TagResource - AWS Key Management Service


The following example shows an AWS CloudTrail log entry of a call to the TagResource operation to add a tag with a tag key of Department and a tag value of IT.

For an example of an UntagResource CloudTrail log entry that is written when the key is rotated, see UntagResource. For information about tagging AWS KMS keys, see Tagging keys.

{ "eventVersion": "1.05", "userIdentity": { "type": "IAMUser", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::111122223333:user/Alice", "accountId": "111122223333", "accessKeyId": "EXAMPLE_KEY_ID", "userName": "Alice" }, "eventTime": "2020-07-01T21:19:25Z", "eventSource": "kms.amazonaws.com", "eventName": "TagResource", "awsRegion": "us-west-2", "sourceIPAddress": "", "userAgent": "AWS Internal", "requestParameters": { "keyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", "tags": [ { "tagKey": "Department", "tagValue": "IT" } ] }, "responseElements": null, "requestID": "b942584a-f77d-4787-9feb-b9c5be6e746d", "eventID": "0a091b9b-0df5-4cf9-b667-6f2879532b8f", "readOnly": false, "resources": [ { "accountId": "111122223333", "type": "AWS::KMS::Key", "ARN": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" } ], "eventType": "AwsApiCall", "recipientAccountId": "111122223333" }