Supported Resource Types¶
This reference shows every AWS resource type TagOps can currently discover, scan, tag, and automate against. Each entry maps directly to the backend worker responsible for that resource. When new workers ship, this table automatically expands to include the new resource types.
| AWS Service | AWS Resource | AWS CloudFormation Resource Type | TagOps Resource Type |
|---|---|---|---|
| AWS Certificate Manager | Certificate | AWS::CertificateManager::Certificate | acm:certificate |
| AWS CloudTrail | Dashboard | AWS::CloudTrail::Dashboard | cloudtrail:dashboard |
| AWS CloudTrail | Event DataStore | AWS::CloudTrail::EventDataStore | cloudtrail:eventdatastore |
| AWS CloudTrail | Trail | AWS::CloudTrail::Trail | cloudtrail:trail |
| AWS CodeArtifact | Domain | AWS::CodeArtifact::Domain | codeartifact:domain |
| AWS CodeArtifact | Repository | AWS::CodeArtifact::Repository | codeartifact:repository |
| AWS CodeBuild | Project | AWS::CodeBuild::Project | codebuild:project |
| AWS CodeConnections | Connection | AWS::CodeConnections::Connection | codeconnections:connection |
| AWS CodeConnections | Host | AWS::CodeConnections::Host | codeconnections:host |
| AWS CodeDeploy | Application | AWS::CodeDeploy::Application | codedeploy:application |
| AWS CodeDeploy | Instance | AWS::CodeDeploy::Instance | codedeploy:instance |
| AWS CodePipeline | Pipeline | AWS::CodePipeline::Pipeline | codepipeline:pipeline |
| AWS CodePipeline | Webhook | AWS::CodePipeline::Webhook | codepipeline:webhook |
| AWS Config | Config Rule | AWS::Config::ConfigRule | config:config-rule |
| AWS Glue | Blueprint | AWS::Glue::Blueprint | glue:blueprint |
| AWS Glue | Connection | AWS::Glue::Connection | glue:connection |
| AWS Glue | Crawler | AWS::Glue::Crawler | glue:crawler |
| AWS Glue | Data Quality Ruleset | AWS::Glue::DataQualityRuleset | glue:data-quality-rule |
| AWS Glue | Database | AWS::Glue::Database | glue:database |
| AWS Glue | Job | AWS::Glue::Job | glue:job |
| AWS Glue | Session | AWS::Glue::Session | glue:session |
| AWS Glue | Trigger | AWS::Glue::Trigger | glue:trigger |
| AWS Glue | UsageProfile | AWS::Glue::UsageProfile | glue:usage-profile |
| AWS Glue | Workflow | AWS::Glue::Workflow | glue:workflow |
| AWS Identity and Access Management (IAM) | Instance Profile | AWS::IAM::InstanceProfile | iam:instance-profile |
| AWS Identity and Access Management (IAM) | ManagedPolicy | AWS::IAM::ManagedPolicy | iam:policy |
| AWS Identity and Access Management (IAM) | Role | AWS::IAM::Role | iam:role |
| AWS Identity and Access Management (IAM) | User | AWS::IAM::User | iam:user |
| AWS Key Management Service (KMS) | Key | AWS::KMS::Key | kms:key |
| AWS Lambda | Function | AWS::Lambda::Function | lambda:function |
| AWS Security Hub | AutomationRule | AWS::SecurityHub::AutomationRule | securityhub:automation-rule |
| AWS Security Hub | Hub | AWS::SecurityHub::Hub | securityhub:hub |
| AWS Security Hub | HubV2 | AWS::SecurityHub::HubV2 | securityhub:hubv2 |
| AWS Systems Manager | Document | AWS::SSM::Document | ssm:document |
| AWS Systems Manager | Maintenance Window | AWS::SSM::MaintenanceWindow | ssm:maintenancewindow |
| AWS Systems Manager | Parameter | AWS::SSM::Parameter | ssm:parameter |
| AWS Systems Manager | Patch Baseline | AWS::SSM::PatchBaseline | ssm:patchbaseline |
| Amazon API Gateway | Key | AWS::ApiGateway::ApiKey | apigateway:apikeys |
| Amazon API Gateway | Clientcertificate | AWS::ApiGateway::ClientCertificate | apigateway:clientcertificates |
| Amazon API Gateway | Domain Name | AWS::ApiGateway::DomainName, AWS::ApiGateway::DomainNameV2 | apigateway:domainnames |
| Amazon API Gateway | RestAPI | AWS::ApiGateway::RestApi | apigateway:restapis |
| Amazon API Gateway | Usage Plan | AWS::ApiGateway::UsagePlan | apigateway:usageplans |
| Amazon API Gateway | VPC Link | AWS::ApiGateway::VpcLink | apigateway:vpclinks |
| Amazon API Gateway V2 | API | AWS::ApiGatewayV2::Api | apigateway:apis |
| Amazon API Gateway V2 | Domain Name | AWS::ApiGatewayV2::DomainName | apigateway:domainnames |
| Amazon API Gateway V2 | VPC Link | AWS::ApiGatewayV2::VpcLink | apigateway:vpclinks |
| Amazon Athena | Data Catalog | AWS::Athena::DataCatalog | athena:datacatalog |
| Amazon Athena | Work Group | AWS::Athena::WorkGroup | athena:workgroup |
| Amazon Bedrock | Agent | AWS::Bedrock::Agent | bedrock:agent |
| Amazon Bedrock | Flow | AWS::Bedrock::Flow | bedrock:flow |
| Amazon Bedrock | Guardrail | AWS::Bedrock::Guardrail | bedrock:guardrail |
| Amazon Bedrock | KnowledgeBase | AWS::Bedrock::KnowledgeBase | bedrock:knowledge-base |
| Amazon Bedrock | Prompt | AWS::Bedrock::Prompt | bedrock:prompt |
| Amazon CloudFront | Distribution | AWS::CloudFront::Distribution | cloudfront:distribution |
| Amazon CloudWatch Logs | LogGroup | AWS::Logs::LogGroup | logs:log-group |
| Amazon CloudWatch Synthetics | Canary | AWS::Synthetics::Canary | synthetics:canary |
| Amazon Cognito | Identity Pools | AWS::Cognito::IdentityPool | cognito-identity:identitypool |
| Amazon Cognito | User Pools | AWS::Cognito::UserPool | cognito-idp:userpool |
| Amazon DAX | Cache Cluster | AWS::DAX::Cluster | dax:cache |
| Amazon DynamoDB | Table | AWS::DynamoDB::Table | dynamodb:table |
| Amazon EC2 | EIP | AWS::EC2::EIP | ec2:address |
| Amazon EC2 | Carrier Gateway | AWS::EC2::CarrierGateway | ec2:carrier-gateway |
| Amazon EC2 | Customer Gateway | AWS::EC2::CustomerGateway | ec2:customer-gateway |
| Amazon EC2 | DHCP Options | AWS::EC2::DHCPOptions | ec2:dhcp-options |
| Amazon EC2 | Egress Only Internet Gateway | AWS::EC2::EgressOnlyInternetGateway | ec2:egress-only-internet-gateway |
| Amazon EC2 | EC2 Fleet | AWS::EC2::EC2Fleet | ec2:fleet |
| Amazon EC2 | FlowLog | AWS::EC2::FlowLog | ec2:flow-log |
| Amazon EC2 | Image | AWS::EC2::Image | ec2:image |
| Amazon EC2 | Instance | AWS::EC2::Instance | ec2:instance |
| Amazon EC2 | Internet Gateway | AWS::EC2::InternetGateway | ec2:internet-gateway |
| Amazon EC2 | IPAM | AWS::EC2::IPAM | ec2:ipam |
| Amazon EC2 | IPAM Pool | AWS::EC2::IPAMPool | ec2:ipam-pool |
| Amazon EC2 | KeyPair | AWS::EC2::KeyPair | ec2:key-pair |
| Amazon EC2 | Launch Template | AWS::EC2::LaunchTemplate | ec2:launch-template |
| Amazon EC2 | NAT Gateway | AWS::EC2::NatGateway | ec2:nat-gateway |
| Amazon EC2 | Network ACL | AWS::EC2::NetworkAcl | ec2:network-acl |
| Amazon EC2 | Network Interface (ENI) | AWS::EC2::NetworkInterface | ec2:network-interface |
| Amazon EC2 | Prefix List | AWS::EC2::PrefixList | ec2:prefix-list |
| Amazon EC2 | Route Table | AWS::EC2::RouteTable | ec2:route-table |
| Amazon EC2 | Security Group | AWS::EC2::SecurityGroup | ec2:security-group |
| Amazon EC2 | Snapshot | AWS::EC2::Snapshot | ec2:snapshot |
| Amazon EC2 | Spot Fleet | AWS::EC2::SpotFleet | ec2:spot-fleet |
| Amazon EC2 | Spot Instance Request | AWS::EC2::SpotInstanceRequest | ec2:spot-instances-request |
| Amazon EC2 | Subnet | AWS::EC2::Subnet | ec2:subnet |
| Amazon EC2 | Transit Gateway | AWS::EC2::TransitGateway | ec2:transit-gateway |
| Amazon EC2 | Transit Gateway Attachment | AWS::EC2::TransitGatewayAttachment | ec2:transit-gateway-attachment |
| Amazon EC2 | Transit Gateway Route Table | AWS::EC2::TransitGatewayRouteTable | ec2:transit-gateway-route-table |
| Amazon EC2 | Volume | AWS::EC2::Volume | ec2:volume |
| Amazon EC2 | VPC | AWS::EC2::VPC | ec2:vpc |
| Amazon EC2 | VPC Endpoint | AWS::EC2::VPCEndpoint | ec2:vpc-endpoint |
| Amazon EC2 | VPC Endpoint Service | AWS::EC2::VPCEndpointService | ec2:vpc-endpoint-service |
| Amazon EC2 | VPC Peering Connection | AWS::EC2::VPCPeeringConnection | ec2:vpc-peering-connection |
| Amazon EC2 | VPNGateway | AWS::EC2::VPNGateway | ec2:vpn-gateway |
| Amazon ECR | Repository | AWS::ECR::Repository | ecr:repository |
| Amazon ECS | Cluster | AWS::ECS::Cluster | ecs:cluster |
| Amazon ECS | Service | AWS::ECS::Service | ecs:service |
| Amazon ECS | Task | AWS::ECS::Task | ecs:task |
| Amazon ECS | TaskDefinition | AWS::ECS::TaskDefinition | ecs:task-definition |
| Amazon EFS | FileSystem | AWS::EFS::FileSystem | elasticfilesystem:file-system |
| Amazon ElastiCache | ParameterGroup | AWS::ElastiCache::ParameterGroup | elasticache:parametergroup |
| Amazon ElastiCache | ReplicationGroup | AWS::ElastiCache::ReplicationGroup | elasticache:replicationgroup |
| Amazon ElastiCache | ReservedInstance | AWS::ElastiCache::ReservedInstance | elasticache:reserved-instance |
| Amazon ElastiCache | Serverless Cache | AWS::ElastiCache::ServerlessCache | elasticache:serverlesscache |
| Amazon ElastiCache | Subnet Group | AWS::ElastiCache::SubnetGroup | elasticache:subnetgroup |
| Amazon ElastiCache | User | AWS::ElastiCache::User | elasticache:user |
| Amazon ElastiCache | UserGroup | AWS::ElastiCache::UserGroup | elasticache:usergroup |
| Amazon EventBridge | Event Bus | AWS::Events::EventBus | events:event-bus |
| Amazon EventBridge | Rule | AWS::Events::Rule | events:rule |
| Amazon EventBridge | Pipe | AWS::Pipes::Pipe | pipes:pipe |
| Amazon EventBridge | Scheduler | AWS::Scheduler::ScheduleGroup | scheduler:schedule-group |
| Amazon EventBridge | Registry | AWS::EventSchemas::Registry | schemas:registry |
| Amazon EventBridge | Schema | AWS::EventSchemas::Schema | schemas:schema |
| Amazon Kinesis | Stream | AWS::Kinesis::Stream | kinesis:stream |
| Amazon RDS | DB Cluster | AWS::RDS::DBCluster | rds:cluster |
| Amazon RDS | DB Cluster Parameter Group | AWS::RDS::DBClusterParameterGroup | rds:cluster-pg |
| Amazon RDS | DB Cluster Snapshot | AWS::RDS::DBClusterSnapshot | rds:cluster-snapshot |
| Amazon RDS | DB Instance | AWS::RDS::DBInstance | rds:db |
| Amazon RDS | DB Proxy | AWS::RDS::DBProxy | rds:db-proxy |
| Amazon RDS | DB Option Group | AWS::RDS::OptionGroup | rds:og |
| Amazon RDS | DB Parameter Group | AWS::RDS::DBParameterGroup | rds:pg |
| Amazon RDS | DB Snapshot | AWS::RDS::DBSnapshot | rds:snapshot |
| Amazon Rekognition | Collection | AWS::Rekognition::Collection | rekognition:collection |
| Amazon Rekognition | Stream Processor | AWS::Rekognition::StreamProcessor | rekognition:streamprocessor |
| Amazon Route 53 | Health Check | AWS::Route53::HealthCheck | route53:healthcheck |
| Amazon Route 53 | HostedZone | AWS::Route53::HostedZone | route53:hostedzone |
| Amazon S3 | Bucket | AWS::S3::Bucket | s3:bucket |
| Amazon S3 Control | Job | AWS::S3::Job | s3control:job |
| Amazon SNS | Topic | AWS::SNS::Topic | sns:topic |
| Amazon SQS | Queue | AWS::SQS::Queue | sqs:queue |
| Amazon SageMaker | App | AWS::SageMaker::App | sagemaker:app |
| Amazon SageMaker | Auto ML Job | AWS::SageMaker::AutoMLJob | sagemaker:automl-job |
| Amazon SageMaker | Data Quality Job Definition | AWS::SageMaker::DataQualityJobDefinition | sagemaker:data-quality-job-definition |
| Amazon SageMaker | Domain | AWS::SageMaker::Domain | sagemaker:domain |
| Amazon SageMaker | Endpoint | AWS::SageMaker::Endpoint | sagemaker:endpoint |
| Amazon SageMaker | EndpointConfig | AWS::SageMaker::EndpointConfig | sagemaker:endpoint-config |
| Amazon SageMaker | Feature Group | AWS::SageMaker::FeatureGroup | sagemaker:feature-group |
| Amazon SageMaker | HyperParameter Tuning Job | AWS::SageMaker::HyperParameterTuningJob | sagemaker:hyper-parameter-tuning-job |
| Amazon SageMaker | Model | AWS::SageMaker::Model | sagemaker:model |
| Amazon SageMaker | Monitoring Schedule | AWS::SageMaker::MonitoringSchedule | sagemaker:monitoring-schedule |
| Amazon SageMaker | Notebook Instance | AWS::SageMaker::NotebookInstance | sagemaker:notebook-instance |
| Amazon SageMaker | Pipeline | AWS::SageMaker::Pipeline | sagemaker:pipeline |
| Amazon SageMaker | Processing Job | AWS::SageMaker::ProcessingJob | sagemaker:processing-job |
| Amazon SageMaker | Space | AWS::SageMaker::Space | sagemaker:space |
| Amazon SageMaker | Training Job | AWS::SageMaker::TrainingJob | sagemaker:training-job |
| Amazon SageMaker | Transform Job | AWS::SageMaker::TransformJob | sagemaker:transform-job |
| Amazon SageMaker | User Profile | AWS::SageMaker::UserProfile | sagemaker:user-profile |
| Elastic Load Balancing | Listener | AWS::ElasticLoadBalancingV2::Listener | elasticloadbalancing:listener |
| Elastic Load Balancing | LoadBalancer | AWS::ElasticLoadBalancing::LoadBalancer | elasticloadbalancing:loadbalancer |
| Elastic Load Balancing | LoadBalancer | AWS::ElasticLoadBalancingV2::LoadBalancer | elasticloadbalancing:loadbalancer |
| Elastic Load Balancing | TargetGroup | AWS::ElasticLoadBalancingV2::TargetGroup | elasticloadbalancing:target-group |
| Route 53 Profiles | Profile | AWS::Route53Profiles::Profile | route53profiles:profile |
| Route 53 Resolver | Resolver Endpoint | AWS::Route53Resolver::ResolverEndpoint | route53resolver:resolver-endpoint |
| Route 53 Resolver | Resolver QueryLogging Config | AWS::Route53Resolver::ResolverQueryLoggingConfig | route53resolver:resolver-query-log-config |
| Route 53 Resolver | Resolver Rule | AWS::Route53Resolver::ResolverRule | route53resolver:resolver-rule |
| Amazon Elastic Kubernetes Service (EKS) | Add-on | AWS::EKS::Addon | eks:addon |
| Amazon Elastic Kubernetes Service (EKS) | Cluster | AWS::EKS::Cluster | eks:cluster |
| Amazon Elastic Kubernetes Service (EKS) | Fargate Profile | AWS::EKS::FargateProfile | eks:fargateprofile |
| Amazon Elastic Kubernetes Service (EKS) | Managed Node Group | AWS::EKS::Nodegroup | eks:nodegroup |
| AWS Secrets Manager | Secret | AWS::SecretsManager::Secret | secretsmanager:secret |
| Amazon EC2 Auto Scaling | Group | AWS::AutoScaling::AutoScalingGroup | autoscaling:autoScalingGroup |
| AWS App Runner | Connection | AWS::AppRunner::Connection | apprunner:connection |
| AWS App Runner | Service | AWS::AppRunner::Service | apprunner:service |
| AWS App Runner | VPC Connector | AWS::AppRunner::VpcConnector | apprunner:vpcconnector |
| AWS App Runner | Vpc Ingress Connection | AWS::AppRunner::VpcIngressConnection | apprunner:vpcingressconnection |
| AWS AppSync | GraphQL API | AWS::AppSync::GraphQLApi | appsync:apis |
| AWS AppSync | Event API | AWS::AppSync::Api | appsync:apis |
| AWS AppSync | Domain Name | AWS::AppSync::DomainName | appsync:domainnames |
| AWS Step Functions | State Machine | AWS::StepFunctions::StateMachine | stepfunctions:stateMachine |
| AWS Step Functions | Activity | AWS::StepFunctions::Activity | stepfunctions:activity |
| AWS Batch | Compute Environment | AWS::Batch::ComputeEnvironment | batch:compute-environment |
| AWS Batch | Job | AWS::Batch::Job | batch:job |
| AWS Batch | JobDefinition | AWS::Batch::JobDefinition | batch:job-definition |
| AWS Batch | JobQueue | AWS::Batch::JobQueue | batch:job-queue |
| AWS Batch | Scheduling Policy | AWS::Batch::SchedulingPolicy | batch:scheduling-policy |
| Amazon FSx | File System | AWS::FSx::FileSystem | fsx:file-system |
| Amazon FSx | Volume | AWS::FSx::Volume | fsx:volume |
| Amazon FSx | Backup | AWS::FSx::Backup | fsx:backup |
| Amazon FSx | Snapshot | AWS::FSx::Snapshot | fsx:snapshot |
| Amazon FSx | Storage Virtual Machine | AWS::FSx::StorageVirtualMachine | fsx:storage-virtual-machine |
Need coverage for something missing? Contact the TagOps team and let us know which AWS resource type to prioritize. (You can submit a request via 'Support & Feedback' page in the console)