Alarms and tagging

Tags are key-value pairs that can help you organize and categorize your resources. You can also use them to scope user permissions by granting a user permission to access or change only resources with certain tag values. For more general information about tagging resources, see Tagging your AWS resources

The following list explains some details about how tagging works with CloudWatch alarms.

To be able to set or update tags for a CloudWatch resource, you must be signed on to an account that has the cloudwatch:TagResource permission. For example, to create an alarm and set tags for it, you must have the cloudwatch:TagResource permission in addition to the the cloudwatch:PutMetricAlarm permission. We recommend that you make sure anyone in your organization who will create or update CloudWatch resources has the cloudwatch:TagResource permission.
Tags can be used for tag-based authorization control. For example, IAM user or role permissions can include conditions to limit CloudWatch calls to specific resources based on their tags. However, keep in mind the following
- Tags with names that start with aws: can't be used for tag-based authorization control.
- Composite alarms do not support tag-based authorization control.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Create alarms to stop, terminate, reboot, or recover an EC2 instance

Auditing telemetry configurations