{ "version":"2.0", "metadata":{ "apiVersion":"2017-01-26", "endpointPrefix":"tagging", "jsonVersion":"1.1", "protocol":"json", "serviceFullName":"AWS Resource Groups Tagging API", "serviceId":"Resource Groups Tagging API", "signatureVersion":"v4", "targetPrefix":"ResourceGroupsTaggingAPI_20170126", "uid":"resourcegroupstaggingapi-2017-01-26" }, "operations":{ "DescribeReportCreation":{ "name":"DescribeReportCreation", "http":{ "method":"POST", "requestUri":"/" }, "input":{"shape":"DescribeReportCreationInput"}, "output":{"shape":"DescribeReportCreationOutput"}, "errors":[ {"shape":"ConstraintViolationException"}, {"shape":"InternalServiceException"}, {"shape":"InvalidParameterException"}, {"shape":"ThrottledException"} ], "documentation":"

Describes the status of the StartReportCreation operation.

You can call this operation only from the organization's master account and from the us-east-1 Region.

" }, "GetComplianceSummary":{ "name":"GetComplianceSummary", "http":{ "method":"POST", "requestUri":"/" }, "input":{"shape":"GetComplianceSummaryInput"}, "output":{"shape":"GetComplianceSummaryOutput"}, "errors":[ {"shape":"ConstraintViolationException"}, {"shape":"InternalServiceException"}, {"shape":"InvalidParameterException"}, {"shape":"ThrottledException"} ], "documentation":"

Returns a table that shows counts of resources that are noncompliant with their tag policies.

For more information on tag policies, see Tag Policies in the AWS Organizations User Guide.

You can call this operation only from the organization's master account and from the us-east-1 Region.

" }, "GetResources":{ "name":"GetResources", "http":{ "method":"POST", "requestUri":"/" }, "input":{"shape":"GetResourcesInput"}, "output":{"shape":"GetResourcesOutput"}, "errors":[ {"shape":"InvalidParameterException"}, {"shape":"ThrottledException"}, {"shape":"InternalServiceException"}, {"shape":"PaginationTokenExpiredException"} ], "documentation":"

Returns all the tagged or previously tagged resources that are located in the specified Region for the AWS account.

Depending on what information you want returned, you can also specify the following:

You can check the PaginationToken response parameter to determine if a query is complete. Queries occasionally return fewer results on a page than allowed. The PaginationToken response parameter value is null only when there are no more results to display.

" }, "GetTagKeys":{ "name":"GetTagKeys", "http":{ "method":"POST", "requestUri":"/" }, "input":{"shape":"GetTagKeysInput"}, "output":{"shape":"GetTagKeysOutput"}, "errors":[ {"shape":"InvalidParameterException"}, {"shape":"ThrottledException"}, {"shape":"InternalServiceException"}, {"shape":"PaginationTokenExpiredException"} ], "documentation":"

Returns all tag keys in the specified Region for the AWS account.

" }, "GetTagValues":{ "name":"GetTagValues", "http":{ "method":"POST", "requestUri":"/" }, "input":{"shape":"GetTagValuesInput"}, "output":{"shape":"GetTagValuesOutput"}, "errors":[ {"shape":"InvalidParameterException"}, {"shape":"ThrottledException"}, {"shape":"InternalServiceException"}, {"shape":"PaginationTokenExpiredException"} ], "documentation":"

Returns all tag values for the specified key in the specified Region for the AWS account.

" }, "StartReportCreation":{ "name":"StartReportCreation", "http":{ "method":"POST", "requestUri":"/" }, "input":{"shape":"StartReportCreationInput"}, "output":{"shape":"StartReportCreationOutput"}, "errors":[ {"shape":"ConcurrentModificationException"}, {"shape":"ConstraintViolationException"}, {"shape":"InternalServiceException"}, {"shape":"InvalidParameterException"}, {"shape":"ThrottledException"} ], "documentation":"

Generates a report that lists all tagged resources in accounts across your organization and tells whether each resource is compliant with the effective tag policy. Compliance data is refreshed daily.

The generated report is saved to the following location:

s3://example-bucket/AwsTagPolicies/o-exampleorgid/YYYY-MM-ddTHH:mm:ssZ/report.csv

You can call this operation only from the organization's master account and from the us-east-1 Region.

" }, "TagResources":{ "name":"TagResources", "http":{ "method":"POST", "requestUri":"/" }, "input":{"shape":"TagResourcesInput"}, "output":{"shape":"TagResourcesOutput"}, "errors":[ {"shape":"InvalidParameterException"}, {"shape":"ThrottledException"}, {"shape":"InternalServiceException"} ], "documentation":"

Applies one or more tags to the specified resources. Note the following:

" }, "UntagResources":{ "name":"UntagResources", "http":{ "method":"POST", "requestUri":"/" }, "input":{"shape":"UntagResourcesInput"}, "output":{"shape":"UntagResourcesOutput"}, "errors":[ {"shape":"InvalidParameterException"}, {"shape":"ThrottledException"}, {"shape":"InternalServiceException"} ], "documentation":"

Removes the specified tags from the specified resources. When you specify a tag key, the action removes both that key and its associated value. The operation succeeds even if you attempt to remove tags from a resource that were already removed. Note the following:

" } }, "shapes":{ "AmazonResourceType":{ "type":"string", "max":256, "min":0, "pattern":"[\\s\\S]*" }, "ComplianceDetails":{ "type":"structure", "members":{ "NoncompliantKeys":{ "shape":"TagKeyList", "documentation":"

These tag keys on the resource are noncompliant with the effective tag policy.

" }, "KeysWithNoncompliantValues":{ "shape":"TagKeyList", "documentation":"

These are keys defined in the effective policy that are on the resource with either incorrect case treatment or noncompliant values.

" }, "ComplianceStatus":{ "shape":"ComplianceStatus", "documentation":"

Whether a resource is compliant with the effective tag policy.

" } }, "documentation":"

Information that shows whether a resource is compliant with the effective tag policy, including details on any noncompliant tag keys.

" }, "ComplianceStatus":{"type":"boolean"}, "ConcurrentModificationException":{ "type":"structure", "members":{ "Message":{"shape":"ExceptionMessage"} }, "documentation":"

The target of the operation is currently being modified by a different request. Try again later.

", "exception":true }, "ConstraintViolationException":{ "type":"structure", "members":{ "Message":{"shape":"ExceptionMessage"} }, "documentation":"

The request was denied because performing this operation violates a constraint.

Some of the reasons in the following list might not apply to this specific operation.

", "exception":true }, "DescribeReportCreationInput":{ "type":"structure", "members":{ } }, "DescribeReportCreationOutput":{ "type":"structure", "members":{ "Status":{ "shape":"Status", "documentation":"

Reports the status of the operation.

The operation status can be one of the following:

" }, "S3Location":{ "shape":"S3Location", "documentation":"

The path to the Amazon S3 bucket where the report was stored on creation.

" }, "ErrorMessage":{ "shape":"ErrorMessage", "documentation":"

Details of the common errors that all operations return.

" } } }, "ErrorCode":{ "type":"string", "enum":[ "InternalServiceException", "InvalidParameterException" ] }, "ErrorMessage":{"type":"string"}, "ExceptionMessage":{ "type":"string", "max":2048, "min":0 }, "ExcludeCompliantResources":{"type":"boolean"}, "FailedResourcesMap":{ "type":"map", "key":{"shape":"ResourceARN"}, "value":{"shape":"FailureInfo"} }, "FailureInfo":{ "type":"structure", "members":{ "StatusCode":{ "shape":"StatusCode", "documentation":"

The HTTP status code of the common error.

" }, "ErrorCode":{ "shape":"ErrorCode", "documentation":"

The code of the common error. Valid values include InternalServiceException, InvalidParameterException, and any valid error code returned by the AWS service that hosts the resource that you want to tag.

" }, "ErrorMessage":{ "shape":"ErrorMessage", "documentation":"

The message of the common error.

" } }, "documentation":"

Information about the errors that are returned for each failed resource. This information can include InternalServiceException and InvalidParameterException errors. It can also include any valid error code returned by the AWS service that hosts the resource that the ARN key represents.

The following are common error codes that you might receive from other AWS services:

For more information on errors that are generated from other AWS services, see the documentation for that service.

" }, "GetComplianceSummaryInput":{ "type":"structure", "members":{ "TargetIdFilters":{ "shape":"TargetIdFilterList", "documentation":"

The target identifiers (usually, specific account IDs) to limit the output by. If you use this parameter, the count of returned noncompliant resources includes only resources with the specified target IDs.

" }, "RegionFilters":{ "shape":"RegionFilterList", "documentation":"

A list of Regions to limit the output by. If you use this parameter, the count of returned noncompliant resources includes only resources in the specified Regions.

" }, "ResourceTypeFilters":{ "shape":"ResourceTypeFilterList", "documentation":"

The constraints on the resources that you want returned. The format of each resource type is service[:resourceType]. For example, specifying a resource type of ec2 returns all Amazon EC2 resources (which includes EC2 instances). Specifying a resource type of ec2:instance returns only EC2 instances.

The string for each service name and resource type is the same as that embedded in a resource's Amazon Resource Name (ARN). Consult the AWS General Reference for the following:

You can specify multiple resource types by using an array. The array can include up to 100 items. Note that the length constraint requirement applies to each resource type filter.

" }, "TagKeyFilters":{ "shape":"TagKeyFilterList", "documentation":"

A list of tag keys to limit the output by. If you use this parameter, the count of returned noncompliant resources includes only resources that have the specified tag keys.

" }, "GroupBy":{ "shape":"GroupBy", "documentation":"

A list of attributes to group the counts of noncompliant resources by. If supplied, the counts are sorted by those attributes.

" }, "MaxResults":{ "shape":"MaxResultsGetComplianceSummary", "documentation":"

A limit that restricts the number of results that are returned per page.

" }, "PaginationToken":{ "shape":"PaginationToken", "documentation":"

A string that indicates that additional data is available. Leave this value empty for your initial request. If the response includes a PaginationToken, use that string for this value to request an additional page of data.

" } } }, "GetComplianceSummaryOutput":{ "type":"structure", "members":{ "SummaryList":{ "shape":"SummaryList", "documentation":"

A table that shows counts of noncompliant resources.

" }, "PaginationToken":{ "shape":"PaginationToken", "documentation":"

A string that indicates that the response contains more data than can be returned in a single response. To receive additional data, specify this string for the PaginationToken value in a subsequent request.

" } } }, "GetResourcesInput":{ "type":"structure", "members":{ "PaginationToken":{ "shape":"PaginationToken", "documentation":"

A string that indicates that additional data is available. Leave this value empty for your initial request. If the response includes a PaginationToken, use that string for this value to request an additional page of data.

" }, "TagFilters":{ "shape":"TagFilterList", "documentation":"

A list of TagFilters (keys and values). Each TagFilter specified must contain a key with values as optional. A request can include up to 50 keys, and each key can include up to 20 values.

Note the following when deciding how to use TagFilters:

" }, "ResourcesPerPage":{ "shape":"ResourcesPerPage", "documentation":"

A limit that restricts the number of resources returned by GetResources in paginated output. You can set ResourcesPerPage to a minimum of 1 item and the maximum of 100 items.

" }, "TagsPerPage":{ "shape":"TagsPerPage", "documentation":"

AWS recommends using ResourcesPerPage instead of this parameter.

A limit that restricts the number of tags (key and value pairs) returned by GetResources in paginated output. A resource with no tags is counted as having one tag (one key and value pair).

GetResources does not split a resource and its associated tags across pages. If the specified TagsPerPage would cause such a break, a PaginationToken is returned in place of the affected resource and its tags. Use that token in another request to get the remaining data. For example, if you specify a TagsPerPage of 100 and the account has 22 resources with 10 tags each (meaning that each resource has 10 key and value pairs), the output will consist of three pages. The first page displays the first 10 resources, each with its 10 tags. The second page displays the next 10 resources, each with its 10 tags. The third page displays the remaining 2 resources, each with its 10 tags.

You can set TagsPerPage to a minimum of 100 items and the maximum of 500 items.

" }, "ResourceTypeFilters":{ "shape":"ResourceTypeFilterList", "documentation":"

The constraints on the resources that you want returned. The format of each resource type is service[:resourceType]. For example, specifying a resource type of ec2 returns all Amazon EC2 resources (which includes EC2 instances). Specifying a resource type of ec2:instance returns only EC2 instances.

The string for each service name and resource type is the same as that embedded in a resource's Amazon Resource Name (ARN). Consult the AWS General Reference for the following:

You can specify multiple resource types by using an array. The array can include up to 100 items. Note that the length constraint requirement applies to each resource type filter.

" }, "IncludeComplianceDetails":{ "shape":"IncludeComplianceDetails", "documentation":"

Specifies whether to include details regarding the compliance with the effective tag policy. Set this to true to determine whether resources are compliant with the tag policy and to get details.

" }, "ExcludeCompliantResources":{ "shape":"ExcludeCompliantResources", "documentation":"

Specifies whether to exclude resources that are compliant with the tag policy. Set this to true if you are interested in retrieving information on noncompliant resources only.

You can use this parameter only if the IncludeComplianceDetails parameter is also set to true.

" } } }, "GetResourcesOutput":{ "type":"structure", "members":{ "PaginationToken":{ "shape":"PaginationToken", "documentation":"

A string that indicates that the response contains more data than can be returned in a single response. To receive additional data, specify this string for the PaginationToken value in a subsequent request.

" }, "ResourceTagMappingList":{ "shape":"ResourceTagMappingList", "documentation":"

A list of resource ARNs and the tags (keys and values) associated with each.

" } } }, "GetTagKeysInput":{ "type":"structure", "members":{ "PaginationToken":{ "shape":"PaginationToken", "documentation":"

A string that indicates that additional data is available. Leave this value empty for your initial request. If the response includes a PaginationToken, use that string for this value to request an additional page of data.

" } } }, "GetTagKeysOutput":{ "type":"structure", "members":{ "PaginationToken":{ "shape":"PaginationToken", "documentation":"

A string that indicates that the response contains more data than can be returned in a single response. To receive additional data, specify this string for the PaginationToken value in a subsequent request.

" }, "TagKeys":{ "shape":"TagKeyList", "documentation":"

A list of all tag keys in the AWS account.

" } } }, "GetTagValuesInput":{ "type":"structure", "required":["Key"], "members":{ "PaginationToken":{ "shape":"PaginationToken", "documentation":"

A string that indicates that additional data is available. Leave this value empty for your initial request. If the response includes a PaginationToken, use that string for this value to request an additional page of data.

" }, "Key":{ "shape":"TagKey", "documentation":"

The key for which you want to list all existing values in the specified Region for the AWS account.

" } } }, "GetTagValuesOutput":{ "type":"structure", "members":{ "PaginationToken":{ "shape":"PaginationToken", "documentation":"

A string that indicates that the response contains more data than can be returned in a single response. To receive additional data, specify this string for the PaginationToken value in a subsequent request.

" }, "TagValues":{ "shape":"TagValuesOutputList", "documentation":"

A list of all tag values for the specified key in the AWS account.

" } } }, "GroupBy":{ "type":"list", "member":{"shape":"GroupByAttribute"} }, "GroupByAttribute":{ "type":"string", "enum":[ "TARGET_ID", "REGION", "RESOURCE_TYPE" ] }, "IncludeComplianceDetails":{"type":"boolean"}, "InternalServiceException":{ "type":"structure", "members":{ "Message":{"shape":"ExceptionMessage"} }, "documentation":"

The request processing failed because of an unknown error, exception, or failure. You can retry the request.

", "exception":true, "fault":true }, "InvalidParameterException":{ "type":"structure", "members":{ "Message":{"shape":"ExceptionMessage"} }, "documentation":"

This error indicates one of the following:

", "exception":true }, "LastUpdated":{"type":"string"}, "MaxResultsGetComplianceSummary":{ "type":"integer", "max":1000, "min":1 }, "NonCompliantResources":{"type":"long"}, "PaginationToken":{ "type":"string", "max":2048, "min":0, "pattern":"[\\s\\S]*" }, "PaginationTokenExpiredException":{ "type":"structure", "members":{ "Message":{"shape":"ExceptionMessage"} }, "documentation":"

A PaginationToken is valid for a maximum of 15 minutes. Your request was denied because the specified PaginationToken has expired.

", "exception":true }, "Region":{ "type":"string", "max":256, "min":1, "pattern":"[\\s\\S]*" }, "RegionFilterList":{ "type":"list", "member":{"shape":"Region"}, "max":100, "min":1 }, "ResourceARN":{ "type":"string", "max":1011, "min":1, "pattern":"[\\s\\S]*" }, "ResourceARNList":{ "type":"list", "member":{"shape":"ResourceARN"}, "max":20, "min":1 }, "ResourceTagMapping":{ "type":"structure", "members":{ "ResourceARN":{ "shape":"ResourceARN", "documentation":"

The ARN of the resource.

" }, "Tags":{ "shape":"TagList", "documentation":"

The tags that have been applied to one or more AWS resources.

" }, "ComplianceDetails":{ "shape":"ComplianceDetails", "documentation":"

Information that shows whether a resource is compliant with the effective tag policy, including details on any noncompliant tag keys.

" } }, "documentation":"

A list of resource ARNs and the tags (keys and values) that are associated with each.

" }, "ResourceTagMappingList":{ "type":"list", "member":{"shape":"ResourceTagMapping"} }, "ResourceTypeFilterList":{ "type":"list", "member":{"shape":"AmazonResourceType"} }, "ResourcesPerPage":{"type":"integer"}, "S3Bucket":{ "type":"string", "max":63, "min":3, "pattern":"[\\s\\S]*" }, "S3Location":{"type":"string"}, "StartReportCreationInput":{ "type":"structure", "required":["S3Bucket"], "members":{ "S3Bucket":{ "shape":"S3Bucket", "documentation":"

The name of the Amazon S3 bucket where the report will be stored; for example:

awsexamplebucket

For more information on S3 bucket requirements, including an example bucket policy, see the example S3 bucket policy on this page.

" } } }, "StartReportCreationOutput":{ "type":"structure", "members":{ } }, "Status":{"type":"string"}, "StatusCode":{"type":"integer"}, "Summary":{ "type":"structure", "members":{ "LastUpdated":{ "shape":"LastUpdated", "documentation":"

The timestamp that shows when this summary was generated in this Region.

" }, "TargetId":{ "shape":"TargetId", "documentation":"

The account identifier or the root identifier of the organization. If you don't know the root ID, you can call the AWS Organizations ListRoots API.

" }, "TargetIdType":{ "shape":"TargetIdType", "documentation":"

Whether the target is an account, an OU, or the organization root.

" }, "Region":{ "shape":"Region", "documentation":"

The AWS Region that the summary applies to.

" }, "ResourceType":{ "shape":"AmazonResourceType", "documentation":"

The AWS resource type.

" }, "NonCompliantResources":{ "shape":"NonCompliantResources", "documentation":"

The count of noncompliant resources.

" } }, "documentation":"

A count of noncompliant resources.

" }, "SummaryList":{ "type":"list", "member":{"shape":"Summary"} }, "Tag":{ "type":"structure", "required":[ "Key", "Value" ], "members":{ "Key":{ "shape":"TagKey", "documentation":"

One part of a key-value pair that makes up a tag. A key is a general label that acts like a category for more specific tag values.

" }, "Value":{ "shape":"TagValue", "documentation":"

The optional part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key).

" } }, "documentation":"

The metadata that you apply to AWS resources to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. For more information, see Tagging AWS Resources in the AWS General Reference.

" }, "TagFilter":{ "type":"structure", "members":{ "Key":{ "shape":"TagKey", "documentation":"

One part of a key-value pair that makes up a tag. A key is a general label that acts like a category for more specific tag values.

" }, "Values":{ "shape":"TagValueList", "documentation":"

The optional part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key).

" } }, "documentation":"

A list of tags (keys and values) that are used to specify the associated resources.

" }, "TagFilterList":{ "type":"list", "member":{"shape":"TagFilter"}, "max":50, "min":0 }, "TagKey":{ "type":"string", "max":128, "min":1, "pattern":"[\\s\\S]*" }, "TagKeyFilterList":{ "type":"list", "member":{"shape":"TagKey"}, "max":50, "min":1 }, "TagKeyList":{ "type":"list", "member":{"shape":"TagKey"} }, "TagKeyListForUntag":{ "type":"list", "member":{"shape":"TagKey"}, "max":50, "min":1 }, "TagList":{ "type":"list", "member":{"shape":"Tag"} }, "TagMap":{ "type":"map", "key":{"shape":"TagKey"}, "value":{"shape":"TagValue"}, "max":50, "min":1 }, "TagResourcesInput":{ "type":"structure", "required":[ "ResourceARNList", "Tags" ], "members":{ "ResourceARNList":{ "shape":"ResourceARNList", "documentation":"

A list of ARNs. An ARN (Amazon Resource Name) uniquely identifies a resource. You can specify a minimum of 1 and a maximum of 20 ARNs (resources) to tag. An ARN can be set to a maximum of 1600 characters. For more information, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

" }, "Tags":{ "shape":"TagMap", "documentation":"

The tags that you want to add to the specified resources. A tag consists of a key and a value that you define.

" } } }, "TagResourcesOutput":{ "type":"structure", "members":{ "FailedResourcesMap":{ "shape":"FailedResourcesMap", "documentation":"

A map containing a key-value pair for each failed item that couldn't be tagged. The key is the ARN of the failed resource. The value is a FailureInfo object that contains an error code, a status code, and an error message. If there are no errors, the FailedResourcesMap is empty.

" } } }, "TagValue":{ "type":"string", "max":256, "min":0, "pattern":"[\\s\\S]*" }, "TagValueList":{ "type":"list", "member":{"shape":"TagValue"}, "max":20, "min":0 }, "TagValuesOutputList":{ "type":"list", "member":{"shape":"TagValue"} }, "TagsPerPage":{"type":"integer"}, "TargetId":{ "type":"string", "max":68, "min":6, "pattern":"[\\s\\S]*" }, "TargetIdFilterList":{ "type":"list", "member":{"shape":"TargetId"}, "max":100, "min":1 }, "TargetIdType":{ "type":"string", "enum":[ "ACCOUNT", "OU", "ROOT" ] }, "ThrottledException":{ "type":"structure", "members":{ "Message":{"shape":"ExceptionMessage"} }, "documentation":"

The request was denied to limit the frequency of submitted requests.

", "exception":true }, "UntagResourcesInput":{ "type":"structure", "required":[ "ResourceARNList", "TagKeys" ], "members":{ "ResourceARNList":{ "shape":"ResourceARNList", "documentation":"

A list of ARNs. An ARN (Amazon Resource Name) uniquely identifies a resource. You can specify a minimum of 1 and a maximum of 20 ARNs (resources) to untag. An ARN can be set to a maximum of 1600 characters. For more information, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

" }, "TagKeys":{ "shape":"TagKeyListForUntag", "documentation":"

A list of the tag keys that you want to remove from the specified resources.

" } } }, "UntagResourcesOutput":{ "type":"structure", "members":{ "FailedResourcesMap":{ "shape":"FailedResourcesMap", "documentation":"

Details of resources that could not be untagged. An error code, status code, and error message are returned for each failed item.

" } } } }, "documentation":"Resource Groups Tagging API

This guide describes the API operations for the resource groups tagging.

A tag is a label that you assign to an AWS resource. A tag consists of a key and a value, both of which you define. For example, if you have two Amazon EC2 instances, you might assign both a tag key of \"Stack.\" But the value of \"Stack\" might be \"Testing\" for one and \"Production\" for the other.

Tagging can help you organize your resources and enables you to simplify resource management, access management and cost allocation.

You can use the resource groups tagging API operations to complete the following tasks:

To use resource groups tagging API operations, you must add the following permissions to your IAM policy:

You'll also need permissions to access the resources of individual services so that you can tag and untag those resources.

For more information on IAM policies, see Managing IAM Policies in the IAM User Guide.

You can use the Resource Groups Tagging API to tag resources for the following AWS services.

" }