Table of Contents
A low-level client representing AWS Resource Groups Tagging API
import boto3
client = boto3.client('resourcegroupstaggingapi')
These are the available methods:
Check if an operation can be paginated.
Describes the status of the StartReportCreation operation.
You can call this operation only from the organization's management account and from the us-east-1 Region.
See also: AWS API Documentation
Request Syntax
response = client.describe_report_creation()
{
'Status': 'string',
'S3Location': 'string',
'ErrorMessage': 'string'
}
Response Structure
Reports the status of the operation.
The operation status can be one of the following:
The path to the Amazon S3 bucket where the report was stored on creation.
Details of the common errors that all operations return.
Exceptions
Generate a presigned url given a client, its method, and arguments
The presigned url
Returns a table that shows counts of resources that are noncompliant with their tag policies.
For more information on tag policies, see Tag Policies in the AWS Organizations User Guide.
You can call this operation only from the organization's management account and from the us-east-1 Region.
This operation supports pagination, where the response can be sent in multiple pages. You should check the PaginationToken response parameter to determine if there are additional results available to return. Repeat the query, passing the PaginationToken response parameter value as an input to the next request until you recieve a null value. A null value for PaginationToken indicates that there are no more results waiting to be returned.
See also: AWS API Documentation
Request Syntax
response = client.get_compliance_summary(
TargetIdFilters=[
'string',
],
RegionFilters=[
'string',
],
ResourceTypeFilters=[
'string',
],
TagKeyFilters=[
'string',
],
GroupBy=[
'TARGET_ID'|'REGION'|'RESOURCE_TYPE',
],
MaxResults=123,
PaginationToken='string'
)
Specifies target identifiers (usually, specific account IDs) to limit the output by. If you use this parameter, the count of returned noncompliant resources includes only resources with the specified target IDs.
Specifies a list of AWS Regions to limit the output by. If you use this parameter, the count of returned noncompliant resources includes only resources in the specified Regions.
Specifies that you want the response to include information for only resources of the specified types. The format of each resource type is service[:resourceType] . For example, specifying a resource type of ec2 returns all Amazon EC2 resources (which includes EC2 instances). Specifying a resource type of ec2:instance returns only EC2 instances.
The string for each service name and resource type is the same as that embedded in a resource's Amazon Resource Name (ARN). Consult the AWS General Reference for the following:
You can specify multiple resource types by using a comma separated array. The array can include up to 100 items. Note that the length constraint requirement applies to each resource type filter.
Specifies that you want the response to include information for only resources that have tags with the specified tag keys. If you use this parameter, the count of returned noncompliant resources includes only resources that have the specified tag keys.
Specifies a list of attributes to group the counts of noncompliant resources by. If supplied, the counts are sorted by those attributes.
dict
Response Syntax
{
'SummaryList': [
{
'LastUpdated': 'string',
'TargetId': 'string',
'TargetIdType': 'ACCOUNT'|'OU'|'ROOT',
'Region': 'string',
'ResourceType': 'string',
'NonCompliantResources': 123
},
],
'PaginationToken': 'string'
}
Response Structure
(dict) --
SummaryList (list) --
A table that shows counts of noncompliant resources.
(dict) --
A count of noncompliant resources.
LastUpdated (string) --
The timestamp that shows when this summary was generated in this Region.
TargetId (string) --
The account identifier or the root identifier of the organization. If you don't know the root ID, you can call the AWS Organizations ListRoots API.
TargetIdType (string) --
Whether the target is an account, an OU, or the organization root.
Region (string) --
The AWS Region that the summary applies to.
ResourceType (string) --
The AWS resource type.
NonCompliantResources (integer) --
The count of noncompliant resources.
PaginationToken (string) --
A string that indicates that there is more data available than this response contains. To receive the next part of the response, specify this response value as the PaginationToken value in the request for the next page.
Exceptions
Create a paginator for an operation.
Returns all the tagged or previously tagged resources that are located in the specified Region for the AWS account.
Depending on what information you want returned, you can also specify the following:
This operation supports pagination, where the response can be sent in multiple pages. You should check the PaginationToken response parameter to determine if there are additional results available to return. Repeat the query, passing the PaginationToken response parameter value as an input to the next request until you recieve a null value. A null value for PaginationToken indicates that there are no more results waiting to be returned.
See also: AWS API Documentation
Request Syntax
response = client.get_resources(
PaginationToken='string',
TagFilters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
ResourcesPerPage=123,
TagsPerPage=123,
ResourceTypeFilters=[
'string',
],
IncludeComplianceDetails=True|False,
ExcludeCompliantResources=True|False,
ResourceARNList=[
'string',
]
)
Specifies a list of TagFilters (keys and values) to restrict the output to only those resources that have the specified tag and, if included, the specified value. Each TagFilter must contain a key with values optional. A request can include up to 50 keys, and each key can include up to 20 values.
Note the following when deciding how to use TagFilters:
A list of tags (keys and values) that are used to specify the associated resources.
One part of a key-value pair that makes up a tag. A key is a general label that acts like a category for more specific tag values.
One part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key). The value can be empty or null.
AWS recommends using ResourcesPerPage instead of this parameter.
A limit that restricts the number of tags (key and value pairs) returned by GetResources in paginated output. A resource with no tags is counted as having one tag (one key and value pair).
GetResources does not split a resource and its associated tags across pages. If the specified TagsPerPage would cause such a break, a PaginationToken is returned in place of the affected resource and its tags. Use that token in another request to get the remaining data. For example, if you specify a TagsPerPage of 100 and the account has 22 resources with 10 tags each (meaning that each resource has 10 key and value pairs), the output will consist of three pages. The first page displays the first 10 resources, each with its 10 tags. The second page displays the next 10 resources, each with its 10 tags. The third page displays the remaining 2 resources, each with its 10 tags.
You can set TagsPerPage to a minimum of 100 items up to a maximum of 500 items.
Specifies the resource types that you want included in the response. The format of each resource type is service[:resourceType] . For example, specifying a resource type of ec2 returns all Amazon EC2 resources (which includes EC2 instances). Specifying a resource type of ec2:instance returns only EC2 instances.
The string for each service name and resource type is the same as that embedded in a resource's Amazon Resource Name (ARN). Consult the AWS General Reference for the following:
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces .
You can specify multiple resource types by using an array. The array can include up to 100 items. Note that the length constraint requirement applies to each resource type filter.
Specifies whether to exclude resources that are compliant with the tag policy. Set this to true if you are interested in retrieving information on noncompliant resources only.
You can use this parameter only if the IncludeComplianceDetails parameter is also set to true .
Specifies a list of ARNs of resources for which you want to retrieve tag data. You can't specify both this parameter and any of the pagination parameters (ResourcesPerPage , TagsPerPage , PaginationToken ) in the same request. If you specify both, you get an Invalid Parameter exception.
If a resource specified by this parameter doesn't exist, it doesn't generate an error; it simply isn't included in the response.
An ARN (Amazon Resource Name) uniquely identifies a resource. For more information, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference .
dict
Response Syntax
{
'PaginationToken': 'string',
'ResourceTagMappingList': [
{
'ResourceARN': 'string',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
],
'ComplianceDetails': {
'NoncompliantKeys': [
'string',
],
'KeysWithNoncompliantValues': [
'string',
],
'ComplianceStatus': True|False
}
},
]
}
Response Structure
(dict) --
PaginationToken (string) --
A string that indicates that there is more data available than this response contains. To receive the next part of the response, specify this response value as the PaginationToken value in the request for the next page.
ResourceTagMappingList (list) --
A list of resource ARNs and the tags (keys and values) associated with those ARNs.
(dict) --
A list of resource ARNs and the tags (keys and values) that are associated with each.
ResourceARN (string) --
The ARN of the resource.
Tags (list) --
The tags that have been applied to one or more AWS resources.
(dict) --
The metadata that you apply to AWS resources to help you categorize and organize them. Each tag consists of a key and a value, both of which you define. For more information, see Tagging AWS Resources in the AWS General Reference .
Key (string) --
One part of a key-value pair that makes up a tag. A key is a general label that acts like a category for more specific tag values.
Value (string) --
One part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key). The value can be empty or null.
ComplianceDetails (dict) --
Information that shows whether a resource is compliant with the effective tag policy, including details on any noncompliant tag keys.
NoncompliantKeys (list) --
These tag keys on the resource are noncompliant with the effective tag policy.
KeysWithNoncompliantValues (list) --
These are keys defined in the effective policy that are on the resource with either incorrect case treatment or noncompliant values.
ComplianceStatus (boolean) --
Whether a resource is compliant with the effective tag policy.
Exceptions
Returns all tag keys currently in use in the specified Region for the calling AWS account.
This operation supports pagination, where the response can be sent in multiple pages. You should check the PaginationToken response parameter to determine if there are additional results available to return. Repeat the query, passing the PaginationToken response parameter value as an input to the next request until you recieve a null value. A null value for PaginationToken indicates that there are no more results waiting to be returned.
See also: AWS API Documentation
Request Syntax
response = client.get_tag_keys(
PaginationToken='string'
)
{
'PaginationToken': 'string',
'TagKeys': [
'string',
]
}
Response Structure
A string that indicates that there is more data available than this response contains. To receive the next part of the response, specify this response value as the PaginationToken value in the request for the next page.
A list of all tag keys in the AWS account.
Exceptions
Returns all tag values for the specified key that are used in the specified AWS Region for the calling AWS account.
This operation supports pagination, where the response can be sent in multiple pages. You should check the PaginationToken response parameter to determine if there are additional results available to return. Repeat the query, passing the PaginationToken response parameter value as an input to the next request until you recieve a null value. A null value for PaginationToken indicates that there are no more results waiting to be returned.
See also: AWS API Documentation
Request Syntax
response = client.get_tag_values(
PaginationToken='string',
Key='string'
)
[REQUIRED]
Specifies the tag key for which you want to list all existing values that are currently used in the specified AWS Region for the calling AWS account.
dict
Response Syntax
{
'PaginationToken': 'string',
'TagValues': [
'string',
]
}
Response Structure
(dict) --
PaginationToken (string) --
A string that indicates that there is more data available than this response contains. To receive the next part of the response, specify this response value as the PaginationToken value in the request for the next page.
TagValues (list) --
A list of all tag values for the specified key currently used in the specified AWS Region for the calling AWS account.
Exceptions
Returns an object that can wait for some condition.
Generates a report that lists all tagged resources in the accounts across your organization and tells whether each resource is compliant with the effective tag policy. Compliance data is refreshed daily. The report is generated asynchronously.
The generated report is saved to the following location:
s3://example-bucket/AwsTagPolicies/o-exampleorgid/YYYY-MM-ddTHH:mm:ssZ/report.csv
You can call this operation only from the organization's management account and from the us-east-1 Region.
See also: AWS API Documentation
Request Syntax
response = client.start_report_creation(
S3Bucket='string'
)
[REQUIRED]
The name of the Amazon S3 bucket where the report will be stored; for example:
awsexamplebucket
For more information on S3 bucket requirements, including an example bucket policy, see the example S3 bucket policy on this page.
{}
Response Structure
Exceptions
Applies one or more tags to the specified resources. Note the following:
Warning
Do not store personally identifiable information (PII) or other confidential or sensitive information in tags. We use tags to provide you with billing and administration services. Tags are not intended to be used for private or sensitive data.
See also: AWS API Documentation
Request Syntax
response = client.tag_resources(
ResourceARNList=[
'string',
],
Tags={
'string': 'string'
}
)
[REQUIRED]
Specifies the list of ARNs of the resources that you want to apply tags to.
An ARN (Amazon Resource Name) uniquely identifies a resource. For more information, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference .
[REQUIRED]
Specifies a list of tags that you want to add to the specified resources. A tag consists of a key and a value that you define.
dict
Response Syntax
{
'FailedResourcesMap': {
'string': {
'StatusCode': 123,
'ErrorCode': 'InternalServiceException'|'InvalidParameterException',
'ErrorMessage': 'string'
}
}
}
Response Structure
(dict) --
FailedResourcesMap (dict) --
A map containing a key-value pair for each failed item that couldn't be tagged. The key is the ARN of the failed resource. The value is a FailureInfo object that contains an error code, a status code, and an error message. If there are no errors, the FailedResourcesMap is empty.
(string) --
(dict) --
Information about the errors that are returned for each failed resource. This information can include InternalServiceException and InvalidParameterException errors. It can also include any valid error code returned by the AWS service that hosts the resource that the ARN key represents.
The following are common error codes that you might receive from other AWS services:
For more information on errors that are generated from other AWS services, see the documentation for that service.
StatusCode (integer) --
The HTTP status code of the common error.
ErrorCode (string) --
The code of the common error. Valid values include InternalServiceException , InvalidParameterException , and any valid error code returned by the AWS service that hosts the resource that you want to tag.
ErrorMessage (string) --
The message of the common error.
Exceptions
Removes the specified tags from the specified resources. When you specify a tag key, the action removes both that key and its associated value. The operation succeeds even if you attempt to remove tags from a resource that were already removed. Note the following:
See also: AWS API Documentation
Request Syntax
response = client.untag_resources(
ResourceARNList=[
'string',
],
TagKeys=[
'string',
]
)
[REQUIRED]
Specifies a list of ARNs of the resources that you want to remove tags from.
An ARN (Amazon Resource Name) uniquely identifies a resource. For more information, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference .
[REQUIRED]
Specifies a list of tag keys that you want to remove from the specified resources.
dict
Response Syntax
{
'FailedResourcesMap': {
'string': {
'StatusCode': 123,
'ErrorCode': 'InternalServiceException'|'InvalidParameterException',
'ErrorMessage': 'string'
}
}
}
Response Structure
(dict) --
FailedResourcesMap (dict) --
A map containing a key-value pair for each failed item that couldn't be untagged. The key is the ARN of the failed resource. The value is a FailureInfo object that contains an error code, a status code, and an error message. If there are no errors, the FailedResourcesMap is empty.
(string) --
(dict) --
Information about the errors that are returned for each failed resource. This information can include InternalServiceException and InvalidParameterException errors. It can also include any valid error code returned by the AWS service that hosts the resource that the ARN key represents.
The following are common error codes that you might receive from other AWS services:
For more information on errors that are generated from other AWS services, see the documentation for that service.
StatusCode (integer) --
The HTTP status code of the common error.
ErrorCode (string) --
The code of the common error. Valid values include InternalServiceException , InvalidParameterException , and any valid error code returned by the AWS service that hosts the resource that you want to tag.
ErrorMessage (string) --
The message of the common error.
Exceptions
The available paginators are:
paginator = client.get_paginator('get_compliance_summary')
Creates an iterator that will paginate through responses from ResourceGroupsTaggingAPI.Client.get_compliance_summary().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
TargetIdFilters=[
'string',
],
RegionFilters=[
'string',
],
ResourceTypeFilters=[
'string',
],
TagKeyFilters=[
'string',
],
GroupBy=[
'TARGET_ID'|'REGION'|'RESOURCE_TYPE',
],
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
Specifies target identifiers (usually, specific account IDs) to limit the output by. If you use this parameter, the count of returned noncompliant resources includes only resources with the specified target IDs.
Specifies a list of AWS Regions to limit the output by. If you use this parameter, the count of returned noncompliant resources includes only resources in the specified Regions.
Specifies that you want the response to include information for only resources of the specified types. The format of each resource type is service[:resourceType] . For example, specifying a resource type of ec2 returns all Amazon EC2 resources (which includes EC2 instances). Specifying a resource type of ec2:instance returns only EC2 instances.
The string for each service name and resource type is the same as that embedded in a resource's Amazon Resource Name (ARN). Consult the AWS General Reference for the following:
You can specify multiple resource types by using a comma separated array. The array can include up to 100 items. Note that the length constraint requirement applies to each resource type filter.
Specifies that you want the response to include information for only resources that have tags with the specified tag keys. If you use this parameter, the count of returned noncompliant resources includes only resources that have the specified tag keys.
Specifies a list of attributes to group the counts of noncompliant resources by. If supplied, the counts are sorted by those attributes.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'SummaryList': [
{
'LastUpdated': 'string',
'TargetId': 'string',
'TargetIdType': 'ACCOUNT'|'OU'|'ROOT',
'Region': 'string',
'ResourceType': 'string',
'NonCompliantResources': 123
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
SummaryList (list) --
A table that shows counts of noncompliant resources.
(dict) --
A count of noncompliant resources.
LastUpdated (string) --
The timestamp that shows when this summary was generated in this Region.
TargetId (string) --
The account identifier or the root identifier of the organization. If you don't know the root ID, you can call the AWS Organizations ListRoots API.
TargetIdType (string) --
Whether the target is an account, an OU, or the organization root.
Region (string) --
The AWS Region that the summary applies to.
ResourceType (string) --
The AWS resource type.
NonCompliantResources (integer) --
The count of noncompliant resources.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('get_resources')
Creates an iterator that will paginate through responses from ResourceGroupsTaggingAPI.Client.get_resources().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
TagFilters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
TagsPerPage=123,
ResourceTypeFilters=[
'string',
],
IncludeComplianceDetails=True|False,
ExcludeCompliantResources=True|False,
ResourceARNList=[
'string',
],
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
Specifies a list of TagFilters (keys and values) to restrict the output to only those resources that have the specified tag and, if included, the specified value. Each TagFilter must contain a key with values optional. A request can include up to 50 keys, and each key can include up to 20 values.
Note the following when deciding how to use TagFilters:
A list of tags (keys and values) that are used to specify the associated resources.
One part of a key-value pair that makes up a tag. A key is a general label that acts like a category for more specific tag values.
One part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key). The value can be empty or null.
AWS recommends using ResourcesPerPage instead of this parameter.
A limit that restricts the number of tags (key and value pairs) returned by GetResources in paginated output. A resource with no tags is counted as having one tag (one key and value pair).
GetResources does not split a resource and its associated tags across pages. If the specified TagsPerPage would cause such a break, a PaginationToken is returned in place of the affected resource and its tags. Use that token in another request to get the remaining data. For example, if you specify a TagsPerPage of 100 and the account has 22 resources with 10 tags each (meaning that each resource has 10 key and value pairs), the output will consist of three pages. The first page displays the first 10 resources, each with its 10 tags. The second page displays the next 10 resources, each with its 10 tags. The third page displays the remaining 2 resources, each with its 10 tags.
You can set TagsPerPage to a minimum of 100 items up to a maximum of 500 items.
Specifies the resource types that you want included in the response. The format of each resource type is service[:resourceType] . For example, specifying a resource type of ec2 returns all Amazon EC2 resources (which includes EC2 instances). Specifying a resource type of ec2:instance returns only EC2 instances.
The string for each service name and resource type is the same as that embedded in a resource's Amazon Resource Name (ARN). Consult the AWS General Reference for the following:
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces .
You can specify multiple resource types by using an array. The array can include up to 100 items. Note that the length constraint requirement applies to each resource type filter.
Specifies whether to exclude resources that are compliant with the tag policy. Set this to true if you are interested in retrieving information on noncompliant resources only.
You can use this parameter only if the IncludeComplianceDetails parameter is also set to true .
Specifies a list of ARNs of resources for which you want to retrieve tag data. You can't specify both this parameter and any of the pagination parameters (ResourcesPerPage , TagsPerPage , PaginationToken ) in the same request. If you specify both, you get an Invalid Parameter exception.
If a resource specified by this parameter doesn't exist, it doesn't generate an error; it simply isn't included in the response.
An ARN (Amazon Resource Name) uniquely identifies a resource. For more information, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference .
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'ResourceTagMappingList': [
{
'ResourceARN': 'string',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
],
'ComplianceDetails': {
'NoncompliantKeys': [
'string',
],
'KeysWithNoncompliantValues': [
'string',
],
'ComplianceStatus': True|False
}
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
ResourceTagMappingList (list) --
A list of resource ARNs and the tags (keys and values) associated with those ARNs.
(dict) --
A list of resource ARNs and the tags (keys and values) that are associated with each.
ResourceARN (string) --
The ARN of the resource.
Tags (list) --
The tags that have been applied to one or more AWS resources.
(dict) --
The metadata that you apply to AWS resources to help you categorize and organize them. Each tag consists of a key and a value, both of which you define. For more information, see Tagging AWS Resources in the AWS General Reference .
Key (string) --
One part of a key-value pair that makes up a tag. A key is a general label that acts like a category for more specific tag values.
Value (string) --
One part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key). The value can be empty or null.
ComplianceDetails (dict) --
Information that shows whether a resource is compliant with the effective tag policy, including details on any noncompliant tag keys.
NoncompliantKeys (list) --
These tag keys on the resource are noncompliant with the effective tag policy.
KeysWithNoncompliantValues (list) --
These are keys defined in the effective policy that are on the resource with either incorrect case treatment or noncompliant values.
ComplianceStatus (boolean) --
Whether a resource is compliant with the effective tag policy.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('get_tag_keys')
Creates an iterator that will paginate through responses from ResourceGroupsTaggingAPI.Client.get_tag_keys().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
PaginationConfig={
'MaxItems': 123,
'StartingToken': 'string'
}
)
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
A token to specify where to start paginating. This is the NextToken from a previous response.
{
'TagKeys': [
'string',
],
'NextToken': 'string'
}
Response Structure
A list of all tag keys in the AWS account.
A token to resume pagination.
paginator = client.get_paginator('get_tag_values')
Creates an iterator that will paginate through responses from ResourceGroupsTaggingAPI.Client.get_tag_values().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
Key='string',
PaginationConfig={
'MaxItems': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
Specifies the tag key for which you want to list all existing values that are currently used in the specified AWS Region for the calling AWS account.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'TagValues': [
'string',
],
'NextToken': 'string'
}
Response Structure
(dict) --
TagValues (list) --
A list of all tag values for the specified key currently used in the specified AWS Region for the calling AWS account.
NextToken (string) --
A token to resume pagination.