If you want to add a tag to multiple Elastic Compute Service (ECS) resources that reside in the same region, you can use CloudOps Orchestration Service (OOS) to add the tag to the ECS resources at a time. This allows you to classify and manage ECS resources in a fine-grained manner. For example, you can collect cost statistics and perform O&M and monitoring on ECS resources. This topic describes how to use the OOS console to add tags to multiple ECS resources at a time.
Background information
You can use OOS custom templates to add a tag to multiple resources of ECS and other Alibaba Cloud services. For more information about the services that support tags, see ECS resources that support tags. In this topic, a custom template is created in OOS to add the owner:zhangsan tag to multiple ECS instances that reside in the same region.
The resources to which you want to add tags must reside in the same region.
Step 1: Create a custom policy and a RAM role
Create a Resource Access Management (RAM) role named OOSServiceRole for OOS and attach policies to the role.
Log on to the RAM console with an Alibaba Cloud account.
Create a custom policy named OOSAutoBindTag.
For more information, see Create custom policies. The following policy is created in this step.
NoteThis policy is used to grant permissions on ECS instances, and the permission in the policy is set to
ecs:DescribeInstances. You can set the permission based on your business requirements. For example, if you want to add a tag to multiple security groups, you can replaceecs:DescribeInstanceswithecs:DescribeSecurityGroups.{ "Version": "1", "Statement": [ { "Action": [ "ecs:DescribeInstances", "ecs:TagResources" ], "Resource": "*", "Effect": "Allow" } ] }Create a RAM role named OOSServiceRole.
For more information, see Create a RAM role for a trusted Alibaba Cloud service.
Attach the custom policy to the RAM role.
For more information, see Grant permissions to a RAM role. In this step, the OOSAutoBindTag custom policy is attached to the OOSServiceRole RAM role.
Attach the AliyunOOSFullAccess system policy to the OOSServiceRole RAM role.
Step 2: Create a custom template
Log on to the CloudOps Orchestration Service (OOS) console.
In the left-side navigation pane, choose .
In the top navigation bar, select the region and resource group to which the resource belongs.
Click Create Template.
Click the YAML tab to edit the template code. Sample code:
FormatVersion: OOS-2019-06-01 Description: Tag Resources Without The Specified Tags Parameters: tags: Type: Json Description: en: The tags to select ECS instances. AssociationProperty: Tags regionId: Type: String Description: en: The region to select ECS instances. OOSAssumeRole: Description: en: The RAM role to be assumed by OOS. Type: String Default: OOSServiceRole RamRole: OOSServiceRole Tasks: - Name: getInstancesByTags Action: 'ACS::ExecuteAPI' Description: '' Properties: Service: ECS API: DescribeInstances Parameters: Tags: '{{ tags }}' RegionId: '{{ regionId }}' Outputs: InstanceIds: Type: List ValueSelector: 'Instances.Instance[].InstanceId' - Name: getAllInstances Action: 'ACS::ExecuteAPI' Description: '' Properties: Service: ECS API: DescribeInstances Parameters: RegionId: '{{regionId}}' Outputs: InstanceIds: Type: List ValueSelector: 'Instances.Instance[].InstanceId' - Name: TagResources_ECS_Instances Action: 'ACS::ExecuteAPI' Description: en: 'tag ecs instances, which are without the specified tags.' Properties: Service: ECS API: TagResources Parameters: Tags: '{{ tags }}' RegionId: '{{regionId}}' ResourceType: Instance ResourceIds: - '{{ACS::TaskLoopItem}}' Loop: MaxErrors: 100% Concurrency: 20 Items: 'Fn::Difference': - '{{ getAllInstances.InstanceIds }}' - '{{ getInstancesByTags.InstanceIds }}' Outputs: InstanceIds: Type: List Value: 'Fn::Difference': - '{{ getAllInstances.InstanceIds }}' - '{{ getInstancesByTags.InstanceIds }}'Click Create Template. In the dialog box that appears, set the name of the custom template to
OOSAutoBindTag.You can also configure the Tag, Resource Group, and Version Description parameters based on your business requirements.
Click Complete Create.
Step 3: Execute the custom template
In the left-side navigation pane, choose .
On the Custom Template page, find the
OOSAutoBindTagcustom template and click Create Execution in the Actions column.Use the default execution mode or select a different mode. Then, click Next Step: Parameter Settings.
Configure the parameters and click Next Step: OK. The following table describes the parameters.
Parameter
Description
Example
tags
Select the tag added to the ECS instance.
owner:zhangsanregionId
Enter the region of the ECS instances to which you want to add the tag.
cn-shanghaiOOSAssumeRole
Specify the RAM role that can be assumed by OOS.
OOSServiceRoleClick Create.
After the template is executed, the execution details page appears. You can view the result on this page.
NoteIf the template fails to be executed, you can view logs to identify the cause of the failure and make adjustments accordingly.
References
You can modify or remove tags based on your business requirements. For more information, see Remove or delete a tag or Use OOS to modify a tag value of multiple resources.
You can use tags to manage cloud resources in a fine-grained manner. For example, you can search for, control access to, automate O&M on, or monitor cloud resources based on tags. For more information, see Best practices for tags.