_courtesy_VERTICAL.jpg)
![[The AI Show Episode 145]: OpenAI Releases o3 and o4-mini, AI Is Causing “Quiet Layoffs,” Executive Order on Youth AI Education & GPT-4o’s Controversial Update](https://www.marketingaiinstitute.com/hubfs/ep%20145%20cover.png)
![[DEALS] Mail Backup X Individual Edition: Lifetime Subscription (72% off) & Other Deals Up To 98% Off – Offers End Soon!](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
![Apple Reports Q2 FY25 Earnings: $95.4 Billion in Revenue, $24.8 Billion in Net Income [Chart]](https://www.iclarified.com/images/news/97188/97188/97188-640.jpg)
![Apple Ships 55 Million iPhones, Claims Second Place in Q1 2025 Smartphone Market [Report]](https://www.iclarified.com/images/news/97185/97185/97185-640.jpg)
Bulk tagging AWS resources from a spreadsheet
While working on a project where I had to tag hundreds of AWS resources to meet compliance requirements, I knew right away that doing it in a spreadsheet would be the optimal experience. Use Terraform if you can If you're in a situation where you can use an infrastructure-as-code tool like Terraform to manage your tags, you should use that. The project I'm working on is in a very heterogenous environment where there are hundreds of scattered AWS resources, no access to repos even if the resources were Terraformed, DevOps is not my primary job responsibility, and getting the tagging done is critical for compliance purposes. If your situation also demands tagging resources directly in AWS, read on. Existing bulk tagging solutions AWS Tag Editor AWS provides a tool called Tag Editor, but that really only enables a "nuke it from orbit" level of tagging. If you have some tags that can apply to every single resource, Tag Editor is perfect, but when you need to apply different values based on the context from other tags, you'll often find yourself changing the tags of one object at a time. Tag Editor already provides a convenient "Export to CSV" button that allows you to see all tags for an object in convenient spreadsheet form. Wouldn't it be the perfect developer experience if that same spreadsheet could be uploaded back to AWS to change the tag values? Programmatic tools I found washingtonpost/aws-tagger and mpostument/awstaghelper. One issue I found with both of these bulk tagging solutions is that they use the default tagging API for each resource, which makes it so that the new tag list overwrites the existing tag list completely. Any and all tags that you didn't explicitly provide will be destroyed. This is problematic for two reasons: You risk permanently losing valuable metadata in existing tags You may not have the permissions to modify some tags, breaking your process. The best API to use for tagging is instead the resourcegroupstaggingapi, which only adds and updates tags, but doesn't delete them. Export-AwsTags Rather than try to fork and modify an existing solution, I found that it's possible to write a PowerShell function that achieves the desired effect in less than 20 lines of code: Export-AwsTags.psm1. Here's the full walkthrough: Copy and paste the contents of the gist into your PowerShell terminal or PowerShell profile file. If you feel that the full contents would clutter your profile, you can do a web import with: New-Module -Name Export-AwsTags -ScriptBlock ([Scriptblock]::Create((New-Object System.Net.WebClient).DownloadString("https://gist.github.com/panasenco/47a4f097bbfe263ad09a35f5defbbc64/raw/bce8bbe59105dcc0fe6bdc75a9e6826f40152c66/Export-AwsTags.psm1"))) In AWS Tag Editor, bulk download all tags for your desired resources. The file will be named resources.csv by default. It's best to change the name to be more descriptive. Also, create a backup of this original file so you have the original tag values in case anything goes wrong. (Optional) Reorder the columns with the convenience function Reorder-CsvColumns that's provided in the same file. This is completely optional but allows you to bring just the columns you care about to the front for easier editing. Reorder-CsvColumns -CsvPath ~\Downloads\resources.csv -FirstColumns @('ARN', 'Tag: My important tag 1', 'Tag: My important tag 2') -DefaultValue '(not tagged)' Note: If you get the error "The member is already present", you'll need to open up your file and check for columns that might have the same name but in different cases. PowerShell's Import-Csv won't be able to import the file, so you'll need to reconcile the duplicate columns in Excel before running Reorder-CsvColumns. Open the spreadsheet. You can now edit the values in Excel or your CSV editor of choice. Save when you're done. Ensure you have the AWS CLI installed, configured, and authenticated. Run Export-AwsTags. Note that you'll need to provide the exact list of tags you want updated, the rest of the tags won't be touched. You can also provide the name of the AWS profile to use if it's not default: Export-AwsTags -CsvPath ~\Downloads\resources.csv -ExportTags @('My important tag 1', 'My important tag 2') -AwsProfile dev You should now be all set! Double check your tags in AWS Console and/or by re-downloading the CSV from the Tag Editor. EC2 Auto Scaling Groups Some EC2 instances are constantly created and destroyed by auto scaling groups, making it pointless to tag those short-lived instances directly. Instead, the auto scaling group needs to be tagged. EC2 auto scaling groups don't show up at all in the AWS Tag Editor. The PowerShell module also comes with the function Import-AutoScalingGroupTags to bridge that gap. The function creates a CSV file that matches the formatting of a file you'd download from the Tag Editor: Import-AutoScalingGroupTags -CsvPath ~\Downloa
While working on a project where I had to tag hundreds of AWS resources to meet compliance requirements, I knew right away that doing it in a spreadsheet would be the optimal experience.
Use Terraform if you can
If you're in a situation where you can use an infrastructure-as-code tool like Terraform to manage your tags, you should use that. The project I'm working on is in a very heterogenous environment where there are hundreds of scattered AWS resources, no access to repos even if the resources were Terraformed, DevOps is not my primary job responsibility, and getting the tagging done is critical for compliance purposes. If your situation also demands tagging resources directly in AWS, read on.
Existing bulk tagging solutions
AWS Tag Editor
AWS provides a tool called Tag Editor, but that really only enables a "nuke it from orbit" level of tagging. If you have some tags that can apply to every single resource, Tag Editor is perfect, but when you need to apply different values based on the context from other tags, you'll often find yourself changing the tags of one object at a time.
Tag Editor already provides a convenient "Export to CSV" button that allows you to see all tags for an object in convenient spreadsheet form.
Wouldn't it be the perfect developer experience if that same spreadsheet could be uploaded back to AWS to change the tag values?
Programmatic tools
I found washingtonpost/aws-tagger and mpostument/awstaghelper.
One issue I found with both of these bulk tagging solutions is that they use the default tagging API for each resource, which makes it so that the new tag list overwrites the existing tag list completely. Any and all tags that you didn't explicitly provide will be destroyed. This is problematic for two reasons:
- You risk permanently losing valuable metadata in existing tags
- You may not have the permissions to modify some tags, breaking your process.
The best API to use for tagging is instead the resourcegroupstaggingapi, which only adds and updates tags, but doesn't delete them.
Export-AwsTags
Rather than try to fork and modify an existing solution, I found that it's possible to write a PowerShell function that achieves the desired effect in less than 20 lines of code: Export-AwsTags.psm1.
Here's the full walkthrough:
-
Copy and paste the contents of the gist into your PowerShell terminal or PowerShell profile file. If you feel that the full contents would clutter your profile, you can do a web import with:
New-Module -Name Export-AwsTags -ScriptBlock ([Scriptblock]::Create((New-Object System.Net.WebClient).DownloadString("https://gist.github.com/panasenco/47a4f097bbfe263ad09a35f5defbbc64/raw/bce8bbe59105dcc0fe6bdc75a9e6826f40152c66/Export-AwsTags.psm1"))) In AWS Tag Editor, bulk download all tags for your desired resources. The file will be named
resources.csvby default. It's best to change the name to be more descriptive. Also, create a backup of this original file so you have the original tag values in case anything goes wrong.-
(Optional) Reorder the columns with the convenience function
Reorder-CsvColumnsthat's provided in the same file. This is completely optional but allows you to bring just the columns you care about to the front for easier editing.
Reorder-CsvColumns -CsvPath ~\Downloads\resources.csv -FirstColumns @('ARN', 'Tag: My important tag 1', 'Tag: My important tag 2') -DefaultValue '(not tagged)'Note: If you get the error "The member is already present", you'll need to open up your file and check for columns that might have the same name but in different cases. PowerShell's Import-Csv won't be able to import the file, so you'll need to reconcile the duplicate columns in Excel before running
Reorder-CsvColumns. Open the spreadsheet. You can now edit the values in Excel or your CSV editor of choice. Save when you're done.
Ensure you have the AWS CLI installed, configured, and authenticated.
-
Run
Export-AwsTags. Note that you'll need to provide the exact list of tags you want updated, the rest of the tags won't be touched. You can also provide the name of the AWS profile to use if it's notdefault:
Export-AwsTags -CsvPath ~\Downloads\resources.csv -ExportTags @('My important tag 1', 'My important tag 2') -AwsProfile dev
You should now be all set! Double check your tags in AWS Console and/or by re-downloading the CSV from the Tag Editor.
EC2 Auto Scaling Groups
Some EC2 instances are constantly created and destroyed by auto scaling groups, making it pointless to tag those short-lived instances directly. Instead, the auto scaling group needs to be tagged.
EC2 auto scaling groups don't show up at all in the AWS Tag Editor. The PowerShell module also comes with the function Import-AutoScalingGroupTags to bridge that gap. The function creates a CSV file that matches the formatting of a file you'd download from the Tag Editor:
Import-AutoScalingGroupTags -CsvPath ~\Downloads\dev-asg-tags.csv -AwsProfile dev
After the CSV file is created, you can run Reorder-CsvColumns and Export-AwsTags on it as normal.
