Editing tags attached to
organization policies with AWS Organizations
This topic describes how to edit tags attached policies with AWS Organizations. A policy defines
the controls that you want to apply to a group of AWS accounts.
Edit tags attached to a service control policy (SCP)
When you sign in to your organization's management account, you can add or remove the
tags attached to an SCP. For more information about tagging, see Tagging AWS Organizations resources.
To edit the tags attached to an SCP in your organization, you must have the
following permissions:
-
organizations:DescribeOrganization
– required only when using the Organizations console
-
organizations:DescribePolicy
– required only when using the Organizations console
-
organizations:TagResource
-
organizations:UntagResource
- AWS Management Console
-
To edit the tags attached to an SCP
-
Sign in to the AWS Organizations console. You must sign in as an IAM user, assume an IAM role, or
sign in as the root user (not
recommended) in the organization’s management account.
-
On the Service control policies page choose the name of the policy with the
tags that you want to edit.
-
On the policy details page, choose the Tags
tab, and then chooseManage tags.
-
Make any or all of the following changes:
-
Change the value of a tag by entering a new value over the
old one. You can't directly modify the tag key. To change a
key, you must delete the tag with the old key and then add a
tag with the new key.
-
Remove an existing tag by choosing
Remove.
-
Add a new tag key and value pair. Choose Add
tag, then enter the new key name and optional
value in the provided boxes. If you leave the
Value box empty, the value is an
empty string; it isn't null
.
-
When you're finished, choose Save
changes.
- AWS CLI & AWS SDKs
-
To edit the tags attached to an SCP
You can use one of the following commands to edit the tags attached to
an SCP:
Edit tags attached to a resource control policy (RCP)
When you sign in to your organization's management account, you can add or remove the
tags attached to an RCP. For more information about tagging, see Tagging AWS Organizations resources.
To edit the tags attached to an RCP in your AWS organization, you must have the
following permissions:
-
organizations:DescribeOrganization
– required only when using the Organizations console
-
organizations:DescribePolicy
– required only when using the Organizations console
-
organizations:TagResource
-
organizations:UntagResource
- AWS Management Console
-
To edit the tags attached to an RCP
-
Sign in to the AWS Organizations console. You must sign in as an IAM user, assume an IAM role, or
sign in as the root user (not
recommended) in the organization’s management account.
-
On the Resource control policy page, choose
the name of the policy with the tags that you want to edit.
-
On the policy details page, choose the Tags
tab, and then choose Manage tags.
-
Make any or all of the following changes:
-
Change the value of a tag by entering a new value over the
old one. You can't directly modify the tag key. To change a
key, you must delete the tag with the old key and then add a
tag with the new key.
-
Remove an existing tag by choosing
Remove.
-
Add a new tag key and value pair. Choose Add
tag, then enter the new key name and optional
value in the provided boxes. If you leave the
Value box empty, the value is an
empty string; it isn't null
.
-
When you're finished, choose Save
changes.
- AWS CLI & AWS SDKs
-
To edit the tags attached to an RCP
You can use one of the following commands to edit the tags attached to
an RCP:
Editing tags attached to an declarative policy
When you sign in to your organization's management account, you can add or remove the
tags attached to a declarative policy. For more information about tagging, see
Tagging AWS Organizations resources.
To edit the tags attached to a declarative policy in your AWS
organization, you must have the following permissions:
-
organizations:DescribeOrganization
– required only when using the Organizations console
-
organizations:DescribePolicy
– required only when using the Organizations console
-
organizations:TagResource
-
organizations:UntagResource
- AWS Management Console
-
To edit the tags attached to a declarative policy
-
Sign in to the AWS Organizations console. You must sign in as an IAM user, assume an IAM role, or
sign in as the root user (not
recommended) in the organization’s management account.
-
On the
Declarative policies page, choose the name of the policy
with the tags that you want to edit.
-
On the chosen policy's detail page, choose the
Tags tab, and then choose Manage
tags.
-
You can perform any of these actions on this page:
-
Edit the value for any tag by entering a new value over
the old one. You can't modify the key. To change a key, you
must delete the tag with the old key and add a tag with the
new key.
-
Remove an existing tag by choosing
Remove.
-
Add a new tag key and value pair. Choose Add
tag, then enter the new key name and optional
value in the provided boxes. If you leave the
Value box empty, the value is an
empty string; it isn't null
.
-
Choose Save changes after you've made all the
additions, removals, and edits you want to make.
- AWS CLI & AWS SDKs
-
To edit the tags attached to a declarative policy
You can use one of the following commands to edit the tags attached to
a declarative policy:
Edit tags attached to a backup
policy
When you sign in to your organization's management account, you can add or remove the
tags attached to a backup policy. For more information about tagging, see Tagging AWS Organizations resources.
To edit the tags attached to a backup policy in your organization, you must
have the following permissions:
-
organizations:DescribeOrganization
(console only – to
navigate to the policy)
-
organizations:DescribePolicy
(console only – to
navigate to the policy)
-
organizations:TagResource
-
organizations:UntagResource
- AWS Management Console
-
To edit the tags attached to an backup policy
-
Sign in to the AWS Organizations console. You must sign in as an IAM user, assume an IAM role, or
sign in as the root user (not
recommended) in the organization’s management account.
-
Backup policies page
-
Choose the name of the policy with the tags that you want to
edit.
The policy detail page appears.
-
On the Tags tab, choose Manage
tags.
-
You can perform any of these actions on this page:
-
Edit the value for any tag by entering a new value over
the old one. You can't modify the key. To change a key, you
must delete the tag with the old key and add a tag with the
new key.
-
Remove an existing tag by choosing
Remove.
-
Add a new tag key and value pair. Choose Add
tag, then enter the new key name and optional
value in the provided boxes. If you leave the
Value box empty, the value is an
empty string; it isn't null
.
-
Choose Save changes after you've made all the
additions, removals, and edits you want to make.
- AWS CLI & AWS SDKs
-
To edit the tags attached to a backup policy
You can use one of the following commands to edit the tags attached to
a backup policy:
Edit tags attached to a tag policy
When you sign in to your organization's management account, you can add or remove the
tags attached to a tag policy. To do this, complete the following steps.
To edit the tags attached to a tag policy in your organization, you must
have the following permissions:
-
organizations:DescribeOrganization
(console only – to
navigate to the policy)
-
organizations:DescribePolicy
(console only – to
navigate to the policy)
-
organizations:TagResource
-
organizations:UntagResource
- AWS Management Console
-
To edit the tags attached to a tag policy
-
Sign in to the AWS Organizations console. You must sign in as an IAM user, assume an IAM role, or
sign in as the root user (not
recommended) in the organization’s management account.
-
On the Tag policies page page, choose the
name of the policy with the tags that you want to edit.
-
On the chosen policy's detail page, choose the
Tags tab, and then choose Manage
tags.
-
You can perform any of these actions on this page:
-
Edit the value for any tag by entering a new value over
the old one. You can't modify the key. To change a key, you
must delete the tag with the old key and add a tag with the
new key.
-
Remove an existing tag by choosing
Remove.
-
Add a new tag key and value pair. Choose Add
tag, then enter the new key name and optional
value in the provided boxes. If you leave the
Value box empty, the value is an
empty string; it isn't null
.
-
Choose Save changes after you've made all the
additions, removals, and edits you want to make.
- AWS CLI & AWS SDKs
-
To edit the tags attached to a tag policy
You can use one of the following commands to edit the tags attached to
a tag policy:
Edit tags attached to a chatbot policy
When you sign in to your organization's management account, you can add or remove the
tags attached to a chatbot policy. To do this, complete the following steps.
To edit the tags attached to a chatbot policy in your organization, you must
have the following permissions:
-
organizations:DescribeOrganization
(console only – to
navigate to the policy)
-
organizations:DescribePolicy
(console only – to
navigate to the policy)
-
organizations:TagResource
-
organizations:UntagResource
- AWS Management Console
-
To edit the tags attached to an chatbot policy
-
Sign in to the AWS Organizations console. You must sign in as an IAM user, assume an IAM role, or
sign in as the root user (not
recommended) in the organization’s management account.
-
On the Chatbot policies page page, choose the
name of the policy with the tags that you want to edit.
-
On the chosen policy's detail page, choose the
Tags tab, and then choose Manage
tags.
-
You can perform any of these actions on this page:
-
Edit the value for any tag by entering a new value over
the old one. You can't modify the key. To change a key, you
must delete the tag with the old key and add a tag with the
new key.
-
Remove an existing tag by choosing
Remove.
-
Add a new tag key and value pair. Choose Add
tag, then enter the new key name and optional
value in the provided boxes. If you leave the
Value box empty, the value is an
empty string; it isn't null
.
-
Choose Save changes after you've made all the
additions, removals, and edits you want to make.
- AWS CLI & AWS SDKs
-
To edit the tags attached to a chatbot policy
You can use one of the following commands to edit the tags attached to
a chatbot policy:
Edit tags attached to an AI
services opt-out policy
When you sign in to your organization's management account, you can add or remove the
tags attached to an AI services opt-out policy. For more information about tagging, see
Tagging AWS Organizations resources.
To edit the tags attached to an AI services opt-out policy in your organization, you must have the following permissions:
-
organizations:DescribeOrganization
– required only when using the Organizations console
-
organizations:DescribePolicy
– required only when using the Organizations console
-
organizations:TagResource
-
organizations:UntagResource
- AWS Management Console
-
To edit the tags attached to an AI services opt-out policy
-
Sign in to the AWS Organizations console. You must sign in as an IAM user, assume an IAM role, or
sign in as the root user (not
recommended) in the organization’s management account.
-
On the AI services opt-out policies page, choose the name of the policy
with the tags that you want to edit.
-
On the chosen policy's detail page, choose the
Tags tab, and then choose Manage
tags.
-
You can perform any of these actions on this page:
-
Edit the value for any tag by entering a new value over
the old one. You can't modify the key. To change a key, you
must delete the tag with the old key and add a tag with the
new key.
-
Remove an existing tag by choosing
Remove.
-
Add a new tag key and value pair. Choose Add
tag, then enter the new key name and optional
value in the provided boxes. If you leave the
Value box empty, the value is an
empty string; it isn't null
.
-
Choose Save changes after you've made all the
additions, removals, and edits you want to make.
- AWS CLI & AWS SDKs
-
To edit the tags attached to a AI services opt-out policy
You can use one of the following commands to edit the tags attached to
a AI services opt-out policy: