AWS Resource Groups and Tagging Reference - AWS Resource Groups and Tags

AWS Resource Groups and Tagging Reference

Use the topics in this section to find reference information for various aspects of AWS Resource Groups.

Service quotas for Resource Groups

Name Default Adjustable Description
Resource groups per account Each supported Region: 100 Yes The maximum number of resource groups that you can create in this account. A resource group is a collection of AWS resources that match a specific criteria.
Note

You can request changes to quotas marked as adjustable by using the AWS Resource Groups page in the Service Quotas console.

Service quotas for Tagging (Tag Editor and Resource Groups Tagging API)

Name Default

Tags attached per resource

50 user created tags (AWS created tags don't count against this limit)

Tag key name

Minimum of 1, maximum 128 Unicode characters in UTF-8.

Allowed characters include: letters, numbers, spaces, and the following characters:

_ . : / = + - @

Key names can't begin with aws: because that is reserved.

Note

Some AWS services have some additional character or length restrictions. For details, see the documentation for the specific service.

Tag values

Minimum of 0, maximum of 256 Unicode characters in UTF-8.

Allowed characters include: letters, numbers, spaces, and the following characters:

_ . : / = + - @

Note

Some AWS services have some additional character or length restrictions. For details, see the documentation for the specific service.

Rate of calling the GetResources API operation

Maximum of 15 calls per second

Rate of calling the following API operations:

Maximum of 5 calls per second

Note

These limits are currently not adjustable using the Service Quotas console. Contact AWS Support.

AWS managed policies available for use with AWS Resource Groups and Tag Editor

AWS-managed IAM permission policies enable you to grant pre-configured permissions to the IAM users and roles in your account. AWS managed policies are tested and adhere to best practice recommendations, so you can reliably use them in the scenarios for which they're define. As new resource types are supported as members of resource groups, and as new resource types support tagging, AWS automically updates these policies to support them. You don't need to do anything.

The following table lists the AWS-managed IAM permission policies available for you to use to grant permissions to AWS Resource Groups.

Policy name and ARN Description

AWSResourceGroupsReadOnlyAccess

arn:aws:iam::aws:policy/AWSResourceGroupsReadOnlyAccess

Grants read-only access to the AWS Resource Groups management console. It includes permission to view the details of a resource, including the list of attached tags. This policy doesn't grant permission to make any changes to resource groups or tags.

ResourceGroupsandTagEditorReadOnlyAccess

arn:aws:iam::aws:policy/ResourceGroupsandTagEditorReadOnlyAccess

Grants read-only access to the AWS Resource Groups management console, including the Tag Editor. It includes permission to view the details of a resource, including its tags. You can use the Tag Editor to view resources that match tag queries. This policy doesn't grant permission to make any changes to resource groups or tags.

ResourceGroupsandTagEditorFullAccess

arn:aws:iam::aws:policy/ResourceGroupsandTagEditorFullAccess

Grants full administrative access to the AWS Resource Groups management console. It includes permissions to view, create, and modify resource groups. It also includes permissions to view, set, and modify tags for any resources that are supported by Tag Editor.