Tag a new or existing EC2 Fleet request and the instances and volumes it launches
To help categorize and manage your EC2 Fleet requests and the instances and volumes that it launches, you can tag them with custom metadata. You can assign a tag to an EC2 Fleet request when you create it, or afterward. Similarly, you can assign a tag to the instances and volumes when they're launched by the fleet, or afterward.
When you tag a fleet request, the instances and volumes that are launched by the fleet are not automatically tagged. You need to explicitly tag the instances and volumes launched by the fleet. You can choose to assign tags to only the fleet request, or to only the instances launched by the fleet, or to only the volumes attached to the instances launched by the fleet, or to all of them.
Note
For instant fleet types, you can tag volumes that are attached to
On-Demand Instances and Spot Instances. For request or maintain fleet types, you
can only tag volumes that are attached to On-Demand Instances.
For more information about how tags work, see Tag your Amazon EC2 resources.
Prerequisite
Grant the user the permission to tag resources. For more information, see Example: Tag resources.
To grant a user the permission to tag resources
Create a IAM policy that includes the following:
-
The
ec2:CreateTagsaction. This grants the user permission to create tags. -
The
ec2:CreateFleetaction. This grants the user permission to create an EC2 Fleet request. -
For
Resource, we recommend that you specify"*". This allows users to tag all resource types.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "TagEC2FleetRequest", "Effect": "Allow", "Action": [ "ec2:CreateTags", "ec2:CreateFleet" ], "Resource": "*" }
Important
We currently do not support resource-level permissions for the
create-fleet resource. If you specify create-fleet as
a resource, you will get an unauthorized exception when you try to tag the fleet.
The following example illustrates how not to set
the policy.
{ "Effect": "Allow", "Action": [ "ec2:CreateTags", "ec2:CreateFleet" ], "Resource": "arn:aws:ec2:us-east-1:111122223333:create-fleet/*" }
To provide access, add permissions to your users, groups, or roles:
-
Users and groups in AWS IAM Identity Center:
Create a permission set. Follow the instructions in Create a permission set in the AWS IAM Identity Center User Guide.
-
Users managed in IAM through an identity provider:
Create a role for identity federation. Follow the instructions in Create a role for a third-party identity provider (federation) in the IAM User Guide.
-
IAM users:
-
Create a role that your user can assume. Follow the instructions in Create a role for an IAM user in the IAM User Guide.
-
(Not recommended) Attach a policy directly to a user or add a user to a user group. Follow the instructions in Adding permissions to a user (console) in the IAM User Guide.
-
To tag a new EC2 Fleet request
To tag an EC2 Fleet request when you create it, specify the key-value pair in the JSON file used to create the fleet. The
value for ResourceType must be fleet. If you specify
another value, the fleet request fails.
To tag instances and volumes launched by an EC2 Fleet
To tag instances and volumes when they are launched by the fleet, specify the tags in the launch template that is referenced in the EC2 Fleet request.
Note
You can't tag volumes attached to Spot Instances that are launched by a
request or maintain fleet type.
To tag an existing EC2 Fleet request, instance, and volume
Use the create-tags command to tag existing resources.
aws ec2 create-tags \ --resourcesfleet-12a34b55-67cd-8ef9-ba9b-9208dEXAMPLEi-1234567890abcdef0vol-1234567890EXAMPLE\ --tags Key=purpose,Value=test
