Service quotas for Resource Groups AWS managed policies available for use with AWS Resource Groups

AWS Resource Groups Reference

Use the topics in this section to find reference information for various aspects of AWS Resource Groups.

Service quotas for Resource Groups

Name	Default	Adjustable	Description
Resource groups per account	Each supported Region: 100	Yes	The maximum number of resource groups that you can create in this account. A resource group is a collection of AWS resources that match a specific criteria.

Note

You can request changes to quotas marked as adjustable by using the AWS Resource Groups page in the Service Quotas console.

AWS managed policies available for use with AWS Resource Groups

AWS-managed IAM permission policies enable you to grant pre-configured permissions to the IAM principals, such as roles and users, in your account. AWS managed policies are tested and adhere to best practice recommendations, so you can reliably use them in the scenarios for which they're define. As new resource types are supported as members of resource groups, and as new resource types support tagging, AWS automatically updates these policies to support them. You don't need to do anything.

The following table lists the AWS-managed IAM permission policies available for you to use to grant permissions to AWS Resource Groups.

Policy name and ARN Description

Policy name and ARN	Description
AWSResourceGroupsReadOnlyAccess `arn:aws:iam::aws:policy/AWSResourceGroupsReadOnlyAccess`	Grants read-only access to the AWS Resource Groups management console. It includes permission to view the details of a resource, including the list of attached tags. This policy doesn't grant permission to make any changes to resource groups or tags.
ResourceGroupsandTagEditorReadOnlyAccess `arn:aws:iam::aws:policy/ResourceGroupsandTagEditorReadOnlyAccess`	Grants read-only access to the AWS Resource Groups management console, including the Tag Editor. It includes permission to view the details of a resource, including its tags. You can use the Tag Editor to view resources that match tag queries. This policy doesn't grant permission to make any changes to resource groups or tags.
ResourceGroupsandTagEditorFullAccess `arn:aws:iam::aws:policy/ResourceGroupsandTagEditorFullAccess`	Grants full administrative access to the AWS Resource Groups management console. It includes permissions to view, create, and modify resource groups. It also includes permissions to view, set, and modify tags for any resources that are supported by Tag Editor.

AWSResourceGroupsReadOnlyAccess

arn:aws:iam::aws:policy/AWSResourceGroupsReadOnlyAccess

Grants read-only access to the AWS Resource Groups management console. It includes permission to view the details of a resource, including the list of attached tags. This policy doesn't grant permission to make any changes to resource groups or tags.

ResourceGroupsandTagEditorReadOnlyAccess

arn:aws:iam::aws:policy/ResourceGroupsandTagEditorReadOnlyAccess

Grants read-only access to the AWS Resource Groups management console, including the Tag Editor. It includes permission to view the details of a resource, including its tags. You can use the Tag Editor to view resources that match tag queries. This policy doesn't grant permission to make any changes to resource groups or tags.

ResourceGroupsandTagEditorFullAccess

arn:aws:iam::aws:policy/ResourceGroupsandTagEditorFullAccess

Grants full administrative access to the AWS Resource Groups management console. It includes permissions to view, create, and modify resource groups. It also includes permissions to view, set, and modify tags for any resources that are supported by Tag Editor.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Service quotas

Document history