AWS Systems Manager
User Guide

Tagging Systems Manager Parameters

You can use the Systems Manager console, the AWS CLI, the AWS Tools for Windows, or the AddTagsToResource API to add tags to Systems Manager resources, including documents, managed instances, maintenance windows, Parameter Store parameters, and patch baselines.

Tags are used to organize parameters. For example, you can tag parameters for specific environments, departments, or users and groups. After you tag a parameter, you can restrict access to it by creating an IAM policy that specifies the tags that the user can access. For more information about restricting access to parameters by using tags, see Controlling Access to Parameters Using Tags.

For information about the Regions where Systems Manager is available, see regions.

Tag a Parameter (Console)

  1. Open the AWS Systems Manager console at https://console.aws.amazon.com/systems-manager/.

  2. In the left navigation, choose Parameter Store.

  3. Choose the name of a parameter you have already created, and then choose the Tags tab.

  4. In the first box, enter a key for the tag, such as Environment.

  5. In the second box, enter a value for the tag, such as Test.

  6. Choose Save.

Tag a Parameter (AWS CLI)

  1. Install and configure the AWS CLI, if you have not already.

    For information, see Install or Upgrade the AWS CLI.

  2. Run the following command to list parameters that you can tag.

    aws ssm describe-parameters

    Note the name of a parameter that you want to tag.

  3. Run the following command to tag a parameter.

    aws ssm add-tags-to-resource --resource-type "Parameter" --resource-id "the_parameter_name" --tags "Key=a key, for example Environment,Value=a value, for example TEST"

    If successful, the command has no output.

  4. Run the following command to verify the parameter tags.

    aws ssm list-tags-for-resource --resource-type "Parameter" --resource-id "the_parameter_name"

Tag a Parameter (AWS Tools for Windows)

  1. Open AWS Tools for Windows PowerShell and run the following command to specify your credentials. You must either have administrator privileges in Amazon EC2 or you must have been granted the appropriate permission in IAM. For more information, see Systems Manager Prerequisites.

    Set-AWSCredentials –AccessKey key_name –SecretKey key_name
  2. Run the following command to set the Region for your PowerShell session.

    Set-DefaultAWSRegion -Region region

    region represents the Region identifier for an AWS Region supported by AWS Systems Manager, such as us-east-2 for the US East (Ohio) Region. For a list of supported region values, see the Region column in the AWS Systems Manager Table of Regions and Endpoints topic in the AWS General Reference.

  3. Run the following command to list parameters that you can tag.

    Get-SSMParameterList
  4. Run the following commands to tag a parameter.

    $tag1 = New-Object Amazon.SimpleSystemsManagement.Model.Tag $tag1.Key = "Environment" $tag1.Value = "TEST" Add-SSMResourceTag -ResourceType "Parameter" -ResourceId "parameter_name" -Tag $tag1

    If successful, the command has no output.

  5. Run the following command to verify the parameter tags.

    Get-SSMResourceTag -ResourceType "Parameter" -ResourceId "parameter_name"