StartReportCreation - AWS Resource Groups Tagging


Generates a report that lists all tagged resources in the accounts across your organization and tells whether each resource is compliant with the effective tag policy. Compliance data is refreshed daily. The report is generated asynchronously.

The generated report is saved to the following location:


You can call this operation only from the organization's management account and from the us-east-1 Region.

Request Syntax

{ "S3Bucket": "string" }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.


The name of the Amazon S3 bucket where the report will be stored; for example:


For more information on S3 bucket requirements, including an example bucket policy, see the example S3 bucket policy on this page.

Type: String

Length Constraints: Minimum length of 3. Maximum length of 63.

Pattern: [a-z0-9.-]*

Required: Yes

Response Elements

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.


For information about the errors that are common to all actions, see Common Errors.


The target of the operation is currently being modified by a different request. Try again later.

HTTP Status Code: 400


The request was denied because performing this operation violates a constraint.

Some of the reasons in the following list might not apply to this specific operation.

  • You must meet the prerequisites for using tag policies. For information, see Prerequisites and Permissions for Using Tag Policies in the AWS Organizations User Guide.

  • You must enable the tag policies service principal ( to integrate with AWS Organizations For information, see EnableAWSServiceAccess.

  • You must have a tag policy attached to the organization root, an OU, or an account.

HTTP Status Code: 400


The request processing failed because of an unknown error, exception, or failure. You can retry the request.

HTTP Status Code: 500


This error indicates one of the following:

  • A parameter is missing.

  • A malformed string was supplied for the request parameter.

  • An out-of-range value was supplied for the request parameter.

  • The target ID is invalid, unsupported, or doesn't exist.

  • You can't access the Amazon S3 bucket for report storage. For more information, see Additional Requirements for Organization-wide Tag Compliance Reports in the AWS Organizations User Guide.

HTTP Status Code: 400


The request was denied to limit the frequency of submitted requests.

HTTP Status Code: 400


Sample S3 policy

Before creating the report, you must grant access for the tag policies service principal to an Amazon S3 bucket for report storage. Attach the following bucket policy to the bucket. If you don't know your organization ID, you can call DescribeOrganization to find it.

{ "Version": "2012-10-17", "Statement": [ { "Sid": "TagPolicyACL", "Effect": "Allow", "Principal": { "Service": [ "" ] }, "Action": "s3:GetBucketAcl", "Resource": "arn:aws:s3:::your-bucket-name" }, { "Sid": "TagPolicyBucketDelivery", "Effect": "Allow", "Principal": { "Service": [ "" ] }, "Action": [ "s3:PutObject", "s3:PutObjectAcl" ], "Resource": "arn:aws:s3:::your-bucket-name/AwsTagPolicies/your-org-id/*" } ] }


This example illustrates one usage of StartReportCreation.

Sample Request

POST / HTTP/1.1 Host: Accept-Encoding: identity Content-Length: 20 X-Amz-Target: ResourceGroupsTaggingAPI_20170126.StartReportCreation X-Amz-Date: 20191201T214524Z User-Agent: aws-cli/1.11.79 Python/2.7.9 Windows/7 botocore/1.5.42 Content-Type: application/x-amz-json-1.1 Authorization: AUTHPARAMS { "S3Bucket": "awsexamplebucket" }


This example illustrates one usage of StartReportCreation.

Sample Response

HTTP/1.1 200 OK x-amzn-RequestID: d3cf21f0-26db-11e7-a532-75e05382c8b1 Content-Type: application/x-amz-json-1.1 Date: Sun, 1 Dec 2019 21:45:25 GMT {}

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: