StartReportCreation - Resource Groups Tagging API

StartReportCreation

Generates a report that lists all tagged resources in accounts across your organization and tells whether each resource is compliant with the effective tag policy. Compliance data is refreshed daily.

The generated report is saved to the following location:

s3://example-bucket/AwsTagPolicies/o-exampleorgid/YYYY-MM-ddTHH:mm:ssZ/report.csv

You can call this operation only from the organization's master account and from the us-east-1 Region.

Request Syntax

{ "S3Bucket": "string" }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

S3Bucket

The name of the Amazon S3 bucket where the report will be stored; for example:

awsexamplebucket

For more information on S3 bucket requirements, including an example bucket policy, see the example S3 bucket policy on this page.

Type: String

Length Constraints: Minimum length of 3. Maximum length of 63.

Pattern: [\s\S]*

Required: Yes

Response Elements

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

Errors

For information about the errors that are common to all actions, see Common Errors.

ConcurrentModificationException

The target of the operation is currently being modified by a different request. Try again later.

HTTP Status Code: 400

ConstraintViolationException

The request was denied because performing this operation violates a constraint.

Some of the reasons in the following list might not apply to this specific operation.

  • You must meet the prerequisites for using tag policies. For information, see Prerequisites and Permissions for Using Tag Policies in the AWS Organizations User Guide.

  • You must enable the tag policies service principal (tagpolicies.tag.amazonaws.com) to integrate with AWS Organizations For information, see EnableAWSServiceAccess.

  • You must have a tag policy attached to the organization root, an OU, or an account.

HTTP Status Code: 400

InternalServiceException

The request processing failed because of an unknown error, exception, or failure. You can retry the request.

HTTP Status Code: 500

InvalidParameterException

This error indicates one of the following:

  • A parameter is missing.

  • A malformed string was supplied for the request parameter.

  • An out-of-range value was supplied for the request parameter.

  • The target ID is invalid, unsupported, or doesn't exist.

  • You can't access the Amazon S3 bucket for report storage. For more information, see Additional Requirements for Organization-wide Tag Compliance Reports in the AWS Organizations User Guide.

HTTP Status Code: 400

ThrottledException

The request was denied to limit the frequency of submitted requests.

HTTP Status Code: 400

Examples

Sample S3 policy

Before creating the report, you must grant access for the tag policies service principal to an Amazon S3 bucket for report storage. Attach the following bucket policy to the bucket. If you don't know your organization ID, you can call DescribeOrganization to find it.

{ "Version": "2012-10-17", "Statement": [ { "Sid": "TagPolicyACL", "Effect": "Allow", "Principal": { "Service": [ "tagpolicies.tag.amazonaws.com" ] }, "Action": "s3:GetBucketAcl", "Resource": "arn:aws:s3:::your-bucket-name" }, { "Sid": "TagPolicyBucketDelivery", "Effect": "Allow", "Principal": { "Service": [ "tagpolicies.tag.amazonaws.com" ] }, "Action": [ "s3:PutObject", "s3:PutObjectAcl" ], "Resource": "arn:aws:s3:::your-bucket-name/AwsTagPolicies/your-org-id/*" } ] }

Example

Sample Request

POST / HTTP/1.1 Host: tagging.us-east-1.amazonaws.com Accept-Encoding: identity Content-Length: 20 X-Amz-Target: ResourceGroupsTaggingAPI_20170126.StartReportCreation X-Amz-Date: 20191201T214524Z User-Agent: aws-cli/1.11.79 Python/2.7.9 Windows/7 botocore/1.5.42 Content-Type: application/x-amz-json-1.1 Authorization: AUTHPARAMS { "S3Bucket": "awsexamplebucket" }

Example

Sample Response

HTTP/1.1 200 OK x-amzn-RequestID: d3cf21f0-26db-11e7-a532-75e05382c8b1 Content-Type: application/x-amz-json-1.1 Date: Sun, 1 Dec 2019 21:45:25 GMT {}

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: