Table Of Contents


User Guide

First time using the AWS CLI? See the User Guide for help getting started.

Note: You are viewing the documentation for an older major version of the AWS CLI (version 1).

AWS CLI version 2, the latest major version of AWS CLI, is now stable and recommended for general use. To view this page for the AWS CLI version 2, click here. For more information see the AWS CLI version 2 installation instructions and migration guide.

[ aws . resourcegroupstaggingapi ]



Returns all the tagged or previously tagged resources that are located in the specified Region for the AWS account.

Depending on what information you want returned, you can also specify the following:

  • Filters that specify what tags and resource types you want returned. The response includes all tags that are associated with the requested resources.
  • Information about compliance with the account's effective tag policy. For more information on tag policies, see Tag Policies in the AWS Organizations User Guide.


You can check the PaginationToken response parameter to determine if a query is complete. Queries occasionally return fewer results on a page than allowed. The PaginationToken response parameter value is null only when there are no more results to display.

See also: AWS API Documentation

See 'aws help' for descriptions of global parameters.

get-resources is a paginated operation. Multiple API calls may be issued in order to retrieve the entire data set of results. You can disable pagination by providing the --no-paginate argument. When using --output text and the --query argument on a paginated response, the --query argument must extract data from the results of the following query expressions: ResourceTagMappingList


[--tag-filters <value>]
[--tags-per-page <value>]
[--resource-type-filters <value>]
[--include-compliance-details | --no-include-compliance-details]
[--exclude-compliant-resources | --no-exclude-compliant-resources]
[--cli-input-json <value>]
[--starting-token <value>]
[--page-size <value>]
[--max-items <value>]
[--generate-cli-skeleton <value>]


--tag-filters (list)

A list of TagFilters (keys and values). Each TagFilter specified must contain a key with values as optional. A request can include up to 50 keys, and each key can include up to 20 values.

Note the following when deciding how to use TagFilters:

  • If you do specify a TagFilter, the response returns only those resources that are currently associated with the specified tag.
  • If you don't specify a TagFilter, the response includes all resources that were ever associated with tags. Resources that currently don't have associated tags are shown with an empty tag set, like this: "Tags": [] .
  • If you specify more than one filter in a single request, the response returns only those resources that satisfy all specified filters.
  • If you specify a filter that contains more than one value for a key, the response returns resources that match any of the specified values for that key.
  • If you don't specify any values for a key, the response returns resources that are tagged with that key irrespective of the value. For example, for filters: filter1 = {key1, {value1}}, filter2 = {key2, {value2,value3,value4}} , filter3 = {key3}:
    • GetResources( {filter1} ) returns resources tagged with key1=value1
    • GetResources( {filter2} ) returns resources tagged with key2=value2 or key2=value3 or key2=value4
    • GetResources( {filter3} ) returns resources tagged with any tag containing key3 as its tag key, irrespective of its value
    • GetResources( {filter1,filter2,filter3} ) returns resources tagged with ( key1=value1) and ( key2=value2 or key2=value3 or key2=value4) and (key3, irrespective of the value)

Shorthand Syntax:

Key=string,Values=string,string ...

JSON Syntax:

    "Key": "string",
    "Values": ["string", ...]

--tags-per-page (integer)

AWS recommends using ResourcesPerPage instead of this parameter.

A limit that restricts the number of tags (key and value pairs) returned by GetResources in paginated output. A resource with no tags is counted as having one tag (one key and value pair).

GetResources does not split a resource and its associated tags across pages. If the specified TagsPerPage would cause such a break, a PaginationToken is returned in place of the affected resource and its tags. Use that token in another request to get the remaining data. For example, if you specify a TagsPerPage of 100 and the account has 22 resources with 10 tags each (meaning that each resource has 10 key and value pairs), the output will consist of three pages. The first page displays the first 10 resources, each with its 10 tags. The second page displays the next 10 resources, each with its 10 tags. The third page displays the remaining 2 resources, each with its 10 tags.

You can set TagsPerPage to a minimum of 100 items and the maximum of 500 items.

--resource-type-filters (list)

The constraints on the resources that you want returned. The format of each resource type is service[:resourceType] . For example, specifying a resource type of ec2 returns all Amazon EC2 resources (which includes EC2 instances). Specifying a resource type of ec2:instance returns only EC2 instances.

The string for each service name and resource type is the same as that embedded in a resource's Amazon Resource Name (ARN). Consult the AWS General Reference for the following:

You can specify multiple resource types by using an array. The array can include up to 100 items. Note that the length constraint requirement applies to each resource type filter.


"string" "string" ...

--include-compliance-details | --no-include-compliance-details (boolean)

Specifies whether to include details regarding the compliance with the effective tag policy. Set this to true to determine whether resources are compliant with the tag policy and to get details.

--exclude-compliant-resources | --no-exclude-compliant-resources (boolean)

Specifies whether to exclude resources that are compliant with the tag policy. Set this to true if you are interested in retrieving information on noncompliant resources only.

You can use this parameter only if the IncludeComplianceDetails parameter is also set to true .

--cli-input-json (string) Performs service operation based on the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally.

--starting-token (string)

A token to specify where to start paginating. This is the NextToken from a previously truncated response.

For usage examples, see Pagination in the AWS Command Line Interface User Guide .

--page-size (integer)

The size of each page to get in the AWS service call. This does not affect the number of items returned in the command's output. Setting a smaller page size results in more calls to the AWS service, retrieving fewer items in each call. This can help prevent the AWS service calls from timing out.

For usage examples, see Pagination in the AWS Command Line Interface User Guide .

--max-items (integer)

The total number of items to return in the command's output. If the total number of items available is more than the value specified, a NextToken is provided in the command's output. To resume pagination, provide the NextToken value in the starting-token argument of a subsequent command. Do not use the NextToken response element directly outside of the AWS CLI.

For usage examples, see Pagination in the AWS Command Line Interface User Guide .

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

See 'aws help' for descriptions of global parameters.


To get a list of tagged resources

The following get-resources example displays a list of resources in the account that are tagged with the specified key name and value.

aws resourcegroupstaggingapi get-resources \
    --tag-filters Key=Environment,Values=Production \
    --tags-per-page 100


    "ResourceTagMappingList": [
            "ResourceARN": " arn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-7sbz2Kz0",
            "Tags": [
                    "Key": "Environment",
                    "Value": "Production"

For more information, see GetResources in the Resource Groups Tagging API Reference.


PaginationToken -> (string)

A string that indicates that the response contains more data than can be returned in a single response. To receive additional data, specify this string for the PaginationToken value in a subsequent request.

ResourceTagMappingList -> (list)

A list of resource ARNs and the tags (keys and values) associated with each.


A list of resource ARNs and the tags (keys and values) that are associated with each.

ResourceARN -> (string)

The ARN of the resource.

Tags -> (list)

The tags that have been applied to one or more AWS resources.


The metadata that you apply to AWS resources to help you categorize and organize them. Each tag consists of a key and a value, both of which you define. For more information, see Tagging AWS Resources in the AWS General Reference .

Key -> (string)

One part of a key-value pair that makes up a tag. A key is a general label that acts like a category for more specific tag values.

Value -> (string)

One part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key). The value can be empty or null.

ComplianceDetails -> (structure)

Information that shows whether a resource is compliant with the effective tag policy, including details on any noncompliant tag keys.

NoncompliantKeys -> (list)

These tag keys on the resource are noncompliant with the effective tag policy.


KeysWithNoncompliantValues -> (list)

These are keys defined in the effective policy that are on the resource with either incorrect case treatment or noncompliant values.


ComplianceStatus -> (boolean)

Whether a resource is compliant with the effective tag policy.