Use TagResource with an AWS SDK or CLI
The following code examples show how to use TagResource.
Action examples are code excerpts from larger programs and must be run in context. You can see this action in context in the following code example:
- CLI
-
- AWS CLI
-
To add a tag to a KMS key
The following
tag-resourceexample adds"Purpose":"Test"and"Dept":"IT"tags to a customer managed KMS key. You can use tags like these to label KMS keys and create categories of KMS keys for permissions and auditing.To specify the KMS key, use the
key-idparameter. This example uses a key ID value, but you can use a key ID or key ARN in this command.aws kms tag-resource \ --key-id1234abcd-12ab-34cd-56ef-1234567890ab\ --tags TagKey='Purpose',TagValue='Test' TagKey='Dept',TagValue='IT'This command produces no output. To view the tags on an AWS KMS KMS key, use the
list-resource-tagscommand.For more information about using tags in AWS KMS, see Tagging keys in the AWS Key Management Service Developer Guide.
-
For API details, see TagResource
in AWS CLI Command Reference.
-
- Java
-
- SDK for Java 2.x
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. /** * Asynchronously tags a KMS key with a specific tag. * * @param keyId the ID of the KMS key to be tagged * @return a {@link CompletableFuture} that completes when the tagging operation is finished */ public CompletableFuture<Void> tagKMSKeyAsync(String keyId) { Tag tag = Tag.builder() .tagKey("Environment") .tagValue("Production") .build(); TagResourceRequest tagResourceRequest = TagResourceRequest.builder() .keyId(keyId) .tags(tag) .build(); return getAsyncClient().tagResource(tagResourceRequest) .thenRun(() -> { logger.info("{} key was tagged", keyId); }) .exceptionally(throwable -> { throw new RuntimeException("Failed to tag the KMS key", throwable); }); }-
For API details, see TagResource in AWS SDK for Java 2.x API Reference.
-
- PHP
-
- SDK for PHP
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. /*** * @param string $keyId * @param array $tags * @return void */ public function tagResource(string $keyId, array $tags) { try { $this->client->tagResource([ 'KeyId' => $keyId, 'Tags' => $tags, ]); }catch(KmsException $caught){ echo "There was a problem applying the tag(s): {$caught->getAwsErrorMessage()}\n"; throw $caught; } }-
For API details, see TagResource in AWS SDK for PHP API Reference.
-
- Python
-
- SDK for Python (Boto3)
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. class KeyManager: def __init__(self, kms_client): self.kms_client = kms_client self.created_keys = [] @classmethod def from_client(cls) -> "KeyManager": """ Creates a KeyManager instance with a default KMS client. :return: An instance of KeyManager initialized with the default KMS client. """ kms_client = boto3.client("kms") return cls(kms_client) def tag_resource(self, key_id: str, tag_key: str, tag_value: str) -> None: """ Add or edit tags on a customer managed key. :param key_id: The ARN or ID of the key to enable rotation for. :param tag_key: Key for the tag. :param tag_value: Value for the tag. """ try: self.kms_client.tag_resource( KeyId=key_id, Tags=[{"TagKey": tag_key, "TagValue": tag_value}] ) except ClientError as err: logging.error( "Couldn't add a tag for the key '%s'. Here's why: %s", key_id, err.response["Error"]["Message"], ) raise-
For API details, see TagResource in AWS SDK for Python (Boto3) API Reference.
-
For a complete list of AWS SDK developer guides and code examples, see Using this service with an AWS SDK. This topic also includes information about getting started and details about previous SDK versions.
