Tagging keys

In AWS KMS, you can add tags to a customer managed key when you create the KMS key, and tag or untag existing KMS keys unless they are pending deletion. You cannot tag aliases, custom key stores, AWS managed keys, AWS owned keys, or KMS keys in other AWS accounts. Tags are optional, but they can be very useful.

For more information, see Creating keys and Editing keys. For general information about tags, including best practices, tagging strategies, and the format and syntax of tags, see Tagging AWS resources in the Amazon Web Services General Reference.

Topics

About tags in AWS KMS
Managing KMS key tags in the console
Managing KMS key tags with API operations
Controlling access to tags
Using tags to control access to KMS keys

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Editing keys

About tags in AWS KMS