Amazon Web Services (AWS) resources tags are metadata labels with keys and optional values used to categorize and manage resources.

Why is this an issue?

Proper tagging enhances resource discovery, lifecycle management, and overall productivity within the AWS environment. If tags do not comply with the AWS format, it can lead to confusion and inefficiency in managing resources, as well as unexpected behavior of the system.

AWS resource tags should comply with the format stated in AWS documentation. That is, tag keys should:

• Be between 1 and 128 characters long
• Consist of Unicode letters, digits, white spaces, and the following characters: _ . : / = + - @ "
• Not start with aws:

How to fix it

Code examples

Noncompliant code example

AWSTemplateFormatVersion: 2010-09-09
Resources:
  S3Bucket:
    Type: 'AWS::S3::Bucket'
    Properties:
      BucketName: "mybucketname"
      Tags:
        - Key: "anycompany;cost-center" # Noncompliant, semicolon is not allowed
          Value: "Accounting"
        - Key: "anycompany:~EnvironmentType~" # Noncompliant, tilde is not allowed
          Value: "PROD"

Compliant solution

AWSTemplateFormatVersion: 2010-09-09
Resources:
  S3Bucket:
    Type: 'AWS::S3::Bucket'
    Properties:
      BucketName: "mybucketname"
      Tags:
        - Key: "anycompany:cost-center"
          Value: "Accounting"
        - Key: "anycompany:EnvironmentType"
          Value: "PROD"

Resources

Documentation

• AWS resource tags