Tag resources - Amazon Bedrock
Use the consoleUse the APIBest practices and restrictions

Tag resources

To help you manage your Amazon Bedrock resources, you can assign metadata to each resource as tags. A tag is a label that you assign to an AWS resource. Each tag consists of a key and a value.

Tags enable you to categorize your AWS resources in different ways, for example, by purpose, owner, or application. Tags help you to do the following:

  • Identify and organize your AWS resources. Many AWS resources support tagging, so you can assign the same tag to resources in different services to indicate that the resources are the same.

  • Allocate costs. You activate tags on the AWS Billing and Cost Management dashboard. AWS uses the tags to categorize your costs and deliver a monthly cost allocation report to you. For more information, see Use cost allocation tags in the AWS Billing and Cost Management User Guide.

  • Control access to your resources. You can use tags with Amazon Bedrock to create policies to control access to Amazon Bedrock resources. These policies can be attached to an IAM role or user to enable tag-based access control.

The Amazon Bedrock resources that you can tag are:

  • Custom models

  • Model customization jobs

  • Provisioned models

  • Batch inference jobs (API only)

  • Agents

  • Agent aliases

  • Knowledge bases

  • Model evaluations (console only)

Use the console

You can add, modify, and remove tags at any time while creating or editing a supported resource.

Use the API

To carry out tagging operations, you need the Amazon Resource Name (ARN) of the resource on which you want to carry out a tagging operation. There are two sets of tagging operations, depending on the resource for which you are adding or managing tags.

  1. The following resources use the Amazon Bedrock TagResource, UntagResource, and ListTagsForResource operations.

    • Custom models

    • Model customization jobs

    • Provisioned models

    • Batch inference jobs

  2. The following resources use the Agents for Amazon Bedrock TagResource, UntagResource, and ListTagsForResource operations.

    • Agents

    • Agent aliases

    • Knowledge bases

To add tags to a resource, send a Amazon Bedrock TagResource or Agents for Amazon Bedrock TagResource request.

To untag a resource, send an UntagResource or UntagResource request.

To list the tags for a resource, send a ListTagsForResource or ListTagsForResource request.

Select a tab to see code examples in an interface or language.

AWS CLI

Add two tags to an agent. Separate key/value pairs with a space.

aws bedrock-agent tag-resource \
    --resource-arn "arn:aws:bedrock:us-east-1:123456789012:agent/AGENT12345" \
    --tags key=department,value=billing key=facing,value=internal

Remove the tags from the agent. Separate keys with a space.

aws bedrock-agent untag-resource \
    --resource-arn "arn:aws:bedrock:us-east-1:123456789012:agent/AGENT12345" \
    --tag-keys key=department facing

List the tags for the agent.

aws bedrock-agent list-tags-for-resource \
    --resource-arn "arn:aws:bedrock:us-east-1:123456789012:agent/AGENT12345"
Python (Boto)

Add two tags to an agent.

import boto3

bedrock = boto3.client(service_name='bedrock-agent')

tags = [
    {
        'key': 'department',
        'value': 'billing'
    },
    {
        'key': 'facing',
        'value': 'internal'
    }
]

bedrock.tag_resource(resourceArn='arn:aws:bedrock:us-east-1:123456789012:agent/AGENT12345', tags=tags)

Remove the tags from the agent.

bedrock.untag_resource(
    resourceArn='arn:aws:bedrock:us-east-1:123456789012:agent/AGENT12345', 
    tagKeys=['department', 'facing']
)

List the tags for the agent.

bedrock.list_tags_for_resource(resourceArn='arn:aws:bedrock:us-east-1:123456789012:agent/AGENT12345')

Best practices and restrictions

For best practices and restrictions on tagging, see Tagging your AWS resources.