When you sign in to your organization's management account, you can add tags to the resources in your organization.
Adding tags to a resource when you create it
Minimum permissions
To add tags to a resource when you create it, you need the following permissions:
-
Permission to create a resource of the specified type
-
organizations:TagResource -
organizations:ListTagsForResource– required only when using the Organizations console
You can include tag keys and values that are attached to the following resources as you create them.
-
AWS account
-
Policy
The organization root is created when you initially create the organization, so you can only add tags to it as an existing resource.
Adding or updating tags for an existing
resource
You can also add new tags or update the values of tags attached to existing resources.
Minimum permissions
To add or update tags to resources in your organization, you need the following permissions:
-
organizations:TagResource -
organizations:ListTagsForResource– required only when using the Organizations console
To remove tags from resources in your organization, you need the following permissions:
-
organizations:UntagResource
To add, update, or remove tags for an existing resource
-
Sign in to the AWS Organizations console
. You must sign in as an IAM user, assume an IAM role, or sign in as the root user (not recommended) in the organization’s management account. -
Navigate to and choose the account, Root, OU, or policy, and click on its name to open its detail page.
-
On the Tags tab, choose Manage tags.
-
You can add new tags, modify the values of existing tags, or remove tags.
To add a tag, choose Add tag, and then enter a Key and, optionally, a Value for the tag.
To remove a tag, choose Remove.
Tag keys and values are case sensitive. Use the capitalization that you want to standardize on. You must also comply with the requirements of any tag policies that apply.
-
Repeat the previous step as many times as you need.
-
Choose Save changes.
