AWS Step Functions
Developer Guide

Tagging

AWS Step Functions supports tagging of state machines and activities. This can help you track and manage the costs associated with your resources, and provide better security in your IAM policies. Tagging AWS Step Functions resources allows them to be managed by AWS Resource Groups. For more information on Resource Groups, see the AWS Resource Groups User Guide.

To review the restrictions related to resource tagging, see Restrictions Related to Tagging.

Tagging for Cost Allocation

To organize and identify your Step Functions resources for cost allocation, you can add metadata tags that identify the purpose of a state machine or activity. This is especially useful when you have many resources. You can use cost allocation tags to organize your AWS bill to reflect your own cost structure. To do this, sign up to get your AWS account bill to include the tag keys and values. For more information, see Setting Up a Monthly Cost Allocation Report in the AWS Billing and Cost Management User Guide.

For instance, you could add tags that represent the cost center and purpose of your Step Functions resources:

Resource Key Value
StateMachine1 Cost Center 34567
Application Image processing
StateMachine2 Cost Center 34567
Application Rekognition processing
Activity1 Cost Center 12345
Application Legacy database

This tagging scheme allows you to group two state machines performing related tasks in the same cost center, while tagging an unrelated activity with a different cost allocation tag.

Tagging for Security

IAM supports controlling access to resources based on tags. To control access based on tags, provide information about your resource tags in the condition element of an IAM policy.

For instance, you could restrict access to all Step Functions resources that include a tag with the key environment and the value production:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Deny", "Action": [ "states:TagResource", "states:DeleteActivity", "states:DeleteStateMachine", "states:StopExecution" ], "Resource": "*", "Condition": { "StringEquals": {"aws:ResourceTag/environment": "production"} } } ] }

For more information, see Controlling Access Using Tags in the IAM User Guide.

Viewing and Managing Tags in the Step Functions Console

AWS Step Functions allows you to view and manage the tags for your state machines in the Step Functions console. From the Details page of a state machine, select Tags. Here, you can view the existing tags associated with your state machine.

Note

To manage tags for activites, see Manage Tags With Step Functions API Actions..

To add or delete tags that are associated with your state machine, select the Manage Tags button.

  1. Browse to the details page of a state machine.

  2. Select Tags, next to Executions and Definition.

    
                        Select Tags on Details page
  3. Choose Manage tags.

    • To modify existing tags, edit the Key and Value.

    • To remove existing tags, select Remove tag.

    • To add a new tag, select Add tag and enter a Key and Value.

    
                        Manage Tags
  4. Choose Save.

Manage Tags With Step Functions API Actions.

To manage tags using the Step Functions API, use the following API actions: