Edit tags associated with a KMS key
Tags help identify and organize your Amazon resources. You can edit the tags associated with your customer managed KMS keys in the Amazon KMS console or by using the TagResource operation. You cannot edit the tags of an Amazon managed key.
The following procedures demonstrate how to edit the tags associated with a KMS key. The
Amazon KMS API examples use the Amazon Command Line Interface (Amazon CLI)
-
Sign in to the Amazon Web Services Management Console and open the Amazon Key Management Service (Amazon KMS) console at https://console.amazonaws.cn/kms
. -
To change the Amazon Web Services Region, use the Region selector in the upper-right corner of the page.
-
In the navigation pane, choose Customer managed keys. (You cannot edit the tags of an Amazon managed key)
-
You can use the table filter to display only KMS keys with particular tags. For details, see View tags using the Amazon KMS console.
-
Select the check box next to the alias of a KMS key.
-
Choose Key actions, Add or edit tags.
-
On the details page for KMS key, choose the Tags tab.
-
To change the name or value of a tag, choose Edit, make your changes, and then choose Save.
-
-
To save your changes, choose Save changes.
The TagResource operation add one or more tags to a customer managed key;. However, you can also use TagResource to change the tag value of an existing tag. You cannot use this operation to add or edit tags in a different Amazon Web Services account.
To edit a tag, specify an existing tag key and a new tag value. Each tag on a KMS key must have a different tag key. The tag value can be a null or empty string.
For example, this command changes the value of the Purpose tag from
Pretest to Test.
$aws kms tag-resource \ --key-id 1234abcd-12ab-34cd-56ef-1234567890ab \ --tags TagKey=Purpose,TagValue=Test