Amazon Forecast is no longer available to new customers. Existing customers of
Amazon Forecast can continue to use the service as normal.
Learn more"
Tagging Amazon Forecast Resources
A tag is a label that you optionally define and associate with AWS resources, including certain types of Amazon Forecast resources. Tags can help you categorize and manage resources in different ways, such as by purpose, owner, environment, or other criteria. For example, you can use tags to apply policies or automation, or to identify resources that are subject to certain compliance requirements. You can add tags to the following types of Forecast resources:
-
Dataset groups
-
Datasets
-
Dataset import jobs
-
Predictors
-
Predictor export jobs
-
Forecasts
-
Forecast export jobs
-
What-if Analyses
-
What-if Forecasts
-
What-if Forecast export jobs
A resource can have as many as 50 tags.
Managing Tags
Each tag consists of a required tag key and an optional tag value, both of which you define. A tag key is a general label that acts as a category for more specific tag values. A tag value acts as a descriptor for a tag key. For example, if you have two versions of a Forecast dataset import job (one for internal testing and another for production), you might assign an Environment
tag key to both projects. The value of the Environment
tag key might be Test
for one version of the dataset import job and Production
for the other version.
A tag key can contain as many as 128 characters. A tag value can contain as many as 256 characters. The characters can be Unicode letters, numbers, white space, or one of the following symbols: _ . : / = + -. The following additional restrictions apply to tags:
-
Tag keys and values are case sensitive.
-
For each associated resource, each tag key must be unique and it can have only one value.
-
Do not use
aws:
,AWS:
, or any upper or lowercase combination of such as a prefix for keys, because it is reserved for AWS use. You cannot edit or delete tag keys with this prefix. Values can have this prefix. If a tag value hasaws
as its prefix but the key does not, then Forecast considers it to be a user tag and will count against the limit of 50 tags. Tags with only the key prefix ofaws
do not count against your tags per resource limit. -
You can't update or delete a resource based only on its tags. You must also specify the Amazon Resource Name (ARN) or resource ID, depending on the operation that you use.
-
You can associate tags with public or shared resources. However, the tags are available only for your AWS account, not any other accounts that share the resource. In addition, the tags are available only for resources that are located in the specified AWS Region for your AWS account.
To add, display, update, and remove tag keys and values from Forecast resources, you can use the AWS Command Line Interface (AWS CLI), the Forecast API, or an AWS SDK.
Using Tags in IAM Policies
After you start implementing tags, you can apply tag-based, resource-level permissions to AWS Identity and Access Management (IAM) policies and API operations. This includes operations that support adding tags to resources when resources are created. By using tags in this way, you can implement granular control of which groups and users in your AWS account have permission to create and tag resources, and which groups and users have permission to create, update, and remove tags more generally.
For example, you can create a policy that allows a user to have full access to all of the
Forecast resources where their name is a value in the Owner
tag for the
resource.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "ModifyResourceIfOwner", "Effect": "Allow", "Action": "forecast:*", "Resource": "*", "Condition": { "StringEqualsIgnoreCase": { "aws:ResourceTag/Owner": "${aws:username}" } } } ] }
The following example shows how to create a policy to allow creating and deleting a
dataset. These operations are allowed only if the user name is johndoe
.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "forecast:CreateDataset", "forecast:DeleteDataset" ], "Resource": "arn:aws:forecast:*:*:dataset/*", "Condition": { "StringEquals": {"aws:username" : "johndoe"} } }, { "Effect": "Allow", "Action": "forecast:DescribeDataset", "Resource": "*" } ] }
If you define tag-based, resource-level permissions, the permissions take effect immediately. This means that your resources are more secure as soon as they're created, and you can quickly start enforcing the use of tags for new resources. You can also use resource-level permissions to control which tag keys and values can be associated with new and existing resources. For more information, see Controlling Access Using Tags in the AWS IAM User Guide.
Adding Tags to Resources
The following examples show how to add a tag to Forecast resources by using the AWS CLI and the AWS Management Console.
Additional Information
For more information about tagging, see the following resources.
-
AWS Tagging Principles in the AWS General Reference
-
AWS Tagging Strategies
(downloadable PDF) -
AWS Access Control in the AWS IAM User Guide
-
AWS Tagging Policies in the AWS Organizations User Guide