{"slug":"iam-aws-tag","cloud":"aws","service":"tag","title":"AWS Tag (IAM)","description":"AWS Tag service enables you to manage tags on AWS resources for cost allocation, access control, and resource organization.","category":"management","common_permissions":["tag:GetResources","tag:GetTagKeys","tag:GetTagValues","tag:TagResources","tag:UntagResources","tag:GetComplianceSummary","tag:ListRequiredTags","tag:DescribeReportCreation"],"least_privilege_example":"{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"tag:GetResources\",\n        \"tag:GetTagKeys\",\n        \"tag:GetTagValues\",\n        \"tag:TagResources\",\n        \"tag:UntagResources\",\n        \"tag:GetComplianceSummary\",\n        \"tag:ListRequiredTags\",\n        \"tag:DescribeReportCreation\"\n      ],\n      \"Resource\": \"*\"\n    }\n  ]\n}","warnings":["Avoid tag:TagResources and tag:UntagResources on all resources — can modify tags on critical resources affecting cost tracking and access policies","Avoid tag:* — grants full control over tagging, which can be used to bypass resource-based policies or cost allocation"],"docs":"https://servicereference.us-east-1.amazonaws.com/v1/tag/tag.json","tags":["iam","aws"],"last_verified":"2026-06-14T00:00:00.000Z","next_check":"2026-12-11T00:00:00.000Z","created_at":"2026-06-14T04:51:18.801Z","updated_at":"2026-06-14T04:51:18.801Z"}