Menu
AWS Systems Manager
User Guide

Tagging Systems Manager Parameters

You can use the Systems Manager console, the AWS CLI, the AWS Tools for Windows, or the AddTagsToResource API to add tags to Systems Manager resources, including documents, managed instances, Maintenance Windows, Parameter Store parameters, and patch baselines.

Tags are used to organize parameters. For example, you can tag parameters for specific environments, departments, or users and groups. After you tag a parameter, you can restrict access to it by creating an IAM policy that specifies the tags that the user can access. For more information about restricting access to parameters by using tags, see Controlling Access to Parameters Using Tags.

For information about the Regions where Systems Manager is available, see regions.

Tag a Parameter (Console)

  1. Open the AWS Systems Manager console at https://console.aws.amazon.com/systems-manager/.

  2. In the left navigation, choose Parameter Store.

  3. Choose the name of a parameter you have already created, and then choose the Tags tab.

  4. In the first box, enter a key for the tag, such as Environment.

  5. In the second box, enter a value for the tag, such as Test.

  6. Choose Save.

Tag a Parameter (AWS CLI)

  1. Open the AWS CLI and run the following command to specify your credentials and a Region. You must either have administrator privileges in Amazon EC2 or you must have been granted the appropriate permission in IAM. For more information, see Systems Manager Prerequisites.

    aws configure

    The system prompts you to specify the following.

    AWS Access Key ID [None]: key_name AWS Secret Access Key [None]: key_name Default region name [None]: region Default output format [None]: ENTER
  2. Execute the following command to list parameters that you can tag.

    aws ssm describe-parameters

    Note the name of a parameter that you want to tag.

  3. Execute the following command to tag a parameter.

    aws ssm add-tags-to-resource --resource-type "Parameter" --resource-id "the parameter name" --tags "Key=a key, for example Environment,Value=a value, for example TEST"

    If successful, the command has no output.

  4. Execute the following command to verify the parameter tags.

    aws ssm list-tags-for-resource --resource-type "Parameter" --resource-id "the parameter name"

Tag a Parameter (AWS Tools for Windows)

  1. Open AWS Tools for Windows PowerShell and execute the following command to specify your credentials. You must either have administrator privileges in Amazon EC2 or you must have been granted the appropriate permission in IAM. For more information, see Systems Manager Prerequisites.

    Set-AWSCredentials –AccessKey key_name –SecretKey key_name
  2. Execute the following command to set the Region for your PowerShell session. The example uses the us-east-2 Region. Systems Manager is currently available in the following regions.

    Set-DefaultAWSRegion -Region us-east-2
  3. Execute the following command to list parameters that you can tag.

    Get-SSMParameterList
  4. Execute the following commands to tag a parameter.

    $tag1 = New-Object Amazon.SimpleSystemsManagement.Model.Tag $tag1.Key = "Environment" $tag1.Value = "TEST" Add-SSMResourceTag -ResourceType "Parameter" -ResourceId "the parameter name" -Tag $tag1

    If successful, the command has no output.

  5. Execute the following command to verify the parameter tags.

    Get-SSMResourceTag -ResourceType "Parameter" -ResourceId "the parameter name"