New user sign up using AWS Builder ID
New user sign up using AWS Builder ID is currently unavailable on re:Post. To sign up, please use the AWS Management Console instead.
How do I tag Amazon ECS resources for cost tracking and compliance?
I want to tag my Amazon Elastic Container Service (Amazon ECS) resources to track costs and compliance.
Short description
Use tags to assign custom metadata to your Amazon ECS resources.
Resolution
Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshooting errors for the AWS CLI. Also, make sure that you're using the most recent AWS CLI version.
Activate resource tagging authorization at the account level
To use and create a tag when you create a cluster or service, you must have ecs:TagResource permissions. You must also have permissions for the actions that are required to create the resource, such as ecsCreateCluster.
To view the current tagging authorization status at the AWS account level, run the following list-account-settings AWS CLI command:
aws ecs list-account-settings --effective-settings
In the command's output, check whether you activated tagging authorization. If you didn't activate tagging authorization, then run the following put-account-setting-default command to activate it:
aws ecs put-account-setting-default --name tagResourceAuthorization --value on --region regionname
Note: Replace regionname with your AWS Region.
Use the correct ARN format
To tag Amazon ECS resources, you must use the new ARN and ID formats. You might need to migrate your Amazon ECS deployment to the new ARN and resource ID format.
Verify that the IAM entity has the required permissions and check tags restrictions
If you can't add tags to your Amazon ECS service, then make sure that your AWS Identity and Access Management (IAM) entity has the required permissions. For information, see the Verify that the IAM entity has the required permissions and check tags restrictions section in How do I troubleshoot tagging issues for Amazon ECS tasks?
Use Amazon ECS managed tags for billing
Activate the enableECSManagedTags parameter
When you use Amazon ECS managed tags, Amazon ECS automatically tags all newly launched tasks with the cluster information and task definition or service tags. Amazon ECS also tags Amazon Elastic Block Service (Amazon EBS) volumes that are attached to the tasks. The PropagateTags parameter isn't activated by default. To copy tags from the task definition or service to the task, activate the parameter.
To activate the enableECSManagedTags parameter when you create a service, run the following create-service command:
aws ecs create-service \ --cluster clustername \ --service-name servicename \ --task-definition taskdefinitionname \ --desired-count 1 \ --launch-type FARGATE \ --enable-ecs-managed-tags \ --network-configuration "awsvpcConfiguration={subnets=[subnet-ABCD],securityGroups=[sg-ABC],assignPublicIp=ENABLED}"
Note: Replace clustername with your cluster name, servicename with your service name, and taskdefinitionname with your task definition name. Add your network configuration to the --network-configuration option.
To activate the enableECSManagedTags parameter when you run a task, run the following run-task command:
aws ecs run-task \ --cluster clustername \ --task-definition taskdefinitionname \ --launch-type FARGATE \ --enable-ecs-managed-tags \ --network-configuration "awsvpcConfiguration={subnets=[subnet-ABC],securityGroups=[sg-ABC]}"
Note: Replace clustername with your cluster name, and taskdefinitionname with your task definition name. Add your network configuration to the --network-configuration option.
Activate Amazon ECS managed tags
Use either the Amazon ECS console or AWS CLI to activate managed tags.
Amazon ECS console
Complete the following steps:
- Open the Amazon ECS console.
- Select the Region for your Amazon ECS resource.
- In the navigation pane, choose Task definitions.
- Select the task definition from the resource list, and then choose Actions.
- Choose Create service or Run task.
- Under Task tagging configuration, select Enable ECS managed tags.
Note: To copy tags from the task definition or service to the task, for Propagate tags from, select your resource. By default, the PropagateTags parameter is set to Do not propagate.
AWS CLI
Run the following update-service command:
aws ecs update-service --cluster clustername --service servicename --enable-ecs-managed-tags --force-new-deployment
Note: Replace servicename with your service name, and clustername with your cluster name.
Set up tag propagation
Tag propagation is deactivated by default. To check whether you activated PropagateTags in a specific service, run the following describe-services command:
aws ecs describe-services --services servicename --cluster clustername --region region --query 'services[*].propagateTags' --output text
Note: Replace servicename with your service name, clustername with your cluster name, and region with your Region.
To add tag propagation when you create a service, run the following create-service command:
aws ecs create-service \ --cluster clustername \ --service-name servicename \ --task-definition taskdefinitionname \ --desired-count 1 \ --launch-type FARGATE \ --enable-ecs-managed-tags \ --propagate-tags TASK_DEFINITION-SERVICE \ --network-configuration "awsvpcConfiguration={subnets=[subnet-ABCD],securityGroups=[sg-ABC],assignPublicIp=ENABLED}"
Note: Replace clustername with your cluster name, servicename with your service name, and taskdefinitionname with your task definition. Also, replace FARGATE with your launch type, and TASK_DEFINITION-SERVICE with TASK_DEFINITION or SERVICE based on where you want to propagate tasks. Add your network configuration to the --network-configuration option.
To add tag propagation when you run a task, run the following run-task command:
aws ecs run-task \ --cluster clustername \ --task-definition taskdefinitionname \ --launch-type FARGATE \ --enable-ecs-managed-tags \ --propagate-tags TASK_DEFINITION-SERVICE \ --network-configuration "awsvpcConfiguration={subnets=[subnet-ABC],securityGroups=[sg-ABC]}"
Note: Replace clustername with your cluster name, and taskdefinitionname with your task definition. Also, replace FARGATE with your launch type, and TASK_DEFINITION-SERVICE with TASK_DEFINITION or SERVICE based on where you want to propagate tasks. Add your network configuration to the --network-configuration option.
To add tag propagation to an existing service, run the following update-service command:
aws ecs update-service --cluster clustername --service servicename --propagate-tags servicetagdefinition --force-new-deployment
Note: Replace servicename with your service name, clustername with your cluster name, and servicetagdefinition with your service or tag definition.
You must activate cost allocation tags so that they appear on your billing report.
Note: It can take up to 24 hours for tags to activate.
Related information

Relevant content
- Accepted Answerasked a year agolg...
- asked a year agolg...
- Accepted Answerasked 10 months agolg...
- asked 6 years agolg...
- asked 4 months agolg...
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated 2 years ago