Skip to content
This repository has been archived by the owner on Jun 15, 2023. It is now read-only.

Latest commit

 

History

History
79 lines (55 loc) · 4.49 KB

concepts-tagging.md

File metadata and controls

79 lines (55 loc) · 4.49 KB
Raw

Tagging in Step Functions

AWS Step Functions supports tagging of state machines (both Standard and Express) and activities. This can help you track and manage the costs associated with your resources, and provide better security in your AWS Identity and Access Management (IAM) policies. Tagging Step Functions resources allows them to be managed by AWS Resource Groups. For more information on Resource Groups, see the AWS Resource Groups User Guide.

To review the restrictions related to resource tagging, see Restrictions related to tagging.

Topics

Tagging for Cost Allocation

To organize and identify your Step Functions resources for cost allocation, you can add metadata tags that identify the purpose of a state machine or activity. This is especially useful when you have many resources. You can use cost allocation tags to organize your AWS bill to reflect your own cost structure. To do this, sign up to get your AWS account bill to include the tag keys and values. For more information, see Setting Up a Monthly Cost Allocation Report in the AWS Billing User Guide.

For example, you could add tags that represent the cost center and purpose of your Step Functions resources, as follows.

[See the AWS documentation website for more details]

This tagging scheme allows you to group two state machines performing related tasks in the same cost center, while tagging an unrelated activity with a different cost allocation tag.

Tagging for Security

IAM supports controlling access to resources based on tags. To control access based on tags, provide information about your resource tags in the condition element of an IAM policy.

For example, you could restrict access to all Step Functions resources that include a tag with the key environment and the value production.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Deny",
            "Action": [
                "states:TagResource",
                "states:DeleteActivity",
                "states:DeleteStateMachine",
                "states:StopExecution"
            ],
            "Resource": "*",
            "Condition": {
                "StringEquals": {"aws:ResourceTag/environment": "production"}
            }
        }
    ]
}

For more information, see Controlling Access Using Tags in the IAM User Guide.

Viewing and Managing Tags in the Step Functions Console

Step Functions allows you to view and manage the tags for your state machines in the Step Functions console. From the Details page of a state machine, select Tags. Here, you can view the existing tags associated with your state machine.

Note
To manage tags for activites, see Manage Tags with Step Functions API Actions.

To add or delete tags that are associated with your state machine, select the Manage Tags button.

  1. Browse to the details page of a state machine.

  2. Select Tags, next to Executions and Definition.

  3. Choose Manage tags.

    • To modify existing tags, edit the Key and Value.
    • To remove existing tags, choose Remove tag.
    • To add a new tag, choose Add tag and enter a Key and Value.

  4. Choose Save.

Manage Tags with Step Functions API Actions

To manage tags using the Step Functions API, use the following API actions: