Using tags on Lambda functions - AWS Lambda

Using tags on Lambda functions

You can tag AWS Lambda functions to activate attribute-based access control (ABAC) and to organize them by owner, project, or department. Tags are free-form key-value pairs that are supported across AWS services for use in ABAC, filtering resources, and adding detail to billing reports.

Tags apply at the function level, not to versions or aliases. Tags are not part of the version-specific configuration that Lambda creates a snapshot of when you publish a version.

Permissions required for working with tags

Grant appropriate permissions to the AWS Identity and Access Management (IAM) identity (user, group, or role) for the person working with the function:

  • lambda:ListTags – When a function has tags, grant this permission to anyone who needs to call GetFunction or ListTags on it.

  • lambda:TagResource – Grant this permission to anyone who needs to call CreateFunction or TagResource.

For more information, see Identity-based IAM policies for Lambda.

Using tags with the Lambda console

You can use the Lambda console to create functions that have tags, add tags to existing functions, and filter functions by tags that you add.

To add tags when you create a function

  1. Open the Functions page of the Lambda console.

  2. Choose Create function.

  3. Choose Author from scratch or Container image.

  4. Under Basic information, do the following:

    1. For Function name, enter the function name. Function names are limited to 64 characters in length.

    2. For Runtime, choose the language version to use for your function.

    3. (Optional) For Architecture, choose the instruction set architecture to use for your function. The default architecture is x86_64. When you build the deployment package for your function, make sure that it is compatible with the instruction set architecture that you choose.

  5. Expand Advanced settings, and then select Enable tags.

  6. Choose Add new tag, and then enter a Key and an optional Value. To add more tags, repeat this step.

  7. Choose Create function.

To add tags to an existing function

  1. Open the Functions page of the Lambda console.

  2. Choose the name of a function.

  3. Choose Configuration, and then choose Tags.

  4. Under Tags, choose Manage tags.

  5. Choose Add new tag, and then enter a Key and an optional Value. To add more tags, repeat this step.

    
              Tagging a function in the Lambda console.
  6. Choose Save.

To filter functions with tags

  1. Open the Functions page of the Lambda console.

  2. Choose the search bar to see a list of function attributes and tag keys.

    
              Tags in the function search bar.
  3. Choose a tag key to see a list of values that are in use in the current AWS Region.

  4. Choose a value to see functions with that value, or choose (all values) to see all functions that have a tag with that key.

    
              Filtering by tag value.

The search bar also supports searching for tag keys. Enter tag to see only a list of tag keys, or enter the name of a key to find it in the list.

Using tags with the AWS CLI

Adding and removing tags

To create a new Lambda function with tags, use the create-function command with the --tags option.

aws lambda create-function --function-name my-function --handler index.js --runtime nodejs18.x \ --role arn:aws:iam::123456789012:role/lambda-role \ --tags Department=Marketing,CostCenter=1234ABCD

To add tags to an existing function, use the tag-resource command.

aws lambda tag-resource \ --resource arn:aws:lambda:us-east-2:123456789012:function:my-function \ --tags Department=Marketing,CostCenter=1234ABCD

To remove tags, use the untag-resource command.

aws lambda untag-resource --resource arn:aws:lambda:us-east-1:123456789012:function:my-function \ --tag-keys Department

Viewing tags on a function

If you want to view the tags that are applied to a specific Lambda function, you can use either of the following AWS CLI commands:

  • ListTags – To view a list of the tags associated with this function, include your Lambda function ARN (Amazon Resource Name):

    aws lambda list-tags --resource arn:aws:lambda:us-east-1:123456789012:function:my-function
  • GetFunction – To view a list of the tags associated with this function, include your Lambda function name:

    aws lambda get-function --function-name my-function

Filtering functions by tag

You can use the AWS Resource Groups Tagging API GetResources API operation to filter your resources by tags. The GetResources operation receives up to 10 filters, with each filter containing a tag key and up to 10 tag values. You provide GetResources with a ResourceType to filter by specific resource types.

For more information about AWS Resource Groups, see What are resource groups? in the AWS Resource Groups and Tags User Guide.

Requirements for tags

The following requirements apply to tags:

  • Maximum number of tags per resource: 50

  • Maximum key length: 128 Unicode characters in UTF-8

  • Maximum value length: 256 Unicode characters in UTF-8

  • Tag keys and values are case sensitive.

  • Do not use the aws: prefix in your tag names or values because it is reserved for AWS use. You can't edit or delete tag names or values with this prefix. Tags with this prefix do not count against your tags per resource limit.

  • If you plan to use your tagging schema across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, spaces, and numbers representable in UTF-8, plus the following special characters: + - = . _ : / @.