',
            'ResourceType' => '<string>',
            'TargetId' => '<string>',
            'TargetIdType' => 'ACCOUNT|OU|ROOT',
        ],
        // ...
    ],
]

Result Details

Members
PaginationToken
Type: string

A string that indicates that there is more data available than this response contains. To receive the next part of the response, specify this response value as the PaginationToken value in the request for the next page.

SummaryList
Type: Array of Summary structures

A table that shows counts of noncompliant resources.

Errors

ConstraintViolationException:

The request failed because performing the operation would violate a constraint.

Some of the reasons in the following list might not apply to this specific operation.

  • You must meet the prerequisites for using tag policies. For information, see Prerequisites and permissions in the Tagging Amazon Web Services resources and Tag Editor user guide.

  • You must enable the tag policies service principal (tagpolicies.tag.amazonaws.com) to integrate with Organizations For information, see EnableAWSServiceAccess.

  • You must have a tag policy attached to the organization root, an OU, or an account.

InternalServiceException:

The request processing failed because of an unknown error, exception, or failure. You can retry the request.

InvalidParameterException:

The request failed because of one of the following reasons:

  • A required parameter is missing.

  • A provided string parameter is malformed.

  • An provided parameter value is out of range.

  • The target ID is invalid, unsupported, or doesn't exist.

  • You can't access the Amazon S3 bucket for report storage. For more information, see Amazon S3 bucket policy for report storage in the Tagging Amazon Web Services resources and Tag Editor user guide.

  • The partition specified in an ARN parameter in the request doesn't match the partition where you invoked the operation. The partition is specified by the second field of the ARN.

ThrottledException:

The request failed because it exceeded the allowed frequency of submitted requests.

GetResources 

$result = $client->getResources([/* ... */]);
$promise = $client->getResourcesAsync([/* ... */]);

Returns all the tagged or previously tagged resources that are located in the specified Amazon Web Services Region for the account.

Depending on what information you want returned, you can also specify the following:

  • Filters that specify what tags and resource types you want returned. The response includes all tags that are associated with the requested resources.

  • Information about compliance with the account's effective tag policy. For more information on tag policies, see Tag Policies in the Organizations User Guide.

This operation supports pagination, where the response can be sent in multiple pages. You should check the PaginationToken response parameter to determine if there are additional results available to return. Repeat the query, passing the PaginationToken response parameter value as an input to the next request until you recieve a null value. A null value for PaginationToken indicates that there are no more results waiting to be returned.

GetResources does not return untagged resources.

To find untagged resources in your account, use Amazon Web Services Resource Explorer with a query that uses tag:none. For more information, see Search query syntax reference for Resource Explorer.

Parameter Syntax

$result = $client->getResources([
    'ExcludeCompliantResources' => true || false,
    'IncludeComplianceDetails' => true || false,
    'PaginationToken' => '<string>',
    'ResourceARNList' => ['<string>', ...],
    'ResourceTypeFilters' => ['<string>', ...],
    'ResourcesPerPage' => <integer>,
    'TagFilters' => [
        [
            'Key' => '<string>',
            'Values' => ['<string>', ...],
        ],
        // ...
    ],
    'TagsPerPage' => <integer>,
]);

Parameter Details

Members
ExcludeCompliantResources
Type: boolean

Specifies whether to exclude resources that are compliant with the tag policy. Set this to true if you are interested in retrieving information on noncompliant resources only.

You can use this parameter only if the IncludeComplianceDetails parameter is also set to true.

IncludeComplianceDetails
Type: boolean

Specifies whether to include details regarding the compliance with the effective tag policy. Set this to true to determine whether resources are compliant with the tag policy and to get details.

PaginationToken
Type: string

Specifies a PaginationToken response value from a previous request to indicate that you want the next page of results. Leave this parameter empty in your initial request.

ResourceARNList
Type: Array of strings

Specifies a list of ARNs of resources for which you want to retrieve tag data.

You can't specify both this parameter and the ResourceTypeFilters parameter in the same request. If you do, you get an Invalid Parameter exception.

You can't specify both this parameter and the TagFilters parameter in the same request. If you do, you get an Invalid Parameter exception.

You can't specify both this parameter and any of the pagination parameters (ResourcesPerPage, TagsPerPage, PaginationToken) in the same request. If you do, you get an Invalid Parameter exception.

If a resource specified by this parameter doesn't exist, it doesn't generate an error; it simply isn't included in the response.

An ARN (Amazon Resource Name) uniquely identifies a resource. For more information, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

ResourceTypeFilters
Type: Array of strings

Specifies the resource types that you want included in the response. The format of each resource type is service[:resourceType]. For example, specifying a service of ec2 returns all Amazon EC2 resources (which includes EC2 instances). Specifying a resource type of ec2:instance returns only EC2 instances.

You can't specify both this parameter and the ResourceArnList parameter in the same request. If you do, you get an Invalid Parameter exception.

The string for each service name and resource type is the same as that embedded in a resource's Amazon Resource Name (ARN).

For the list of services whose resources you can tag using the Resource Groups Tagging API, see Services that support the Resource Groups Tagging API. If an Amazon Web Services service isn't listed on that page, you might still be able to tag that service's resources by using that service's native tagging operations instead of using Resource Groups Tagging API operations. All tagged resources, whether the tagging used the Resource Groups Tagging API or not, are returned by the Get* operation.

You can specify multiple resource types by using an array. The array can include up to 100 items. Note that the length constraint requirement applies to each resource type filter. For example, the following string would limit the response to only Amazon EC2 instances, Amazon S3 buckets, or any Audit Manager resource:

ec2:instance,s3:bucket,auditmanager

ResourcesPerPage
Type: int

Specifies the maximum number of results to be returned in each page. A query can return fewer than this maximum, even if there are more results still to return. You should always check the PaginationToken response value to see if there are more results. You can specify a minimum of 1 and a maximum value of 100.

TagFilters
Type: Array of TagFilter structures

Specifies a list of TagFilters (keys and values) to restrict the output to only those resources that have tags with the specified keys and, if included, the specified values. Each TagFilter must contain a key with values optional. A request can include up to 50 keys, and each key can include up to 20 values.

You can't specify both this parameter and the ResourceArnList parameter in the same request. If you do, you get an Invalid Parameter exception.

Note the following when deciding how to use TagFilters:

  • If you don't specify a TagFilter, the response includes all resources that are currently tagged or ever had a tag. Resources that were previously tagged, but do not currently have tags, are shown with an empty tag set, like this: "Tags": [].

  • If you specify more than one filter in a single request, the response returns only those resources that satisfy all filters.

  • If you specify a filter that contains more than one value for a key, the response returns resources that match any of the specified values for that key.

  • If you don't specify a value for a key, the response returns all resources that are tagged with that key, with any or no value.

    For example, for the following filters: filter1= {key1,{value1}}, filter2={key2,{value2,value3,value4}}, filter3= {key3}:

    • GetResources({filter1}) returns resources tagged with key1=value1

    • GetResources({filter2}) returns resources tagged with key2=value2 or key2=value3 or key2=value4

    • GetResources({filter3}) returns resources tagged with any tag with the key key3, and with any or no value

    • GetResources({filter1,filter2,filter3}) returns resources tagged with (key1=value1) and (key2=value2 or key2=value3 or key2=value4) and (key3, any or no value)

TagsPerPage
Type: int

Amazon Web Services recommends using ResourcesPerPage instead of this parameter.

A limit that restricts the number of tags (key and value pairs) returned by GetResources in paginated output. A resource with no tags is counted as having one tag (one key and value pair).

GetResources does not split a resource and its associated tags across pages. If the specified TagsPerPage would cause such a break, a PaginationToken is returned in place of the affected resource and its tags. Use that token in another request to get the remaining data. For example, if you specify a TagsPerPage of 100 and the account has 22 resources with 10 tags each (meaning that each resource has 10 key and value pairs), the output will consist of three pages. The first page displays the first 10 resources, each with its 10 tags. The second page displays the next 10 resources, each with its 10 tags. The third page displays the remaining 2 resources, each with its 10 tags.

You can set TagsPerPage to a minimum of 100 items up to a maximum of 500 items.

Result Syntax

[
    'PaginationToken' => '<string>',
    'ResourceTagMappingList' => [
        [
            'ComplianceDetails' => [
                'ComplianceStatus' => true || false,
                'KeysWithNoncompliantValues' => ['<string>', ...],
                'NoncompliantKeys' => ['<string>', ...],
            ],
            'ResourceARN' => '<string>',
            'Tags' => [
                [
                    'Key' => '<string>',
                    'Value' => '<string>',
                ],
                // ...
            ],
        ],
        // ...
    ],
]

Result Details

Members
PaginationToken
Type: string

A string that indicates that there is more data available than this response contains. To receive the next part of the response, specify this response value as the PaginationToken value in the request for the next page.

ResourceTagMappingList
Type: Array of ResourceTagMapping structures

A list of resource ARNs and the tags (keys and values) associated with each.

Errors

InvalidParameterException:

The request failed because of one of the following reasons:

  • A required parameter is missing.

  • A provided string parameter is malformed.

  • An provided parameter value is out of range.

  • The target ID is invalid, unsupported, or doesn't exist.

  • You can't access the Amazon S3 bucket for report storage. For more information, see Amazon S3 bucket policy for report storage in the Tagging Amazon Web Services resources and Tag Editor user guide.

  • The partition specified in an ARN parameter in the request doesn't match the partition where you invoked the operation. The partition is specified by the second field of the ARN.

ThrottledException:

The request failed because it exceeded the allowed frequency of submitted requests.

InternalServiceException:

The request processing failed because of an unknown error, exception, or failure. You can retry the request.

PaginationTokenExpiredException:

The request failed because the specified PaginationToken has expired. A PaginationToken is valid for a maximum of 15 minutes.

GetTagKeys 

$result = $client->getTagKeys([/* ... */]);
$promise = $client->getTagKeysAsync([/* ... */]);

Returns all tag keys currently in use in the specified Amazon Web Services Region for the calling account.

This operation supports pagination, where the response can be sent in multiple pages. You should check the PaginationToken response parameter to determine if there are additional results available to return. Repeat the query, passing the PaginationToken response parameter value as an input to the next request until you recieve a null value. A null value for PaginationToken indicates that there are no more results waiting to be returned.

Parameter Syntax

$result = $client->getTagKeys([
    'PaginationToken' => '<string>',
]);

Parameter Details

Members
PaginationToken
Type: string

Specifies a PaginationToken response value from a previous request to indicate that you want the next page of results. Leave this parameter empty in your initial request.

Result Syntax

[
    'PaginationToken' => '<string>',
    'TagKeys' => ['<string>', ...],
]

Result Details

Members
PaginationToken
Type: string

A string that indicates that there is more data available than this response contains. To receive the next part of the response, specify this response value as the PaginationToken value in the request for the next page.

TagKeys
Type: Array of strings

A list of all tag keys in the Amazon Web Services account.

Errors

InvalidParameterException:

The request failed because of one of the following reasons:

  • A required parameter is missing.

  • A provided string parameter is malformed.

  • An provided parameter value is out of range.

  • The target ID is invalid, unsupported, or doesn't exist.

  • You can't access the Amazon S3 bucket for report storage. For more information, see Amazon S3 bucket policy for report storage in the Tagging Amazon Web Services resources and Tag Editor user guide.

  • The partition specified in an ARN parameter in the request doesn't match the partition where you invoked the operation. The partition is specified by the second field of the ARN.

ThrottledException:

The request failed because it exceeded the allowed frequency of submitted requests.

InternalServiceException:

The request processing failed because of an unknown error, exception, or failure. You can retry the request.

PaginationTokenExpiredException:

The request failed because the specified PaginationToken has expired. A PaginationToken is valid for a maximum of 15 minutes.

GetTagValues 

$result = $client->getTagValues([/* ... */]);
$promise = $client->getTagValuesAsync([/* ... */]);

Returns all tag values for the specified key that are used in the specified Amazon Web Services Region for the calling account.

This operation supports pagination, where the response can be sent in multiple pages. You should check the PaginationToken response parameter to determine if there are additional results available to return. Repeat the query, passing the PaginationToken response parameter value as an input to the next request until you recieve a null value. A null value for PaginationToken indicates that there are no more results waiting to be returned.

Parameter Syntax

$result = $client->getTagValues([
    'Key' => '<string>', // REQUIRED
    'PaginationToken' => '<string>',
]);

Parameter Details

Members
Key
Required: Yes
Type: string

Specifies the tag key for which you want to list all existing values that are currently used in the specified Amazon Web Services Region for the calling account.

PaginationToken
Type: string

Specifies a PaginationToken response value from a previous request to indicate that you want the next page of results. Leave this parameter empty in your initial request.

Result Syntax

[
    'PaginationToken' => '<string>',
    'TagValues' => ['<string>', ...],
]

Result Details

Members
PaginationToken
Type: string

A string that indicates that there is more data available than this response contains. To receive the next part of the response, specify this response value as the PaginationToken value in the request for the next page.

TagValues
Type: Array of strings

A list of all tag values for the specified key currently used in the specified Amazon Web Services Region for the calling account.

Errors

InvalidParameterException:

The request failed because of one of the following reasons:

  • A required parameter is missing.

  • A provided string parameter is malformed.

  • An provided parameter value is out of range.

  • The target ID is invalid, unsupported, or doesn't exist.

  • You can't access the Amazon S3 bucket for report storage. For more information, see Amazon S3 bucket policy for report storage in the Tagging Amazon Web Services resources and Tag Editor user guide.

  • The partition specified in an ARN parameter in the request doesn't match the partition where you invoked the operation. The partition is specified by the second field of the ARN.

ThrottledException:

The request failed because it exceeded the allowed frequency of submitted requests.

InternalServiceException:

The request processing failed because of an unknown error, exception, or failure. You can retry the request.

PaginationTokenExpiredException:

The request failed because the specified PaginationToken has expired. A PaginationToken is valid for a maximum of 15 minutes.

ListRequiredTags 

$result = $client->listRequiredTags([/* ... */]);
$promise = $client->listRequiredTagsAsync([/* ... */]);

Lists the required tags for supported resource types in an Amazon Web Services account.

Parameter Syntax

$result = $client->listRequiredTags([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
MaxResults
Type: int

The maximum number of required tags.

NextToken
Type: string

A token for requesting another page of required tags if the NextToken response element indicates that more required tags are available. Use the value of the returned NextToken element in your request until the token comes back as null. Pass null if this is the first call.

Result Syntax

[
    'NextToken' => '<string>',
    'RequiredTags' => [
        [
            'CloudFormationResourceTypes' => ['<string>', ...],
            'ReportingTagKeys' => ['<string>', ...],
            'ResourceType' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

A token for requesting another page of required tags if the NextToken response element indicates that more required tags are available. Use the value of the returned NextToken element in your request until the token comes back as null. Pass null if this is the first call.

RequiredTags
Type: Array of RequiredTag structures

The required tags.

Errors

InternalServiceException:

The request processing failed because of an unknown error, exception, or failure. You can retry the request.

InvalidParameterException:

The request failed because of one of the following reasons:

  • A required parameter is missing.

  • A provided string parameter is malformed.

  • An provided parameter value is out of range.

  • The target ID is invalid, unsupported, or doesn't exist.

  • You can't access the Amazon S3 bucket for report storage. For more information, see Amazon S3 bucket policy for report storage in the Tagging Amazon Web Services resources and Tag Editor user guide.

  • The partition specified in an ARN parameter in the request doesn't match the partition where you invoked the operation. The partition is specified by the second field of the ARN.

PaginationTokenExpiredException:

The request failed because the specified PaginationToken has expired. A PaginationToken is valid for a maximum of 15 minutes.

ThrottledException:

The request failed because it exceeded the allowed frequency of submitted requests.

StartReportCreation 

$result = $client->startReportCreation([/* ... */]);
$promise = $client->startReportCreationAsync([/* ... */]);

Generates a report that lists all tagged resources in the accounts across your organization and tells whether each resource is compliant with the effective tag policy. Compliance data is refreshed daily. The report is generated asynchronously.

The generated report is saved to the following location:

s3://amzn-s3-demo-bucket/AwsTagPolicies/o-exampleorgid/YYYY-MM-ddTHH:mm:ssZ/report.csv

For more information about evaluating resource compliance with tag policies, including the required permissions, review Permissions for evaluating organization-wide compliance in the Tagging Amazon Web Services Resources and Tag Editor user guide.

You can call this operation only from the organization's management account and from the us-east-1 Region.

If the account associated with the identity used to call StartReportCreation is different from the account that owns the Amazon S3 bucket, there must be a bucket policy attached to the bucket to provide access. For more information, review Amazon S3 bucket policy for report storage in the Tagging Amazon Web Services Resources and Tag Editor user guide.

Parameter Syntax

$result = $client->startReportCreation([
    'S3Bucket' => '<string>', // REQUIRED
]);

Parameter Details

Members
S3Bucket
Required: Yes
Type: string

The name of the Amazon S3 bucket where the report will be stored; for example:

amzn-s3-demo-bucket

For more information on S3 bucket requirements, including an example bucket policy, see the example Amazon S3 bucket policy on this page.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

ConcurrentModificationException:

The request failed because the target of the operation is currently being modified by a different request. Try again later.

ConstraintViolationException:

The request failed because performing the operation would violate a constraint.

Some of the reasons in the following list might not apply to this specific operation.

  • You must meet the prerequisites for using tag policies. For information, see Prerequisites and permissions in the Tagging Amazon Web Services resources and Tag Editor user guide.

  • You must enable the tag policies service principal (tagpolicies.tag.amazonaws.com) to integrate with Organizations For information, see EnableAWSServiceAccess.

  • You must have a tag policy attached to the organization root, an OU, or an account.

InternalServiceException:

The request processing failed because of an unknown error, exception, or failure. You can retry the request.

InvalidParameterException:

The request failed because of one of the following reasons:

  • A required parameter is missing.

  • A provided string parameter is malformed.

  • An provided parameter value is out of range.

  • The target ID is invalid, unsupported, or doesn't exist.

  • You can't access the Amazon S3 bucket for report storage. For more information, see Amazon S3 bucket policy for report storage in the Tagging Amazon Web Services resources and Tag Editor user guide.

  • The partition specified in an ARN parameter in the request doesn't match the partition where you invoked the operation. The partition is specified by the second field of the ARN.

ThrottledException:

The request failed because it exceeded the allowed frequency of submitted requests.

TagResources 

$result = $client->tagResources([/* ... */]);
$promise = $client->tagResourcesAsync([/* ... */]);

Applies one or more tags to the specified resources. Note the following:

  • Not all resources can have tags. For a list of services with resources that support tagging using this operation, see Services that support the Resource Groups Tagging API. If the resource doesn't yet support this operation, the resource's service might support tagging using its own API operations. For more information, refer to the documentation for that service.

  • Each resource can have up to 50 tags. For other limits, see Tag Naming and Usage Conventions in the Amazon Web Services General Reference.

  • You can only tag resources that are located in the specified Amazon Web Services Region for the Amazon Web Services account.

  • To add tags to a resource, you need the necessary permissions for the service that the resource belongs to as well as permissions for adding tags. For more information, see the documentation for each service.

  • When you use the Amazon Web Services Resource Groups Tagging API to update tags for Amazon Web Services CloudFormation stack sets, Amazon Web Services calls the Amazon Web Services CloudFormation UpdateStack operation. This operation may initiate additional resource property updates in addition to the desired tag updates. To avoid unexpected resource updates, Amazon Web Services recommends that you only apply or update tags to your CloudFormation stack sets using Amazon Web Services CloudFormation.

Do not store personally identifiable information (PII) or other confidential or sensitive information in tags. We use tags to provide you with billing and administration services. Tags are not intended to be used for private or sensitive data.

Minimum permissions

In addition to the tag:TagResources permission required by this operation, you must also have the tagging permission defined by the service that created the resource. For example, to tag an Amazon EC2 instance using the TagResources operation, you must have both of the following permissions:

  • tag:TagResources

  • ec2:CreateTags

In addition, some services might have specific requirements for tagging some types of resources. For example, to tag an Amazon S3 bucket, you must also have the s3:GetBucketTagging permission. If the expected minimum permissions don't work, check the documentation for that service's tagging APIs for more information.

Parameter Syntax

$result = $client->tagResources([
    'ResourceARNList' => ['<string>', ...], // REQUIRED
    'Tags' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members
ResourceARNList
Required: Yes
Type: Array of strings

Specifies the list of ARNs of the resources that you want to apply tags to.

An ARN (Amazon Resource Name) uniquely identifies a resource. For more information, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

Tags
Required: Yes
Type: Associative array of custom strings keys (TagKey) to strings

Specifies a list of tags that you want to add to the specified resources. A tag consists of a key and a value that you define.

Result Syntax

[
    'FailedResourcesMap' => [
        '<ResourceARN>' => [
            'ErrorCode' => 'InternalServiceException|InvalidParameterException',
            'ErrorMessage' => '<string>',
            'StatusCode' => <integer>,
        ],
        // ...
    ],
]

Result Details

Members
FailedResourcesMap
Type: Associative array of custom strings keys (ResourceARN) to FailureInfo structures

A map containing a key-value pair for each failed item that couldn't be tagged. The key is the ARN of the failed resource. The value is a FailureInfo object that contains an error code, a status code, and an error message. If there are no errors, the FailedResourcesMap is empty.

Errors

InvalidParameterException:

The request failed because of one of the following reasons:

  • A required parameter is missing.

  • A provided string parameter is malformed.

  • An provided parameter value is out of range.

  • The target ID is invalid, unsupported, or doesn't exist.

  • You can't access the Amazon S3 bucket for report storage. For more information, see Amazon S3 bucket policy for report storage in the Tagging Amazon Web Services resources and Tag Editor user guide.

  • The partition specified in an ARN parameter in the request doesn't match the partition where you invoked the operation. The partition is specified by the second field of the ARN.

ThrottledException:

The request failed because it exceeded the allowed frequency of submitted requests.

InternalServiceException:

The request processing failed because of an unknown error, exception, or failure. You can retry the request.

UntagResources 

$result = $client->untagResources([/* ... */]);
$promise = $client->untagResourcesAsync([/* ... */]);

Removes the specified tags from the specified resources. When you specify a tag key, the action removes both that key and its associated value. The operation succeeds even if you attempt to remove tags from a resource that were already removed. Note the following:

  • To remove tags from a resource, you need the necessary permissions for the service that the resource belongs to as well as permissions for removing tags. For more information, see the documentation for the service whose resource you want to untag.

  • You can only tag resources that are located in the specified Amazon Web Services Region for the calling Amazon Web Services account.

Minimum permissions

In addition to the tag:UntagResources permission required by this operation, you must also have the remove tags permission defined by the service that created the resource. For example, to remove the tags from an Amazon EC2 instance using the UntagResources operation, you must have both of the following permissions:

  • tag:UntagResources

  • ec2:DeleteTags

In addition, some services might have specific requirements for untagging some types of resources. For example, to untag Amazon Web Services Glue Connection, you must also have the glue:GetConnection permission. If the expected minimum permissions don't work, check the documentation for that service's tagging APIs for more information.

Parameter Syntax

$result = $client->untagResources([
    'ResourceARNList' => ['<string>', ...], // REQUIRED
    'TagKeys' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members
ResourceARNList
Required: Yes
Type: Array of strings

Specifies a list of ARNs of the resources that you want to remove tags from.

An ARN (Amazon Resource Name) uniquely identifies a resource. For more information, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

TagKeys
Required: Yes
Type: Array of strings

Specifies a list of tag keys that you want to remove from the specified resources.

Result Syntax

[
    'FailedResourcesMap' => [
        '<ResourceARN>' => [
            'ErrorCode' => 'InternalServiceException|InvalidParameterException',
            'ErrorMessage' => '<string>',
            'StatusCode' => <integer>,
        ],
        // ...
    ],
]

Result Details

Members
FailedResourcesMap
Type: Associative array of custom strings keys (ResourceARN) to FailureInfo structures

A map containing a key-value pair for each failed item that couldn't be untagged. The key is the ARN of the failed resource. The value is a FailureInfo object that contains an error code, a status code, and an error message. If there are no errors, the FailedResourcesMap is empty.

Errors

InvalidParameterException:

The request failed because of one of the following reasons:

  • A required parameter is missing.

  • A provided string parameter is malformed.

  • An provided parameter value is out of range.

  • The target ID is invalid, unsupported, or doesn't exist.

  • You can't access the Amazon S3 bucket for report storage. For more information, see Amazon S3 bucket policy for report storage in the Tagging Amazon Web Services resources and Tag Editor user guide.

  • The partition specified in an ARN parameter in the request doesn't match the partition where you invoked the operation. The partition is specified by the second field of the ARN.

ThrottledException:

The request failed because it exceeded the allowed frequency of submitted requests.

InternalServiceException:

The request processing failed because of an unknown error, exception, or failure. You can retry the request.

Shapes

ComplianceDetails

Description

Information that shows whether a resource is compliant with the effective tag policy, including details on any noncompliant tag keys.

Members
ComplianceStatus
Type: boolean

Whether a resource is compliant with the effective tag policy.

KeysWithNoncompliantValues
Type: Array of strings

These are keys defined in the effective policy that are on the resource with either incorrect case treatment or noncompliant values.

NoncompliantKeys
Type: Array of strings

These tag keys on the resource are noncompliant with the effective tag policy.

ConcurrentModificationException

Description

The request failed because the target of the operation is currently being modified by a different request. Try again later.

Members
Message
Type: string

ConstraintViolationException

Description

The request failed because performing the operation would violate a constraint.

Some of the reasons in the following list might not apply to this specific operation.

  • You must meet the prerequisites for using tag policies. For information, see Prerequisites and permissions in the Tagging Amazon Web Services resources and Tag Editor user guide.

  • You must enable the tag policies service principal (tagpolicies.tag.amazonaws.com) to integrate with Organizations For information, see EnableAWSServiceAccess.

  • You must have a tag policy attached to the organization root, an OU, or an account.

Members
Message
Type: string

FailureInfo

Description

Information about the errors that are returned for each failed resource. This information can include InternalServiceException and InvalidParameterException errors. It can also include any valid error code returned by the Amazon Web Services service that hosts the resource that the ARN key represents.

The following are common error codes that you might receive from other Amazon Web Services services:

  • InternalServiceException – This can mean that the Resource Groups Tagging API didn't receive a response from another Amazon Web Services service. It can also mean that the resource type in the request is not supported by the Resource Groups Tagging API. In these cases, it's safe to retry the request and then call GetResources to verify the changes.

  • AccessDeniedException – This can mean that you need permission to call the tagging operations in the Amazon Web Services service that contains the resource. For example, to use the Resource Groups Tagging API to tag a Amazon CloudWatch alarm resource, you need permission to call both TagResources and TagResource in the CloudWatch API.

For more information on errors that are generated from other Amazon Web Services services, see the documentation for that service.

Members
ErrorCode
Type: string

The code of the common error. Valid values include InternalServiceException, InvalidParameterException, and any valid error code returned by the Amazon Web Services service that hosts the resource that you want to tag.

ErrorMessage
Type: string

The message of the common error.

StatusCode
Type: int

The HTTP status code of the common error.

InternalServiceException

Description

The request processing failed because of an unknown error, exception, or failure. You can retry the request.

Members
Message
Type: string

InvalidParameterException

Description

The request failed because of one of the following reasons:

  • A required parameter is missing.

  • A provided string parameter is malformed.

  • An provided parameter value is out of range.

  • The target ID is invalid, unsupported, or doesn't exist.

  • You can't access the Amazon S3 bucket for report storage. For more information, see Amazon S3 bucket policy for report storage in the Tagging Amazon Web Services resources and Tag Editor user guide.

  • The partition specified in an ARN parameter in the request doesn't match the partition where you invoked the operation. The partition is specified by the second field of the ARN.

Members
Message
Type: string

PaginationTokenExpiredException

Description

The request failed because the specified PaginationToken has expired. A PaginationToken is valid for a maximum of 15 minutes.

Members
Message
Type: string

RequiredTag

Description

Information that describes the required tags for a given resource type.

Members
CloudFormationResourceTypes
Type: Array of strings

Describes the CloudFormation resource type assigned the required tag keys.

ReportingTagKeys
Type: Array of strings

These tag keys are marked as required in the report_required_tag_for block of the effective tag policy.

ResourceType
Type: string

Describes the resource type for the required tag keys.

ResourceTagMapping

Description

A list of resource ARNs and the tags (keys and values) that are associated with each.

Members
ComplianceDetails
Type: ComplianceDetails structure

Information that shows whether a resource is compliant with the effective tag policy, including details on any noncompliant tag keys.

ResourceARN
Type: string

The ARN of the resource.

Tags
Type: Array of Tag structures

The tags that have been applied to one or more Amazon Web Services resources.

Summary

Description

A count of noncompliant resources.

Members
LastUpdated
Type: string

The timestamp that shows when this summary was generated in this Region.

NonCompliantResources
Type: long (int|float)

The count of noncompliant resources.

Region
Type: string

The Amazon Web Services Region that the summary applies to.

ResourceType
Type: string

The Amazon Web Services resource type.

TargetId
Type: string

The account identifier or the root identifier of the organization. If you don't know the root ID, you can call the Organizations ListRoots API.

TargetIdType
Type: string

Whether the target is an account, an OU, or the organization root.

Tag

Description

The metadata that you apply to Amazon Web Services resources to help you categorize and organize them. Each tag consists of a key and a value, both of which you define. For more information, see Tagging Amazon Web Services Resources in the Amazon Web Services General Reference.

Members
Key
Required: Yes
Type: string

One part of a key-value pair that makes up a tag. A key is a general label that acts like a category for more specific tag values.

Value
Required: Yes
Type: string

One part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key). The value can be empty or null.

TagFilter

Description

A list of tags (keys and values) that are used to specify the associated resources.

Members
Key
Type: string

One part of a key-value pair that makes up a tag. A key is a general label that acts like a category for more specific tag values.

Values
Type: Array of strings

One part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key). The value can be empty or null.

ThrottledException

Description

The request failed because it exceeded the allowed frequency of submitted requests.

Members
Message
Type: string