I would like to implement a structured, consistent strategy for tagging Amazon EC2 resources. How can I use tags to optimize the resource allocation and cost effectiveness of my EC2 resources?

From a simplistic viewpoint, tags are just name-value pairs of strings that can be assigned to AWS resources. I need more detailed information about tags to formulate an optimal tagging strategy for my EC2 usage scenario.

This article describes several fundamental resource tagging concepts:

• Tagging Overview
• Tagging Restrictions
• Tagging Naming Rules and Recommendations
• Tagging API and CLI Commands
• Using Tag Filters with AWS Tools for Windows PowerShell

Tags provide identification and classification of AWS resources by the association of descriptive metadata—for example, application identifier, environment, or owner. Each tag consists of a key and a value, both of which are user-defined strings. Tags can be used as a filter when requesting resources, such as EC2 instances, based on tag keys or values. Tags facilitate resource management at scale and appear on your monthly invoice, which can be particularly useful for cost allocation and control.

For the most up-to-date information about tagging restrictions, see Tag Restrictions in the Amazon EC2 documentation.

  • Tag key names are case sensitive and can contain alphanumeric characters (A-Z, a-z, 0-9), underscores, and hyphens.
  • Additional allowed characters are: letters, spaces, and numbers represented in UTF-8, plus the following special characters: + - = . _ : / @.
  • For the most up-to-date information regarding tagging restrictions, see Tag Restrictions in the Amazon EC2 documentation.

Compound Tags

To maximize the 50 tags that can be assigned to a resource, consider using compound tags. Compound tags combine multiple key-value pairs into a single key paired with a string comprised of multiple pipe delimited ‘values’. By doing this, you might combine the 3 keys “Ownername”, “OwnerPhone”, and “OwnerEmail” into one “OwnerContact” key paired with a pipe delimited string of values for name, phone, and e-mail address, such as: John Doe|1-555-555-1212|jdoe@example.com.

Tag Key Name Case

Tag key names should use upper CamelCase, a convention that combines words and abbreviations by beginning each word or abbreviation with a capital letter; for example: “MiscMetadata” and “SupportEndpoints”. Compound tag key names should use upper CamelCase followed by an equal sign (“=”), followed by multiple, pipe-delimited string values, such as: KeyName1=value1|value2|values3;KeyName2=value1|value2|value3.

Usage scenario

Example key name

Example key value

Simple tag

Owner

Bob

Compound tag value with

pipe delimiter

Contact

Bob|1-555-555-1212|bob@example.com

Compound tag value with semicolon and pipe delimiter

OnCall

Primary=Bob|1-555-555-1212|bob@example.com;Secondary=Bill|1-555-555-1212|bill@example.com

Application name – Application name with optional unique identifier and optional domain/resource name using pipe delimiter

WebApp

ProdWebApp|7231a74d|www.example.com

Application environment – Name of environment with optional tier name and/or business critical level using pipe delimiter

AppEnv

·  Production|Business Critical|Tier 1
·  Dev|Alpha|Tier 2
·  Test|Beta1|Tier 2

Resource role – The role that the resource fills in your infrastructure

Role

·  CustomerDb
·  HRWeb
·  MarketingCollab

Creator and owner contacts – Contact information for both the creator and owner of the resource (Name, Phone, Email) using semicolon and pipe delimiter

CreatorOwner

ResourceCreator=Doe, John|1-555-555-1212|jdoe@;ResourceOwner=Doe, Jane|1-555-555-1212|jadoe@

Business contact – Contact information (Name, Phone, Email) using semicolon and pipe delimiter

MarketingMgmt

SocialMediaLead=John Doe|1-555-555-1212|jdoe@example.com;TradMediaLead=Jane Doe|1-555-555-1212|jadoe@example.com

Support endpoints – Support endpoints using semicolon delimiter

UsSupportEndPoints

AlarmEndPoint=arn::SNS::topic1;ChangeApprovalEndPoint=arn::SQS::changequeue

Miscellaneous metadata – Miscellaneous metadata using semicolon delimiter and pipe delimiter

HrMiscMetadata

key1=value1|value2|value3;key2=value1|value2|value3

Partner contacts – Externally managed services partner contact information (Name, Phone, Email) using semicolon and pipe delimiter

NasSolutions-Contact

OwnerContact=John Doe|1-555-555-1212|jdoe@example.com;IncidentContact=Jane Doe|1-555-555-1212|jadoe@example.com

Use the following API and CLI commands to add, update, list, and delete the tags for your resources. The documentation for each command provides examples.

Description

Amazon EC2 CLI

AWS CLI

AWS Tools for Windows PowerShell

API Action

Adds or overwrites one or more tags for the specified resource(s)

ec2-create-tags

create-tags

New-EC2Tag Cmdlet

CreateTags

Deletes the specified tags from the specified resource(s)

ec2-delete-tags

delete-tags

Remove-EC2Tag Cmdlet

DeleteTags

Describes one or more tags for your resources

ec2-describe-tags

describe-tags

Get-EC2Tag Cmdlet

DescribeTags

EC2 resource IDs in a region can be returned on a filtered basis using AWS Tools for Windows PowerShell and the Get-EC2Tag cmdlet. Get-EC2Tag supports filtering on the parameters "key", "resource-id", "resource-type", and "value." Basic wildcard filtering using * and ? are also supported. The maximum number of EC2 resource IDs that can be returned in a single call is 1000. For more information on the Get-EC2Tag cmdlet, see Get-EC2Tag Cmdlet.

The following examples illustrate the use of tag filters with AWS Tools for Windows PowerShell.

Filtering EC2 resource ID based on tag key name:

In this example, the Get-EC2Tag cmdlet returns the resource IDs of EC2 instances that have a tag key name that matches the string “Contact.”

$filter = New-Object Amazon.EC2.Model.Filter –Property @(Name=”key”; Values=”Contact”)
Get-EC2Tag –Filter $filter

Filtering EC2 resource ID based on tag value using wildcards:

In this example, the Get-EC2Tag cmdlet returns the resource IDs of EC2 instances that have a tag value that contains the string “John Doe.”

$filter = New-Object Amazon.EC2.Model.Filter –Property @(Name=”value”; Values=”*John Doe*”)
Get-EC2Tag –Filter $filter

Filtering EC2 resource ID based on tag key name and tag value using wildcards:

In this example, the Get-EC2Tag cmdlet returns the resource IDs of EC2 instances that have a tag key name that matches the string “Contact” and a tag value that contains the string “John Doe.”

$filter1 = New-Object Amazon.EC2.Model.Filter -Property @(Name="key"; Values="Contact")
$filter2 = New-Object Amazon.EC2.Model.Filter -Property @(Name="value"; Values="*John Doe*")
$filters = $filter1, $filter2
Get-EC2Tag -Filter $filters

Here is sample output from the Get-EC2Tag cmdlet when filtering using these criteria:

ResourceId

ResourceType

Key

Value

i-2d477420

instance

Contact

OwnerContact=John Doe|1-55…

i-2d477421

instance

Contact

OwnerContact=John Doe|1-55…

i-2d477422

instance

Contact

OwnerContact=John Doe|1-55…

Using Tag Filters with AWS CLI and describe-tags:

EC2 resource IDs in a region can be returned on a filtered basis by using describe-tags. Describe-tags supports filtering on the parameters "key", "resource-id", "resource-type", and "value." Basic wildcard filtering using * and ? are also supported.

Tag filtering examples

The following examples illustrate the use of tag filters with the AWS CLI.

Filtering EC2 resource ID based on tag key name:

In this example, the AWS CLI returns the resource IDs of EC2 instances that have a tag key name that matches the string “Contact.”

$ aws ec2 describe-tags --filters Name=key,Values="Contact"

Filtering EC2 resource ID based on tag value using wildcards:

In this example, the AWS CLI returns the resource IDs of EC2 instances that have a tag value that contains the string “John Doe.”

$ aws ec2 describe-tags --filters Name=value,Values="*John Doe*"

Filtering EC2 resource ID based on tag key name and tag value using wildcards

In this example, the AWS CLI returns the resource IDs of EC2 instances that have a tag key name that matches the string “Contact” and a tag value that contains the string “John Doe.”

aws ec2 describe-tags --filters Name=key,Values=Contact Name=value,Values="*John Doe*"

The output is the same as the preceding PowerShell examples.

Filtering EC2 instances according to their tags:

For examples of filtering your instances using tags with the describe-instances command, see Working with Tags Using the CLI or API.

Resource tagging is an effective tool to help manage AWS resources at increasing scale, providing the ability to identify, classify, and locate resources for management and billing purposes. EC2 tag filtering provides a way to both locate tagged resources and validate that tagging standards in your organization are implemented properly for optimal resource allocation and cost effectiveness.


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center.

Published: 2015-11-06

Updated: 2016-06-09