Tag your Amazon FSx resources - FSx for ONTAP
Tag basicsTagging your resourcesCopying tags to backupsTag restrictionsPermissions and tagging
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Tag your Amazon FSx resources

To help you manage your file systems and other Amazon FSx resources, you can assign your own metadata to each resource in the form of tags. With tags, you can categorize your Amazon resources in different ways, for example, by purpose, owner, or environment. This categorization is useful when you have many resources of the same type—you can quickly identify a specific resource based on the tags that you've assigned to it. This topic describes tags and shows you how to create them.

Tag basics

A tag is a label that you assign to an Amazon resource. Each tag consists of two parts that you define:

  • A tag key (for example, CostCenter, Environment, or Project). Tag keys are case sensitive.

  • A tag value (for example, 111122223333 or Production). Like tag keys, tag values are case sensitive. Tag values are optional.

You can use tags to categorize your Amazon resources in different ways, such as, by purpose, owner, or environment. For example, you could define a set of tags for your account's Amazon FSx file systems that helps you track each instance's owner and stack level.

We recommend that you devise a set of tag keys that meets your needs for each resource type. Using a consistent set of tag keys makes it easier for you to manage your resources. You can search and filter the resources based on the tags that you add. For more information about how to implement an effective resource tagging strategy, see Tagging Amazon resources in the Amazon Web Services General Reference.

Some tagging behaviors to keep in mind:

  • Tags don't have any semantic meaning to Amazon FSx and are interpreted strictly as a string of characters.

  • Tags are not automatically assigned to your resources.

  • You can edit tag keys and values, and you can remove tags from a resource at any time.

  • You can set the value of a tag to an empty string, but you can't set the value of a tag to null.

  • If you add a tag that has the same key as an existing tag on that resource, the new value overwrites the old value.

  • If you delete a resource, any tags for the resource are also deleted.

  • If you're using the Amazon FSx API, the Amazon Command Line Interface (Amazon CLI), or an Amazon SDK, you can do the following:

    • You can use the TagResource API action to apply tags to existing resources.

    • For some resource-creating actions, you can specify tags for a resource when the resource is created. By tagging resources at the time of creation, you can eliminate the need to run custom tagging scripts after resource creation.

      If tags cannot be applied during resource creation, Amazon FSx rolls back the resource creation process. This behavior helps ensure that resources are either created with tags or not created at all, and that no resources are left untagged at any time.

      Note

      Certain Amazon Identity and Access Management (IAM) permissions are required for users to tag resources on creation. For more information, see Grant permission to tag resources during creation.

Tagging your resources

You can tag Amazon FSx resources that exist in your account. If you're using the Amazon FSx console, you can apply tags to resources by using the Tags tab on the relevant resource screen. When you create resources, you can apply the Name key with a value, and you can apply tags of your choice when creating a new file system. However, even though the console organizes resources according to the Name key, this key doesn't have any semantic meaning to the Amazon FSx service.

To implement granular control over the users and groups that can tag resources on creation, you can apply tag-based resource-level permissions in your IAM policies to the Amazon FSx API actions that support tagging on creation. By using such permissions in your policies, you get the following benefits:

  • Your resources are properly secured from creation.

  • Because tags are applied immediately to your resources, any tag-based resource-level permissions controlling the use of resources are immediately effective.

  • Your resources can be tracked and reported on more accurately.

  • You can enforce the use of tagging on new resources, and control which tag keys and values are set on your resources.

To control which tag keys and values are set on your existing resources, you can apply resource-level permissions to the TagResource and UntagResource Amazon FSx API actions in your IAM policies.

For more information about the permissions required to tag Amazon FSx resources at creation, see Grant permission to tag resources during creation.

For more information about using tags to restrict access to Amazon FSx resources in IAM policies, see Using tags to control access to your Amazon FSx resources.

For information about tagging your resources for billing, see Using cost allocation tags in the Amazon Billing User Guide.

Copying tags to backups

When you create or update a volume in the Amazon FSx API or Amazon CLI, you can enable CopyTagsToBackups to automatically copy any tags from your volumes to backups.

Note

If you specify tags while creating a user-initiated backup (including the name tag when you create a backup using the Amazon FSx console), tags are not copied from the volume even if you've enabled CopyTagsToBackups.

For more information about backups, see Working with backups. For more information about enabling CopyTagsToBackups, see To create a volume (CLI) and To update a volume's configuration (CLI) in the Amazon FSx for NetApp ONTAP User Guide or CreateVolume and UpdateVolume in the Amazon FSx for NetApp ONTAP API Reference.

Tag restrictions

The following basic restrictions apply to tags:

  • The maximum number of tags per resource is 50.

  • The maximum key length is 128 Unicode characters in UTF-8.

  • The maximum value length is 256 Unicode characters in UTF-8.

  • The allowed characters are letters, numbers, and spaces representable in UTF-8, and the following characters: + - (hyphen) = . _ (underscore) : / @.

  • For each resource, each tag key must be unique, and each tag key can have only one value.

  • Tag keys and values are case sensitive.

  • The aws: prefix is reserved for Amazon use. If a tag has a tag key with this prefix, you can't edit or delete the tag's key or value. Tags with the aws: prefix do not count against your tags per resource limit.

You can't delete a resource based solely on its tags; you must specify the resource identifier. For example, to delete a file system that you tagged with a tag key called DeleteMe, you must use the DeleteFileSystem action with the file system resource identifier, such as fs-1234567890abcdef0.

When you tag public or shared resources, the tags that you assign are available only to your Amazon Web Services account; no other Amazon Web Services account has access to those tags. For tag-based access control to shared resources, each Amazon Web Services account must assign its own set of tags to control access to the resource.

Permissions and tagging

For more information about the permissions required to tag Amazon FSx resources at creation, see Grant permission to tag resources during creation.

For more information about using tags to restrict access to Amazon FSx resources in IAM policies, see Using tags to control access to your Amazon FSx resources.