Working with Tags on AWS OpsWorks for Chef Automate Resources

Important

AWS OpsWorks for Chef Automate is no longer accepting new customers. Existing customers will be unaffected until May 5, 2024 at which time the service will become unavailable. We recommend that existing customers migrate to Chef SaaS or an alternative solution. For more information, see AWS OpsWorks for Chef Automate End of Life FAQs.

Tags are words or phrases that act as metadata for identifying and organizing your AWS resources. In AWS OpsWorks for Chef Automate, a resource can have up to 50 user-applied tags. Each tag consists of a key and one optional value. You can apply tags to the following resources in AWS OpsWorks for Chef Automate:

• AWS OpsWorks for Chef Automate servers

• Backups of AWS OpsWorks for Chef Automate servers

Tags on AWS resources can help you track costs, control access to resources, group resources for automating tasks, or organize resources by purpose or lifecycle stage. For more information about the benefits of tags, see AWS Tagging Strategies in AWS Answers and Using Cost Allocation Tags in the AWS Billing and Cost Management User Guide.

To use tags to control access to AWS OpsWorks for Chef Automate servers or backups, you create or edit policy statements in AWS Identity and Access Management (IAM). For more information, see Controlling Access to AWS Resources Using Resource Tags in the AWS Identity and Access Management User Guide.

When you apply tags to an AWS OpsWorks for Chef Automate server, the tags are also applied to the server's backups, the Amazon S3 bucket that stores the backups, the server's Amazon EC2 instance, secrets for the server that are stored in AWS Secrets Manager, and the Elastic IP address used by the server. Tags are not propagated to the AWS CloudFormation stack that AWS OpsWorks uses to create your server.

How Tags Work in AWS OpsWorks for Chef Automate

In this release, you can add and manage tags by using the AWS OpsWorks CM API or the AWS Management Console. AWS OpsWorks CM also attempts to add tags that you add to a server to the AWS resources that are associated with the server, including the EC2 instance, secrets in Secrets Manager, Elastic IP address, security group, S3 bucket, and backups. The following table provides an overview of how you add and manage tags in AWS OpsWorks for Chef Automate.

Action	What to use
Add tags to a new AWS OpsWorks for Chef Automate server or a backup that you are creating manually.	Choose Create Chef Automate server and add tags on the Configure advanced settings page. Choose Create backup on the Backups page for an existing server, and add tags on the Create a backup of your Chef Automate 2 server page. Add a Tags parameter to the CreateServer or CreateBackup commands.
View tags on a resource.	On the details page for your server, choose Tags in the navigation pane. On the Backups page for your server, select a backup, and then choose Edit backup. Run the ListTagsForResource command.
Add tags to an existing AWS OpsWorks for Chef Automate server or a backup, regardless of whether the backup was created manually or automatically.	On the details page for your server, choose Tags in the navigation pane, and then choose Edit. On the Backups page for your server, select a backup, and then choose Edit backup. Run the TagResource command.
Delete tags from a resource.	On the details page for your server, choose Tags in the navigation pane, and then choose Edit. Choose X next to tags that you want to delete. On the Backups page for your server, select a backup, and then choose Edit backup. Choose X next to tags that you want to delete. Run the UntagResource command.

DescribeServers and DescribeBackups responses do not include tag information. To show tags, use the ListTagsForResource API.

Add and Manage Tags in AWS OpsWorks for Chef Automate (Console)

Procedures in this section are performed in the AWS Management Console.

If you add tags, a tag key cannot be empty. The key can be a maximum of 127 characters, and can contain only Unicode letters, numbers, or separators, or the following special characters: + - = . _ : / @ A tag value is optional. You can add a tag that has a key, but no value. The value can be a maximum of 255 characters, and can contain only Unicode letters, numbers, or separators, or the following special characters: + - = . _ : / @

Topics

• Add Tags to a New AWS OpsWorks for Chef Automate Server (Console)
• Add Tags to a New Backup (Console)
• Add or View Tags on an Existing Server (Console)
• Add or View Tags on an Existing Backup (Console)
• Delete Tags from a Server (Console)
• Delete Tags from a Backup (Console)

Add Tags to a New AWS OpsWorks for Chef Automate Server (Console)

1. Be sure to complete any prerequisites for creating an AWS OpsWorks for Chef Automate server.

2. Follow steps 1-10 in Create a Chef Automate Server.

3. After you specify automated backup settings, add tags in the Tags area of the Configure advanced settings page. You can add a maximum of 50 tags. When you are finished adding tags, choose Next.

4. Go on to step 13 of Create a Chef Automate Server, and review settings you have chosen for the new server.

Add Tags to a New Backup (Console)

1. On the AWS OpsWorks for Chef Automate home page, choose an existing Chef Automate server.

2. From the server's details page, choose Backups in the navigation pane.

3. On the Backups page, choose Create backup.

4. Add tags. Choose Create when you are finished adding tags.

Add or View Tags on an Existing Server (Console)

1. On the AWS OpsWorks for Chef Automate home page, choose an existing Chef Automate server to open its details page.

2. Choose Tags in the navigation pane, or at the bottom of the details page, choose View all tags.

3. On the Tags page, choose Edit.

4. Add or edit tags on the server. Choose Save when you are finished.

   Note

   Be aware that changing tags on your Chef Automate server also changes tags on resources that are associated with the server, such as the EC2 instance, Elastic IP address, security group, S3 bucket, and backups.

Add or View Tags on an Existing Backup (Console)

1. On the AWS OpsWorks for Chef Automate home page, choose an existing Chef Automate server to open its details page.

2. Choose Backups in the navigation pane, or in the Recent backups area of the details page, choose View all backups.

3. On the Backups page, choose a backup to manage, and then choose Edit backup.

4. Add or edit tags on the backup. Choose Update when you are finished.

Delete Tags from a Server (Console)

1. On the AWS OpsWorks for Chef Automate home page, choose an existing Chef Automate server to open its details page.

2. Choose Tags in the navigation pane, or at the bottom of the details page, choose View all tags.

3. On the Tags page, choose Edit.

4. Choose X next to a tag to delete the tag. Choose Save when you are finished.

   Note

   Be aware that changing tags on your Chef Automate server also changes tags on resources that are associated with the server, such as the EC2 instance, Elastic IP address, security group, S3 bucket, and backups.

Delete Tags from a Backup (Console)

1. On the AWS OpsWorks for Chef Automate home page, choose an existing Chef Automate server to open its details page.

2. Choose Backups in the navigation pane, or in the Recent backups area of the details page, choose View all backups.

3. On the Backups page, choose a backup to manage, and then choose Edit backup.

4. Choose X next to a tag to delete the tag. Choose Update when you are finished.

Add and Manage Tags in AWS OpsWorks for Chef Automate (CLI)

Procedures in this section are performed in the AWS CLI. Be sure that you are running the latest release of the AWS CLI before you start working with tags. For more information about installing or updating the AWS CLI, see Installing the AWS CLI in the AWS Command Line Interface User Guide.

If you add tags, a tag key cannot be empty. The key can be a maximum of 127 characters, and can contain only Unicode letters, numbers, or separators, or the following special characters: + - = . _ : / @ A tag value is optional. You can add a tag that has a key, but no value. The value can be a maximum of 255 characters, and can contain only Unicode letters, numbers, or separators, or the following special characters: + - = . _ : / @

Topics

• Add Tags to a New AWS OpsWorks for Chef Automate Server (CLI)
• Add Tags to a New Backup (CLI)
• Add Tags to Existing Servers or Backups (CLI)
• List Resource Tags
• Delete Tags from a Resource

Add Tags to a New AWS OpsWorks for Chef Automate Server (CLI)

You can use the AWS CLI to add tags when you create an AWS OpsWorks for Chef Automate server. This procedure does not describe in full how to create a server. For detailed information about how to create an AWS OpsWorks for Chef Automate server by using the AWS CLI see Create a Chef Automate server by using the AWS CLI in this guide. You can add up to 50 tags to a server.

1. Be sure to complete any prerequisites for creating an AWS OpsWorks for Chef Automate server.

2. Complete steps 1-5 of Create a Chef Automate server by using the AWS CLI.

3. For step 6, when you run the create-server command, add the --tags parameter to the command, as shown in the following example.

   aws opsworks-cm create-server ... --tags Key=Key1,Value=Value1 Key=Key2,Value=Value2

   The following is an example showing only the tags portion of the create-server command.

   aws opsworks-cm create-server ... --tags Key=Stage,Value=Production Key=Department,Value=Marketing

4. Complete the remaining steps in Create a Chef Automate server by using the AWS CLI. To verify that your tags were added to the new server, follow steps in List Resource Tags in this topic.

Add Tags to a New Backup (CLI)

You can use the AWS CLI to add tags when you create a new, manual backup of an AWS OpsWorks for Chef Automate server. This procedure does not describe in full how to create a manual backup. For detailed information about how to create a manual backup, see "To perform a manual backup in the AWS CLI" in Back Up an AWS OpsWorks for Chef Automate Server. You can add up to 50 tags to a backup. If a server has tags, new backups are automatically tagged with the server's tags.

By default, when you create a new AWS OpsWorks for Chef Automate server, automated backups are enabled. You can add tags to an automated backup by running the tag-resource command, described in Add Tags to Existing Servers or Backups (CLI) in this topic.

• To add tags to a manual backup as you're creating the backup, run the following command. Only the tags portion of the command is shown. For an example of the full create-backup command, see "To perform a manual backup in the AWS CLI" in Back Up an AWS OpsWorks for Chef Automate Server.

  aws opsworks-cm create-backup ... --tags Key=Key1,Value=Value1 Key=Key2,Value=Value2

  The following example shows only the tags portion of the create-backup command.

  aws opsworks-cm create-backup ... --tags Key=Stage,Value=Production Key=Department,Value=Marketing

Add Tags to Existing Servers or Backups (CLI)

You can run the tag-resource command to add tags to existing AWS OpsWorks for Chef Automate servers or backups (whether the backups were created automatically or manually). Specify the Amazon Resource Number (ARN) of a target resource to add tags to it.

1. To get the ARN of the resource to which you want to apply tags:

   • For a server, run describe-servers --server-name server_name. The results of the command show the server ARN.

   • For a backup, run describe-backups --backup-id backup_ID. The results of the command show the backup ARN. You can also run describe-backups --server-name server_name to show information about all backups for a specific AWS OpsWorks for Chef Automate server.

   The following example shows only the ServerArn in results of a describe-servers --server-name opsworks-cm-test command. The ServerArn value is added to a tag-resource command to add tags to the server.

   {
       "Servers": [
           {
               ...
               "ServerArn": "arn:aws:opsworks-cm:us-west-2:123456789012:server/opsworks-cm-test/EXAMPLEd-66b0-4196-8274-d1a2bEXAMPLE"
           }
       ]
   }

2. Run the tag-resource command with the ARN that you returned in step 1.

   aws opsworks-cm tag-resource --resource-arn "server_or_backup_ARN" --tags Key=Key1,Value=Value1 Key=Key2,Value=Value2

   The following is an example.

   aws opsworks-cm tag-resource --resource-arn "arn:aws:opsworks-cm:us-west-2:123456789012:server/opsworks-cm-test/EXAMPLEd-66b0-4196-8274-d1a2bEXAMPLE" --tags Key=Stage,Value=Production Key=Department,Value=Marketing

3. To verify that tags were added successfully, go on to the next procedure, List Resource Tags.

List Resource Tags

You can run the list-tags-for-resource command to show the tags that are attached to AWS OpsWorks for Chef Automate servers or backups. Specify the ARN of a target resource to view its tags.

1. To get the ARN of the resource for which you want to list tags:

   • For a server, run describe-servers --server-name server_name. The results of the command show the server ARN.

   • For a backup, run describe-backups --backup-id backup_ID. The results of the command show the backup ARN. You can also run describe-backups --server-name server_name to show information about all backups for a specific AWS OpsWorks for Chef Automate server.

2. Run the list-tags-for-resource command with the ARN that you returned in step 1.

   aws opsworks-cm list-tags-for-resource --resource-arn "server_or_backup_ARN"

   The following is an example.

   aws opsworks-cm tag-resource --resource-arn "arn:aws:opsworks-cm:us-west-2:123456789012:server/opsworks-cm-test/EXAMPLEd-66b0-4196-8274-d1a2bEXAMPLE"

   If there are tags on the resource, the command returns results like the following.

   {
       "Tags": [
           {
               "Key": "Stage",
               "Value": "Production"
           },
           {
               "Key": "Department",
               "Value": "Marketing"
           }
       ]
   }

Delete Tags from a Resource

You can run the untag-resource command to delete tags from AWS OpsWorks for Chef Automate servers or backups. If the resource is deleted, the tags on the resource are also deleted. Specify the Amazon Resource Number (ARN) of a target resource to remove tags from it.

1. To get the ARN of the resource from which you want to remove tags:

   • For a server, run describe-servers --server-name server_name. The results of the command show the server ARN.

   • For a backup, run describe-backups --backup-id backup_ID. The results of the command show the backup ARN. You can also run describe-backups --server-name server_name to show information about all backups for a specific AWS OpsWorks for Chef Automate server.

2. Run the untag-resource command with the ARN that you returned in step 1. Specify only the tags that you want to delete.

   aws opsworks-cm untag-resource --resource-arn "server_or_backup_ARN" --tags Key=Key1,Value=Value1 Key=Key2,Value=Value2

   In this example, the untag-resource command removes only the tag with a key of Stage and a value of Production.

   aws opsworks-cm untag-resource --resource-arn "arn:aws:opsworks-cm:us-west-2:123456789012:server/opsworks-cm-test/EXAMPLEd-66b0-4196-8274-d1a2bEXAMPLE" --tags Key=Stage,Value=Production

3. To verify that tags were deleted successfully, follow steps in List Resource Tags in this topic.

See Also

• Create a Chef Automate server by using the AWS CLI

• Back Up an AWS OpsWorks for Chef Automate Server

• AWS Tagging Strategies

• Controlling Access to AWS Resources Using Resource Tags in the AWS Identity and Access Management User Guide

• Using Cost Allocation Tags in the AWS Billing and Cost Management User Guide

• CreateBackup in the AWS OpsWorks CM API Reference

• CreateServer in the AWS OpsWorks CM API Reference

• TagResource in the AWS OpsWorks CM API Reference

• ListTagsForResource in the AWS OpsWorks CM API Reference

• UntagResource in the AWS OpsWorks CM API Reference