amazon-web-servicesboto

Can I programmatically find all untagged resources?


The Tag Editor in AWS's web console allows me to search for "All resource types" where a specific tag is not present. For example, I can list everything that is missing the tag "environment".

I'd like to run this as a periodic check, to enforce that no new untagged resources have been created. Some Boto code (running as a Lambda cron job) seems like a good fit. However, the Boto docs only show me how to look at a specific resource type (e.g. EC2 instances).

Is there any API for asking about tags in general? Or do I need to enumerate every resource type?


Solution

  • Just posting here if someone looks for the same question in the future.

    AWS Resource Group offers features like this. You can access Resource Group in AWS console through https://console.aws.amazon.com/resource-groups/home. I didn't find how to use --tag-filters with unTagged value in CLI so used jq to filter out results.

    Here is a sample command to get all resources without Environment Tag.

    aws resourcegroupstaggingapi get-resources --tags-per-page 100 | jq '.ResourceTagMappingList[] | select(contains({Tags: [{Key: "environment"} ]}) | not)'
    

    Get Resource through resourcegroupstaggingapi reference - https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html

    For more information about Resource Group API, Please visit https://docs.aws.amazon.com/resourcegroupstagging/latest/APIReference/API_GetResources.html