Using Amazon-generated tags
The Amazon-generated tag createdBy
is a tag that Amazon defines and applies to
supported Amazon resources for cost allocation purposes. To use the Amazon-generated tag, a management account owner must activate it in the Billing and Cost Management console. When a management account owner
activates the tag, the tag is also activated for all member accounts. After the tag is
activated, Amazon starts applying the tag to resources that are created after the
Amazon-generated tag is activated.
The Amazon-generated tag is available only in the Billing and Cost Management console and reports, and doesn't appear
anywhere else in the Amazon console, including the Amazon Tag Editor. The
createdBy
tag does not count towards your tags per resource
quota.
The aws:createdBy
tags are populated only in the following Amazon Web Services Regions:
ap-northeast-1
ap-northeast-2
ap-south-1
ap-southeast-1
ap-southeast-2
cn-north-1
eu-central-1
eu-west-1
sa-east-1
us-east-1
us-east-2
us-gov-west-1
us-west-1
us-west-2
Resources created outside of these Amazon Web Services Regions will not have this tag auto-populated.
The
createdBy
tag uses the following key-value definition:
key = aws:createdBy
value = account-type:account-ID or access-key:user-name or role session name
Not all values include all of the value parameters. For example, the value for a Amazon-generated tag for a root account doesn't always have a user name.
Valid values for the account-type
are Root
,
IAMUser
, AssumedRole
, and
FederatedUser
.
If the tag has an account ID, the account-id
tracks the
account number of the root account or federated user who created the resource. If the
tag has an access key, then the access-key
tracks the IAM
access key used and, if applicable, the session role name.
The user-name
is the user name, if one is available.
Here are some examples of tag values:
Root:1234567890 Root: 111122223333 :exampleUser IAMUser: AIDACKCEVSQ6C2EXAMPLE :exampleUser AssumedRole: AKIAIOSFODNN7EXAMPLE :exampleRole FederatedUser:1234567890:exampleUser
For more information about IAM users, roles, and federation, see the IAM User Guide.
Amazon generated cost allocation tags are applied on a best-effort basis. Issues with services that Amazon-generated tag depends on, such as CloudTrail, can cause a gap in tagging.
The createdBy
tag is applied only to the following services and resources
after the following events.
Amazon Product | API or Console Event | Resource Type |
---|---|---|
Amazon CloudFormation (Amazon CloudFormation) |
|
Stack |
Amazon Data Pipeline (Amazon Data Pipeline) |
|
Pipeline |
Amazon Elastic Compute Cloud (Amazon EC2) |
|
Customer gateway |
|
DHCP options |
|
|
Image |
|
|
Internet gateway |
|
|
Network ACL |
|
|
Network interface |
|
|
Route table |
|
|
Security group |
|
|
Snapshot |
|
|
Subnet |
|
|
Volume |
|
|
VPC |
|
|
VPC peering connection |
|
|
VPN connection |
|
|
VPN gateway |
|
|
Reserved-instance |
|
|
Spot-instance-request |
|
|
Instance |
|
Amazon ElastiCache (ElastiCache) |
|
Snapshot |
|
Cluster |
|
Amazon Elastic Beanstalk (Elastic Beanstalk) |
|
Environment |
|
Application |
|
Elastic Load Balancing (Elastic Load Balancing) |
|
Loadbalancer |
Amazon S3 Glacier (S3 Glacier) |
|
Vault |
Amazon Kinesis (Kinesis) |
|
Stream |
Amazon Relational Database Service (Amazon RDS) |
|
Database |
|
ParameterGroup |
|
|
Snapshot |
|
|
SubnetGroup |
|
|
EventSubscription |
|
|
OptionGroup |
|
|
ReservedDBInstance |
|
|
Database |
|
Amazon Redshift (Amazon Redshift) |
|
ParameterGroup |
|
Snapshot |
|
|
SubnetGroup |
|
|
Cluster |
|
Amazon Route 53 (Route 53) |
|
HealthCheck |
|
HostedZone |
|
Amazon Simple Storage Service (Amazon S3) |
|
Bucket |
Amazon Storage Gateway (Storage Gateway) |
|
Gateway |
Note
The CreateDBSnapshot
tag isn't applied to the snapshot backup
storage.
Amazon Web Services Marketplace vendor-provided tags
Certain Amazon Web Services Marketplace vendors can create tags and associate them with your software usage. These tags will have the prefix aws:marketplace:isv:
. To use the tags, a management account owner must activate the tag in the Billing and Cost Management console. When a management account owner activates the tag, the tag is also activated for all member accounts. Similar to aws:createdBy
tags, these tags appear only in the Billing and Cost Management console and they don't count towards your tags per resource quota. You can find the tag keys that apply to the product on the Amazon Web Services Marketplace
Restrictions on Amazon-generated tags cost allocation tags
The following restrictions apply to the Amazon-generated tags:
-
Only a management account can activate Amazon-generated tags.
-
You can't update, edit, or delete Amazon-generated tags.
-
The maximum active tag keys for Billing and Cost Management reports is 500.
-
Amazon-generated tags are created using CloudTrail logs. CloudTrail logs over a certain size cause Amazon-generated tag creation to fail.
-
The reserved prefix is
aws:
.Amazon-generated tag names and values are automatically assigned the
aws:
prefix, which you can't assign. Amazon-generated tag names don't count towards the user-defined resource tag quota of 50. User-defined tag names have the prefixuser:
in the cost allocation report. -
Null tag values will not appear in Cost Explorer and Amazon Budgets. If there is only one tag value that is also null, the tag key will also not appear in Cost Explorer or Amazon Budgets.