I would like to implement a structured, consistent strategy for tagging Amazon EC2 resources. How can I use tags to optimize the resource allocation and cost effectiveness of my EC2 resources?
From a simplistic viewpoint, tags are just name-value pairs of strings that can be assigned to AWS resources. I need more detailed information about tags to formulate an optimal tagging strategy for my EC2 usage scenario.
This article describes several fundamental resource tagging concepts:
• Tagging Overview
• Tagging Restrictions
• Tagging Naming Rules and Recommendations
• Tagging API and CLI Commands
• Using Tag Filters with AWS Tools for Windows PowerShell
Tags provide identification and classification of AWS resources by the association of descriptive metadata—for example, application identifier, environment, or owner. Each tag consists of a key and a value, both of which are user-defined strings. Tags can be used as a filter when requesting resources, such as EC2 instances, based on tag keys or values. Tags facilitate resource management at scale and appear on your monthly invoice, which can be particularly useful for cost allocation and control.
For the most up-to-date information about tagging restrictions, see Tag Restrictions in the Amazon EC2 documentation.
- Tag key names are case sensitive and can contain alphanumeric characters (A-Z, a-z, 0-9), underscores, and hyphens.
- Additional allowed characters are: letters, spaces, and numbers represented in UTF-8, plus the following special characters: + - = . _ : / @.
- For the most up-to-date information regarding tagging restrictions, see Tag Restrictions in the Amazon EC2 documentation.
Compound Tags
To maximize the 50 tags that can be assigned to a resource, consider using compound tags. Compound tags combine multiple key-value pairs into a single key paired with a string comprised of multiple pipe delimited ‘values’. By doing this, you might combine the 3 keys “Ownername”, “OwnerPhone”, and “OwnerEmail” into one “OwnerContact” key paired with a pipe delimited string of values for name, phone, and e-mail address, such as: John Doe|1-555-555-1212|jdoe@example.com.
Tag Key Name Case
Tag key names should use upper CamelCase, a convention that combines words and abbreviations by beginning each word or abbreviation with a capital letter; for example: “MiscMetadata” and “SupportEndpoints”. Compound tag key names should use upper CamelCase followed by an equal sign (“=”), followed by multiple, pipe-delimited string values, such as: KeyName1=value1|value2|values3;KeyName2=value1|value2|value3.
Usage scenario |
Example key name |
Example key value |
Simple tag |
Owner |
Bob |
Compound tag value with pipe delimiter |
Contact |
Bob|1-555-555-1212|bob@example.com |
Compound tag value with semicolon and pipe delimiter |
OnCall |
Primary=Bob|1-555-555-1212|bob@example.com;Secondary=Bill|1-555-555-1212|bill@example.com |
Application name – Application name with optional unique identifier and optional domain/resource name using pipe delimiter |
WebApp |
ProdWebApp|7231a74d|www.example.com |
Application environment – Name of environment with optional tier name and/or business critical level using pipe delimiter |
AppEnv |
· Production|Business Critical|Tier 1 · Dev|Alpha|Tier 2 · Test|Beta1|Tier 2 |
Resource role – The role that the resource fills in your infrastructure |
Role |
· CustomerDb · HRWeb · MarketingCollab |
Creator and owner contacts – Contact information for both the creator and owner of the resource (Name, Phone, Email) using semicolon and pipe delimiter |
CreatorOwner |
ResourceCreator=Doe, John|1-555-555-1212|jdoe@;ResourceOwner=Doe, Jane|1-555-555-1212|jadoe@ |
Business contact – Contact information (Name, Phone, Email) using semicolon and pipe delimiter |
MarketingMgmt |
SocialMediaLead=John Doe|1-555-555-1212|jdoe@example.com;TradMediaLead=Jane Doe|1-555-555-1212|jadoe@example.com |
Support endpoints – Support endpoints using semicolon delimiter |
UsSupportEndPoints |
AlarmEndPoint=arn::SNS::topic1;ChangeApprovalEndPoint=arn::SQS::changequeue |
Miscellaneous metadata – Miscellaneous metadata using semicolon delimiter and pipe delimiter |
HrMiscMetadata |
key1=value1|value2|value3;key2=value1|value2|value3 |
Partner contacts – Externally managed services partner contact information (Name, Phone, Email) using semicolon and pipe delimiter |
NasSolutions-Contact |
OwnerContact=John Doe|1-555-555-1212|jdoe@example.com;IncidentContact=Jane Doe|1-555-555-1212|jadoe@example.com |
Use the following API and CLI commands to add, update, list, and delete the tags for your resources. The documentation for each command provides examples.
Description |
Amazon EC2 CLI |
AWS CLI |
AWS Tools for Windows PowerShell |
API Action |
Adds or overwrites one or more tags for the specified resource(s) |
||||
Deletes the specified tags from the specified resource(s) |
||||
Describes one or more tags for your resources |
EC2 resource IDs in a region can be returned on a filtered basis using AWS Tools for Windows PowerShell and the Get-EC2Tag cmdlet. Get-EC2Tag supports filtering on the parameters "key", "resource-id", "resource-type", and "value." Basic wildcard filtering using * and ? are also supported. The maximum number of EC2 resource IDs that can be returned in a single call is 1000. For more information on the Get-EC2Tag cmdlet, see Get-EC2Tag Cmdlet.
The following examples illustrate the use of tag filters with AWS Tools for Windows PowerShell.
Filtering EC2 resource ID based on tag key name:
In this example, the Get-EC2Tag cmdlet returns the resource IDs of EC2 instances that have a tag key name that matches the string “Contact.”
$filter = New-Object Amazon.EC2.Model.Filter –Property @(Name=”key”; Values=”Contact”) Get-EC2Tag –Filter $filter
Filtering EC2 resource ID based on tag value using wildcards:
In this example, the Get-EC2Tag cmdlet returns the resource IDs of EC2 instances that have a tag value that contains the string “John Doe.”
$filter = New-Object Amazon.EC2.Model.Filter –Property @(Name=”value”; Values=”*John Doe*”) Get-EC2Tag –Filter $filter
Filtering EC2 resource ID based on tag key name and tag value using wildcards:
In this example, the Get-EC2Tag cmdlet returns the resource IDs of EC2 instances that have a tag key name that matches the string “Contact” and a tag value that contains the string “John Doe.”
$filter1 = New-Object Amazon.EC2.Model.Filter -Property @(Name="key"; Values="Contact") $filter2 = New-Object Amazon.EC2.Model.Filter -Property @(Name="value"; Values="*John Doe*") $filters = $filter1, $filter2 Get-EC2Tag -Filter $filters
Here is sample output from the Get-EC2Tag cmdlet when filtering using these criteria:
ResourceId |
ResourceType |
Key |
Value |
i-2d477420 |
instance |
Contact |
OwnerContact=John Doe|1-55… |
i-2d477421 |
instance |
Contact |
OwnerContact=John Doe|1-55… |
i-2d477422 |
instance |
Contact |
OwnerContact=John Doe|1-55… |
Using Tag Filters with AWS CLI and describe-tags:
EC2 resource IDs in a region can be returned on a filtered basis by using describe-tags. Describe-tags supports filtering on the parameters "key", "resource-id", "resource-type", and "value." Basic wildcard filtering using * and ? are also supported.
Tag filtering examples
The following examples illustrate the use of tag filters with the AWS CLI.
Filtering EC2 resource ID based on tag key name:
In this example, the AWS CLI returns the resource IDs of EC2 instances that have a tag key name that matches the string “Contact.”
$ aws ec2 describe-tags --filters Name=key,Values="Contact"
Filtering EC2 resource ID based on tag value using wildcards:
In this example, the AWS CLI returns the resource IDs of EC2 instances that have a tag value that contains the string “John Doe.”
$ aws ec2 describe-tags --filters Name=value,Values="*John Doe*"
Filtering EC2 resource ID based on tag key name and tag value using wildcards
In this example, the AWS CLI returns the resource IDs of EC2 instances that have a tag key name that matches the string “Contact” and a tag value that contains the string “John Doe.”
aws ec2 describe-tags --filters Name=key,Values=Contact Name=value,Values="*John Doe*"
The output is the same as the preceding PowerShell examples.
Filtering EC2 instances according to their tags:
For examples of filtering your instances using tags with the describe-instances command, see Working with Tags Using the CLI or API.
Resource tagging is an effective tool to help manage AWS resources at increasing scale, providing the ability to identify, classify, and locate resources for management and billing purposes. EC2 tag filtering provides a way to both locate tagged resources and validate that tagging standards in your organization are implemented properly for optimal resource allocation and cost effectiveness.
Did this page help you? Yes | No
Back to the AWS Support Knowledge Center
Need help? Visit the AWS Support Center.
Published: 2015-11-06
Updated: 2016-06-09
