com.amazonaws.services.resourcegroupstaggingapi

Class AWSResourceGroupsTaggingAPIClient

java.lang.Object

com.amazonaws.AmazonWebServiceClient

com.amazonaws.services.resourcegroupstaggingapi.AWSResourceGroupsTaggingAPIClient

All Implemented Interfaces:

AWSResourceGroupsTaggingAPI

Direct Known Subclasses:

AWSResourceGroupsTaggingAPIAsyncClient

@ThreadSafe
 @Generated(value="com.amazonaws:aws-java-sdk-code-generator")
public class AWSResourceGroupsTaggingAPIClient
extends AmazonWebServiceClient
implements AWSResourceGroupsTaggingAPI

Client for accessing AWS Resource Groups Tagging API. All service calls made using this client are blocking, and will not return until the service call completes.

Resource Groups Tagging API

This guide describes the API operations for the resource groups tagging.

A tag is a label that you assign to an AWS resource. A tag consists of a key and a value, both of which you define. For example, if you have two Amazon EC2 instances, you might assign both a tag key of "Stack." But the value of "Stack" might be "Testing" for one and "Production" for the other.

Do not store personally identifiable information (PII) or other confidential or sensitive information in tags. We use tags to provide you with billing and administration services. Tags are not intended to be used for private or sensitive data.

Tagging can help you organize your resources and enables you to simplify resource management, access management and cost allocation.

You can use the resource groups tagging API operations to complete the following tasks:

• Tag and untag supported resources located in the specified Region for the AWS account.

• Use tag-based filters to search for resources located in the specified Region for the AWS account.

• List all existing tag keys in the specified Region for the AWS account.

• List all existing values for the specified key in the specified Region for the AWS account.

To use resource groups tagging API operations, you must add the following permissions to your IAM policy:

• tag:GetResources

• tag:TagResources

• tag:UntagResources

• tag:GetTagKeys

• tag:GetTagValues

You'll also need permissions to access the resources of individual services so that you can tag and untag those resources.

For more information on IAM policies, see Managing IAM Policies in the IAM User Guide.

Services that support the Resource Groups Tagging API

You can use the Resource Groups Tagging API to tag resources for the following AWS services.

• Alexa for Business (a4b)

• API Gateway

• Amazon AppStream

• AWS AppSync

• AWS App Mesh

• Amazon Athena

• Amazon Aurora

• AWS Backup

• AWS Certificate Manager

• AWS Certificate Manager Private CA

• Amazon Cloud Directory

• AWS Cloud Map

• AWS CloudFormation

• Amazon CloudFront

• AWS CloudHSM

• AWS CloudTrail

• Amazon CloudWatch (alarms only)

• Amazon CloudWatch Events

• Amazon CloudWatch Logs

• Amazon Cloudwatch Synthetics

• AWS CodeBuild

• AWS CodeCommit

• AWS CodeGuru Profiler

• AWS CodePipeline

• AWS CodeStar

• AWS CodeStar Connections

• Amazon Cognito Identity

• Amazon Cognito User Pools

• Amazon Comprehend

• AWS Config

• Amazon Connect

• AWS Data Exchange

• AWS Data Pipeline

• AWS Database Migration Service

• AWS DataSync

• AWS Device Farm

• AWS Direct Connect

• AWS Directory Service

• Amazon DynamoDB

• Amazon EBS

• Amazon EC2

• EC2 Image Builder

• Amazon ECR

• Amazon ECS

• Amazon EKS

• AWS Elastic Beanstalk

• Amazon Elastic File System

• Elastic Load Balancing

• Amazon Elastic Inference

• Amazon ElastiCache

• Amazon Elasticsearch Service

• AWS Elemental MediaLive

• AWS Elemental MediaPackage

• AWS Elemental MediaPackage VoD

• AWS Elemental MediaTailor

• Amazon EMR

• Amazon EventBridge Schema

• AWS Firewall Manager

• Amazon Forecast

• Amazon Fraud Detector

• Amazon FSx

• Amazon S3 Glacier

• AWS Global Accelerator

• AWS Ground Station

• AWS Glue

• Amazon GuardDuty

• Amazon Inspector

• Amazon Interactive Video Service

• AWS IoT Analytics

• AWS IoT Core

• AWS IoT Device Defender

• AWS IoT Device Management

• AWS IoT Events

• AWS IoT Greengrass

• AWS IoT 1-Click

• AWS IoT Sitewise

• AWS IoT Things Graph

• Amazon Kendra

• AWS Key Management Service

• Amazon Kinesis

• Amazon Kinesis Data Analytics

• Amazon Kinesis Data Firehose

• AWS Lambda

• Amazon Lex

• AWS License Manager

• Amazon Lightsail

• Amazon Macie

• Amazon Machine Learning

• Amazon MQ

• Amazon MSK

• Amazon MSK

• Amazon Neptune

• AWS Network Manager

• AWS OpsWorks

• AWS OpsWorks CM

• AWS Organizations

• Amazon Pinpoint

• Amazon Quantum Ledger Database (QLDB)

• Amazon RDS

• Amazon Redshift

• AWS Resource Access Manager

• AWS Resource Groups

• AWS RoboMaker

• Amazon Route 53

• Amazon Route 53 Resolver

• Amazon S3 (buckets only)

• Amazon SageMaker

• Savings Plans

• AWS Secrets Manager

• AWS Security Hub

• AWS Service Catalog

• Amazon Simple Email Service (SES)

• Amazon Simple Notification Service (SNS)

• Amazon Simple Queue Service (SQS)

• Amazon Simple Workflow Service

• AWS Step Functions

• AWS Storage Gateway

• AWS Systems Manager

• AWS Transfer for SFTP

• Amazon VPC

• AWS WAF

• AWS WAF Regional

• Amazon WorkLink

• Amazon WorkSpaces

Field Summary

Fields inherited from class com.amazonaws.AmazonWebServiceClient

LOGGING_AWS_REQUEST_METRIC

Fields inherited from interface com.amazonaws.services.resourcegroupstaggingapi.AWSResourceGroupsTaggingAPI

ENDPOINT_PREFIX

Method Summary

Modifier and Type	Method and Description
static AWSResourceGroupsTaggingAPIClientBuilder	builder()
DescribeReportCreationResult	describeReportCreation(DescribeReportCreationRequest request) Describes the status of the StartReportCreation operation.
ResponseMetadata	getCachedResponseMetadata(AmazonWebServiceRequest request) Returns additional metadata for a previously executed successful, request, typically used for debugging issues where a service isn't acting as expected.
GetComplianceSummaryResult	getComplianceSummary(GetComplianceSummaryRequest request) Returns a table that shows counts of resources that are noncompliant with their tag policies.
GetResourcesResult	getResources(GetResourcesRequest request) Returns all the tagged or previously tagged resources that are located in the specified Region for the AWS account.
GetTagKeysResult	getTagKeys(GetTagKeysRequest request) Returns all tag keys in the specified Region for the AWS account.
GetTagValuesResult	getTagValues(GetTagValuesRequest request) Returns all tag values for the specified key in the specified Region for the AWS account.
void	shutdown() Shuts down this client object, releasing any resources that might be held open.
StartReportCreationResult	startReportCreation(StartReportCreationRequest request) Generates a report that lists all tagged resources in accounts across your organization and tells whether each resource is compliant with the effective tag policy.
TagResourcesResult	tagResources(TagResourcesRequest request) Applies one or more tags to the specified resources.
UntagResourcesResult	untagResources(UntagResourcesRequest request) Removes the specified tags from the specified resources.

Methods inherited from class com.amazonaws.AmazonWebServiceClient

addRequestHandler, addRequestHandler, configureRegion, getClientConfiguration, getEndpointPrefix, getMonitoringListeners, getRequestMetricsCollector, getServiceName, getSignerByURI, getSignerOverride, getSignerRegionOverride, getTimeOffset, makeImmutable, removeRequestHandler, removeRequestHandler, setEndpoint, setEndpoint, setRegion, setServiceNameIntern, setSignerRegionOverride, setTimeOffset, withEndpoint, withRegion, withRegion, withTimeOffset

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

builder

public static AWSResourceGroupsTaggingAPIClientBuilder builder()

describeReportCreation

public DescribeReportCreationResult describeReportCreation(DescribeReportCreationRequest request)

Describes the status of the StartReportCreation operation.

You can call this operation only from the organization's master account and from the us-east-1 Region.

Specified by:

describeReportCreation in interface AWSResourceGroupsTaggingAPI

Parameters:

describeReportCreationRequest -

Returns:

Result of the DescribeReportCreation operation returned by the service.

Throws:

ConstraintViolationException - The request was denied because performing this operation violates a constraint.

Some of the reasons in the following list might not apply to this specific operation.

• You must meet the prerequisites for using tag policies. For information, see Prerequisites and Permissions for Using Tag Policies in the AWS Organizations User Guide.

• You must enable the tag policies service principal (tagpolicies.tag.amazonaws.com) to integrate with AWS Organizations For information, see EnableAWSServiceAccess.

• You must have a tag policy attached to the organization root, an OU, or an account.

InternalServiceException - The request processing failed because of an unknown error, exception, or failure. You can retry the request.

InvalidParameterException - This error indicates one of the following:

• A parameter is missing.

• A malformed string was supplied for the request parameter.

• An out-of-range value was supplied for the request parameter.

• The target ID is invalid, unsupported, or doesn't exist.

• You can't access the Amazon S3 bucket for report storage. For more information, see Additional Requirements for Organization-wide Tag Compliance Reports in the AWS Organizations User Guide.

ThrottledException - The request was denied to limit the frequency of submitted requests.

See Also:

AWS API Documentation

getComplianceSummary

public GetComplianceSummaryResult getComplianceSummary(GetComplianceSummaryRequest request)

Returns a table that shows counts of resources that are noncompliant with their tag policies.

For more information on tag policies, see Tag Policies in the AWS Organizations User Guide.

You can call this operation only from the organization's master account and from the us-east-1 Region.

Specified by:

getComplianceSummary in interface AWSResourceGroupsTaggingAPI

Parameters:

getComplianceSummaryRequest -

Returns:

Result of the GetComplianceSummary operation returned by the service.

Throws:

ConstraintViolationException - The request was denied because performing this operation violates a constraint.

Some of the reasons in the following list might not apply to this specific operation.

• You must meet the prerequisites for using tag policies. For information, see Prerequisites and Permissions for Using Tag Policies in the AWS Organizations User Guide.

• You must enable the tag policies service principal (tagpolicies.tag.amazonaws.com) to integrate with AWS Organizations For information, see EnableAWSServiceAccess.

• You must have a tag policy attached to the organization root, an OU, or an account.

InternalServiceException - The request processing failed because of an unknown error, exception, or failure. You can retry the request.

InvalidParameterException - This error indicates one of the following:

• A parameter is missing.

• A malformed string was supplied for the request parameter.

• An out-of-range value was supplied for the request parameter.

• The target ID is invalid, unsupported, or doesn't exist.

• You can't access the Amazon S3 bucket for report storage. For more information, see Additional Requirements for Organization-wide Tag Compliance Reports in the AWS Organizations User Guide.

ThrottledException - The request was denied to limit the frequency of submitted requests.

See Also:

AWS API Documentation

getResources

public GetResourcesResult getResources(GetResourcesRequest request)

Returns all the tagged or previously tagged resources that are located in the specified Region for the AWS account.

Depending on what information you want returned, you can also specify the following:

• Filters that specify what tags and resource types you want returned. The response includes all tags that are associated with the requested resources.

• Information about compliance with the account's effective tag policy. For more information on tag policies, see Tag Policies in the AWS Organizations User Guide.

You can check the PaginationToken response parameter to determine if a query is complete. Queries occasionally return fewer results on a page than allowed. The PaginationToken response parameter value is null only when there are no more results to display.

Specified by:

getResources in interface AWSResourceGroupsTaggingAPI

Parameters:

getResourcesRequest -

Returns:

Result of the GetResources operation returned by the service.

Throws:

InvalidParameterException - This error indicates one of the following:

• A parameter is missing.

• A malformed string was supplied for the request parameter.

• An out-of-range value was supplied for the request parameter.

• The target ID is invalid, unsupported, or doesn't exist.

• You can't access the Amazon S3 bucket for report storage. For more information, see Additional Requirements for Organization-wide Tag Compliance Reports in the AWS Organizations User Guide.

ThrottledException - The request was denied to limit the frequency of submitted requests.

InternalServiceException - The request processing failed because of an unknown error, exception, or failure. You can retry the request.

PaginationTokenExpiredException - A PaginationToken is valid for a maximum of 15 minutes. Your request was denied because the specified PaginationToken has expired.

See Also:

AWS API Documentation

getTagKeys

public GetTagKeysResult getTagKeys(GetTagKeysRequest request)

Returns all tag keys in the specified Region for the AWS account.

Specified by:

getTagKeys in interface AWSResourceGroupsTaggingAPI

Parameters:

getTagKeysRequest -

Returns:

Result of the GetTagKeys operation returned by the service.

Throws:

InvalidParameterException - This error indicates one of the following:

• A parameter is missing.

• A malformed string was supplied for the request parameter.

• An out-of-range value was supplied for the request parameter.

• The target ID is invalid, unsupported, or doesn't exist.

• You can't access the Amazon S3 bucket for report storage. For more information, see Additional Requirements for Organization-wide Tag Compliance Reports in the AWS Organizations User Guide.

ThrottledException - The request was denied to limit the frequency of submitted requests.

InternalServiceException - The request processing failed because of an unknown error, exception, or failure. You can retry the request.

PaginationTokenExpiredException - A PaginationToken is valid for a maximum of 15 minutes. Your request was denied because the specified PaginationToken has expired.

See Also:

AWS API Documentation

getTagValues

public GetTagValuesResult getTagValues(GetTagValuesRequest request)

Returns all tag values for the specified key in the specified Region for the AWS account.

Specified by:

getTagValues in interface AWSResourceGroupsTaggingAPI

Parameters:

getTagValuesRequest -

Returns:

Result of the GetTagValues operation returned by the service.

Throws:

InvalidParameterException - This error indicates one of the following:

• A parameter is missing.

• A malformed string was supplied for the request parameter.

• An out-of-range value was supplied for the request parameter.

• The target ID is invalid, unsupported, or doesn't exist.

• You can't access the Amazon S3 bucket for report storage. For more information, see Additional Requirements for Organization-wide Tag Compliance Reports in the AWS Organizations User Guide.

ThrottledException - The request was denied to limit the frequency of submitted requests.

InternalServiceException - The request processing failed because of an unknown error, exception, or failure. You can retry the request.

PaginationTokenExpiredException - A PaginationToken is valid for a maximum of 15 minutes. Your request was denied because the specified PaginationToken has expired.

See Also:

AWS API Documentation

startReportCreation

public StartReportCreationResult startReportCreation(StartReportCreationRequest request)

Generates a report that lists all tagged resources in accounts across your organization and tells whether each resource is compliant with the effective tag policy. Compliance data is refreshed daily.

The generated report is saved to the following location:

s3://example-bucket/AwsTagPolicies/o-exampleorgid/YYYY-MM-ddTHH:mm:ssZ/report.csv

You can call this operation only from the organization's master account and from the us-east-1 Region.

Specified by:

startReportCreation in interface AWSResourceGroupsTaggingAPI

Parameters:

startReportCreationRequest -

Returns:

Result of the StartReportCreation operation returned by the service.

Throws:

ConcurrentModificationException - The target of the operation is currently being modified by a different request. Try again later.

ConstraintViolationException - The request was denied because performing this operation violates a constraint.

Some of the reasons in the following list might not apply to this specific operation.

• You must meet the prerequisites for using tag policies. For information, see Prerequisites and Permissions for Using Tag Policies in the AWS Organizations User Guide.

• You must enable the tag policies service principal (tagpolicies.tag.amazonaws.com) to integrate with AWS Organizations For information, see EnableAWSServiceAccess.

• You must have a tag policy attached to the organization root, an OU, or an account.

InternalServiceException - The request processing failed because of an unknown error, exception, or failure. You can retry the request.

InvalidParameterException - This error indicates one of the following:

• A parameter is missing.

• A malformed string was supplied for the request parameter.

• An out-of-range value was supplied for the request parameter.

• The target ID is invalid, unsupported, or doesn't exist.

• You can't access the Amazon S3 bucket for report storage. For more information, see Additional Requirements for Organization-wide Tag Compliance Reports in the AWS Organizations User Guide.

ThrottledException - The request was denied to limit the frequency of submitted requests.

See Also:

AWS API Documentation

tagResources

public TagResourcesResult tagResources(TagResourcesRequest request)

Applies one or more tags to the specified resources. Note the following:

• Not all resources can have tags. For a list of services that support tagging, see this list.

• Each resource can have up to 50 tags. For other limits, see Tag Naming and Usage Conventions in the AWS General Reference.

• You can only tag resources that are located in the specified Region for the AWS account.

• To add tags to a resource, you need the necessary permissions for the service that the resource belongs to as well as permissions for adding tags. For more information, see this list.

Do not store personally identifiable information (PII) or other confidential or sensitive information in tags. We use tags to provide you with billing and administration services. Tags are not intended to be used for private or sensitive data.

Specified by:

tagResources in interface AWSResourceGroupsTaggingAPI

Parameters:

tagResourcesRequest -

Returns:

Result of the TagResources operation returned by the service.

Throws:

InvalidParameterException - This error indicates one of the following:

• A parameter is missing.

• A malformed string was supplied for the request parameter.

• An out-of-range value was supplied for the request parameter.

• The target ID is invalid, unsupported, or doesn't exist.

• You can't access the Amazon S3 bucket for report storage. For more information, see Additional Requirements for Organization-wide Tag Compliance Reports in the AWS Organizations User Guide.

ThrottledException - The request was denied to limit the frequency of submitted requests.

InternalServiceException - The request processing failed because of an unknown error, exception, or failure. You can retry the request.

See Also:

AWS API Documentation

untagResources

public UntagResourcesResult untagResources(UntagResourcesRequest request)

Removes the specified tags from the specified resources. When you specify a tag key, the action removes both that key and its associated value. The operation succeeds even if you attempt to remove tags from a resource that were already removed. Note the following:

• To remove tags from a resource, you need the necessary permissions for the service that the resource belongs to as well as permissions for removing tags. For more information, see this list.

• You can only tag resources that are located in the specified Region for the AWS account.

Specified by:

untagResources in interface AWSResourceGroupsTaggingAPI

Parameters:

untagResourcesRequest -

Returns:

Result of the UntagResources operation returned by the service.

Throws:

InvalidParameterException - This error indicates one of the following:

• A parameter is missing.

• A malformed string was supplied for the request parameter.

• An out-of-range value was supplied for the request parameter.

• The target ID is invalid, unsupported, or doesn't exist.

• You can't access the Amazon S3 bucket for report storage. For more information, see Additional Requirements for Organization-wide Tag Compliance Reports in the AWS Organizations User Guide.

ThrottledException - The request was denied to limit the frequency of submitted requests.

InternalServiceException - The request processing failed because of an unknown error, exception, or failure. You can retry the request.

See Also:

AWS API Documentation

getCachedResponseMetadata

public ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request)

Returns additional metadata for a previously executed successful, request, typically used for debugging issues where a service isn't acting as expected. This data isn't considered part of the result data returned by an operation, so it's available through this separate, diagnostic interface.

Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic information for an executed request, you should use this method to retrieve it as soon as possible after executing the request.

Specified by:

getCachedResponseMetadata in interface AWSResourceGroupsTaggingAPI

Parameters:

request - The originally executed request

Returns:

The response metadata for the specified request, or null if none is available.

shutdown

public void shutdown()

Description copied from class: AmazonWebServiceClient

Shuts down this client object, releasing any resources that might be held open. If this method is not invoked, resources may be leaked. Once a client has been shutdown, it should not be used to make any more requests.

Specified by:

shutdown in interface AWSResourceGroupsTaggingAPI

Overrides:

shutdown in class AmazonWebServiceClient