Tagging Amazon QLDB resources - Amazon Quantum Ledger Database (Amazon QLDB)

Tagging Amazon QLDB resources

Important

End of support notice: Existing customers will be able to use Amazon QLDB until end of support on 07/31/2025. For more details, see Migrate an Amazon QLDB Ledger to Amazon Aurora PostgreSQL.

A tag is a custom attribute label that you assign or that AWS assigns to an AWS resource. Each tag has two parts:

  • A tag key (for example, CostCenter, Environment, or Project). Tag keys are case sensitive.

  • An optional field known as a tag value (for example, 111122223333 or Production). Omitting the tag value is the same as using an empty string. Like tag keys, tag values are case sensitive.

Tags help you do the following:

  • Identify and organize your AWS resources. Many AWS services support tagging, so you can assign the same tag to resources from different services to indicate that the resources are related. For example, you could assign the same tag to an Amazon QLDB ledger that you assign to an Amazon S3 bucket.

  • Track your AWS costs. You activate these tags on the AWS Billing and Cost Management dashboard. AWS uses the tags to categorize your costs and deliver a monthly cost allocation report to you. For more information, see Using cost allocation tags in the AWS Billing User Guide.

  • Control access to your AWS resources with AWS Identity and Access Management (IAM). For information, see Attribute-based access control (ABAC) with QLDB in this developer guide and Control access using IAM tags in the IAM User Guide.

For tips on using tags, see the AWS Tagging Strategies post on the AWS Answers blog.

The following sections provide more information about tags for Amazon QLDB.

Supported resources in Amazon QLDB

The following resources in Amazon QLDB support tagging:

  • ledger

  • table

  • journal stream

For information about adding and managing tags, see Managing tags.

Tag naming and usage conventions

The following basic naming and usage conventions apply to using tags with Amazon QLDB resources:

  • Each resource can have a maximum of 50 tags.

  • For each resource, each tag key must be unique, and each tag key can have only one value.

  • The maximum tag key length is 128 Unicode characters in UTF-8.

  • The maximum tag value length is 256 Unicode characters in UTF-8.

  • Allowed characters are letters, numbers, spaces representable in UTF-8, and the following characters: . : + = @ _ / - (hyphen).

  • Tag keys and values are case sensitive. As a best practice, decide on a strategy for capitalizing tags, and consistently implement that strategy across all resource types. For example, decide whether to use Costcenter, costcenter, or CostCenter, and use the same convention for all tags. Avoid using similar tags with inconsistent case treatment.

  • The aws: prefix is reserved for AWS use. You can't edit or delete a tag's key or value when the tag has a tag key with the aws: prefix. Tags with this prefix do not count against your tags per resource limit.

Managing tags

Tags are made up of the Key and Value properties on a resource. You can use the Amazon QLDB console, the AWS CLI, or the QLDB API to add, edit, or delete the values for these properties. You can also use the AWS Resource Groups Tag Editor to manage tags.

For information about working with tags, see the following API operations:

To use the QLDB tagging panel (console)
  1. Sign in to the AWS Management Console, and open the Amazon QLDB console at https://console.aws.amazon.com/qldb.

  2. In the navigation pane, choose Ledgers.

  3. In the list of Ledgers, choose the ledger name whose tags you want to manage.

  4. On the ledger details page, locate the Tags card and choose Manage tags.

  5. On the Manage tags page, you can add, edit, or remove any tags as appropriate for your ledger. When the tag keys and values are as you want them, choose Save.

Tagging resources on creation

For QLDB resources that support tagging, you can define tags while you're creating the resource by using the AWS Management Console, the AWS CLI, or the QLDB API. By tagging resources while they're being created, you can eliminate the need to run custom tagging scripts after resource creation.

After a resource is tagged, you can control access to the resource based on those tags. For example, you can grant full access only to table resources that have a specific tag. For a JSON policy example, see Full access to all actions based on table tags.

Note

Table and stream resources don't inherit the tags of their root ledger resource.

You can also define table tags by specifying them in a CREATE TABLE PartiQL statement. To learn more, see Tagging tables.