Using tags on AWS Lambda functions - AWS Lambda

Using tags on AWS Lambda functions

You can tag Lambda functions to organize them by owner, project or department. Tags are freeform key-value pairs that are supported across AWS services for use in filtering resources and adding detail to billing reports.

Using tags with the Lambda console

You can use the console to add tags to existing functions and to filter functions by the tags that you add.

Adding tags to a function

To add tags to a function (console)

  1. Grant appropriate permissions to the IAM identity (user, group, or role) for the person working with the function:

    • lambda:ListTags—When a function has tags, grant this permission to anyone who needs to view the function.

    • lambda:TagResource—Grant this permission to anyone who needs to add tags to a function.

    For more information, see Identity-based IAM policies for Lambda.

  2. Open the Functions page on the Lambda console.

  3. Choose a function.

  4. Choose Configuration and then choose Tags.

  5. Under Tags, choose Manage tags.

  6. Enter a key and value. To add additional tags, choose Add new tag.

    Make sure that any tags you use conform to the tag requirements.

    
              Tagging a function in the Lambda console.
  7. Choose Save.

Filtering functions by tag

You can filter functions based on the presence or value of a tag with the Lambda console or with the AWS Resource Groups API.

Tags apply at the function level, not to versions or aliases. Tags are not part of the version-specific configuration that is snapshotted when you publish a version.

To filter functions with tags (console)

  1. Make sure that you have the permissions you need:

    • lambda:ListTags grants permission to view functions that have tags.

    • lambda:TagResource grants permission to add tags to a function.

  2. Open the Functions page on the Lambda console.

  3. Click within the search bar to see a list of function attributes and tag keys.

    
              Tags in the function search bar.
  4. Choose a tag key to see a list of values that are in-use in the current region.

  5. Choose a value to see functions with that value, or choose (all values) to see all functions that have a tag with that key.

    
              Filtering by tag value

The search bar also supports searching for tag keys. Type tag to see just a list of tag keys, or start typing the name of a key to find it in the list.

With AWS Billing and Cost Management, you can use tags to customize billing reports and create cost-allocation reports. For more information, see see Monthly Cost Allocation Report and Using Cost Allocation Tags in the AWS Billing and Cost Management User Guide.

Using tags with the AWS Command Line Interface

You can use the console to create functions that have tags, add tags to existing functions, and to filter functions by the tags that you add.

Permissions required for working with tags

Grant appropriate permissions to the IAM identity (user, group, or role) for the person working with the function:

  • lambda:ListTags—When a function has tags, grant this permission to anyone who needs to call GetFunction or ListTags on it.

  • lambda:TagResource—Grant this permission to anyone who needs to call CreateFunction or TagResource.

For more information, see Identity-based IAM policies for Lambda.

Creating tags when you create a function

Make sure that any tags you use conform to the tag requirements.

When you create a new Lambda function, you can include tags with the --tags option.

aws lambda create-function --function-name my-function --handler index.js --runtime nodejs12.x \ --role arn:aws:iam::123456789012:role/lambda-role \ --tags Department=Marketing,CostCenter=1234ABCD

To add tags to an existing function, use the tag-resource command.

aws lambda tag-resource \ --resource arn:aws:lambda:us-east-2:123456789012:function:my-function \ --tags Department=Marketing,CostCenter=1234ABCD

To remove tags, use the untag-resource command.

aws lambda untag-resource --resource function arn \ --tag-keys Department

Viewing tags on a function

If you want to view the tags that are applied to a specific Lambda function, you can use either of the following Lambda API commands:

  • ListTags – You supply your Lambda function ARN (Amazon Resource Name) to view a list of the tags associated with this function:

    aws lambda list-tags --resource function arn
  • GetFunction – You supply your Lambda function name to a view a list of the tags associated with this function:

    aws lambda get-function --function-name my-function

Filtering functions by tag

You can use the AWS Resource Groups Tagging API GetResources action to filter your resources by tags. The GetResources API receives up to 10 filters, with each filter containing a tag key and up to 10 tag values. You provide GetResources with a ‘ResourceType’ to filter by specific resource types.

For more information about the AWS Resource Groups service, see What are resource groups? in the AWS Resource Groups and Tags User Guide.

Requirements for tags

The following requirements apply to tags:

  • Maximum number of tags per resource—50

  • Maximum key length—128 Unicode characters in UTF-8

  • Maximum value length—256 Unicode characters in UTF-8

  • Tag keys and values are case sensitive.

  • Do not use the aws: prefix in your tag names or values because it is reserved for AWS use. You can't edit or delete tag names or values with this prefix. Tags with this prefix do not count against your tags per resource limit.

  • If your tagging schema will be used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, spaces, and numbers representable in UTF-8, plus the following special characters: + - = . _ : / @.