All Products
Search

This Product

    Resource Management:Associated tag inheritance

    Document Center

    Resource Management:Associated tag inheritance

    Last Updated:Aug 20, 2025

    You can use the associated tag inheritance feature to improve O&M efficiency. When a tag on a primary resource is changed, or when a new association is created, the associated resource automatically inherits the tags from the primary resource. For example, when you attach a tag to an ECS instance, its associated disks, ENIs, and EIPs automatically inherit the tag. Any newly associated resources also inherit the tag.

    Background information

    You can use an Alibaba Cloud account or a Resource Access Management (RAM) user that has the AliyunTagAdministratorAccess permission to manage associated tag inheritance. For more information, see Create a RAM user and Grant permissions to a RAM user.

    Limits

    • For a list of resource types that support this feature, see Resources that support associated tag inheritance.

    • When you set an associated tag rule, you can specify a maximum of 50 tag keys to inherit.

    • After you enable an associated tag inheritance rule, the system may overwrite an existing tag on an associated resource if an inherited tag has the same tag key. For example, an associated resource has the tag cost:hangzhou. The primary resource has the tag cost:shanghai. If you set a rule for the associated resource to inherit the tag with the key cost, the tag cost:hangzhou on the associated resource is overwritten with cost:shanghai.

    • For some resource types, you can enable the Apply To Existing Resources switch to apply tag inheritance to existing associated resources. For a list of supported resource types, see the Supports applying to existing resources column in Resources that support associated tag inheritance.

    Basic operations

    Enable the associated tag inheritance feature

    1. Go to the Associated Tag Inheritance page.

    2. Read the instructions, select the option to create a service-linked role, and then click Enable And Set Rules.

      After you enable the feature, the system creates a service-linked role named AliyunServiceRoleForTag to manage tags on associated resources. For more information, see Service-linked role for Tag.

      image

    Enable a rule

    1. On the Associated Tag Inheritance page, find the target resource type and click Enable Rule in the Actions column.

      image

    2. In the Enable Rule dialog box, set the rule and then click Enable.

      Example: After you enable the rule, an ENI automatically inherits the tags of an ECS instance when it is attached to the instance. The ENI tags are dynamically updated when the ECS instance tags change. When the ENI is detached, the system automatically removes the inherited tags from the ENI.

      image

      • Tag Scope: Specify which tag keys to inherit. You can choose to inherit all tag keys or a subset of them.

      • Apply To Existing Resources: If you enable this switch, the rule also applies to existing resources.

    Modify a rule

    1. On the Associated Tag Inheritance page, find the target resource type and click Modify Rule in the Actions column.

      image

    2. In the Modify Rule dialog box, change the rule settings and then click Modify.

      You can change the Tag Scope. You can also enable or disable the Apply To Existing Resources switch.

    Disable a rule

    Important

    After you disable an associated tag inheritance rule, associated resources can no longer automatically inherit tags from primary resources. This may affect your resource management and cost allocation that rely on tags.

    1. On the Associated Tag Inheritance page, find the target resource type and click Disable Rule in the Actions column.

      image

    2. In the Disable Rule dialog box, click Disable.

    Manage rules in batches

    On the Associated Tag Inheritance page, you can select multiple resource types and then manage their rules in a batch.

    • At the bottom-left of the list, click Enable Rule to enable rules for the selected resource types.

    • At the bottom-left of the list, click Disable Rule to disable rules for the selected resource types.

    • At the bottom-left of the list, click Apply To Existing Resources to apply tag inheritance to existing associated resources for the selected resource types.

    Disable the associated tag inheritance feature

    Important

    After you disable the associated tag inheritance feature, the system no longer manages tags on associated resources. Existing tags on resources are not affected.

    1. In the upper-right corner of the Associated Tag Inheritance page, click Disable This Feature.

      image

    2. In the confirmation dialog box, click Disable.

    Resources that support associated tag inheritance

    Primary resource

    Associated resource

    Triggering condition

    Supports applying to existing resources

    Rule setting name (SettingName)

    ECS instance

    Disks (including data disks and system disks)

    • When a disk is attached to an ECS instance, it automatically inherits the instance's tags and is updated when the instance's tags change.

    • When the disk is detached from the instance, the system automatically deletes the inherited tags from the disk.

    Yes

    rule:AttachDisk-DetachDisk-TagInstance:Ecs-Instance:Ecs-Disk

    ENIs (including primary and secondary ENIs)

    • When an ENI is attached to an ECS instance, it automatically inherits the instance's tags and is updated when the instance's tags change.

    • When the ENI is detached from the instance, the system automatically deletes the inherited tags from the ENI.

    Yes

    rule:AttachEni-DetachEni-TagInstance:Ecs-Instance:Ecs-Eni

    Elastic IP Address

    • When an EIP is associated with an ECS instance, it automatically inherits the instance's tags and is updated when the instance's tags change.

    • When the EIP is disassociated from the instance, the system automatically deletes the inherited tags from the EIP.

    Yes

    rule:AssociateEip-UnassociateEip-TagInstance:Ecs-Instance:Vpc-Eip

    Disk

    Snapshot

    • When you create a snapshot from a disk, the snapshot automatically inherits the disk's tags.

    • When you edit the disk's tags, the snapshot's tags are updated accordingly.

    Yes

    rule:CreateSnapshot-TagDisk:Ecs-Disk:Ecs-Snapshot

    Message Queue for Apache Kafka instance

    Topic

    • When you create a topic in a Message Queue for Apache Kafka instance, the topic automatically inherits the instance's tags.

    • When you edit the instance's tags, the topic's tags are updated accordingly.

    Yes

    rule:CreateTopic-TagKafka:Kafka-Instance:Kafka-Topic

    Consumer group

    • When you create a consumer group in a Message Queue for Apache Kafka instance, the consumer group automatically inherits the instance's tags.

    • When you edit the instance's tags, the consumer group's tags are updated accordingly.

    Yes

    rule:CreateConsumerGroup-TagKafka:Kafka-Instance:Kafka-ConsumerGroup

    Container Service for Kubernetes cluster

    Security group

    When you edit the tags of a Container Service for Kubernetes cluster, the tags of the security group are updated accordingly.

    No

    rule:TagCluster:Cs-Cluster:Ecs-SecurityGroup

    ECS instance

    • When you scale out a managed Container Service for Kubernetes cluster, the new ECS instances automatically inherit the cluster's tags.

    • When you edit the tags of a Container Service for Kubernetes cluster, the tags of the ECS instances are updated accordingly.

    No

    rule:CreateInstance-TagCluster:Cs-Cluster:Ecs-Instance

    Classic Load Balancer (CLB) instance

    When you edit the tags of a Container Service for Kubernetes cluster, the tags of the SLB instance are updated accordingly.

    No

    rule:TagCluster:Cs-Cluster:Slb-Instance

    Elastic IP Address

    When you edit the tags of a Container Service for Kubernetes cluster, the tags of the EIP are updated accordingly.

    No

    rule:TagCluster:Cs-Cluster:Vpc-Eip

    NAT Gateway

    When you edit the tags of a Container Service for Kubernetes cluster, the tags of the NAT Gateway are updated accordingly.

    No

    rule:TagCluster:Cs-Cluster:Vpc-Natgateway

    Scaling group

    When you edit the tags of a Container Service for Kubernetes cluster, the tags of the Auto Scaling scaling group are updated accordingly.

    No

    rule:TagCluster:Cs-Cluster:Ess-ScalingGroup

    Classic Load Balancer (CLB) instance

    Elastic IP Address

    • When an EIP is associated with a CLB instance, it automatically inherits the instance's tags and is updated when the instance's tags change.

    • When the EIP is disassociated from the CLB instance, the system automatically deletes the inherited tags from the EIP.

    Yes

    rule:AssociateEip-UnassociateEip-TagSlbInstance:Slb-Instance:Vpc-Eip

    Network Load Balancer (NLB) instance

    Elastic IP Address

    • When an EIP is associated with an NLB instance through an update operation, it automatically inherits the instance's tags and is updated when the instance's tags change.

    • When you edit the tags of the NLB instance, the tags of the EIP are updated accordingly.

    No

    rule:UpdateLoadBalancerZones-UpdateLoadBalancerAddressTypeConfig-TagNlb:Nlb-Loadbalancer:Vpc-Eip

    Application Load Balancer (ALB) instance

    Elastic IP Address

    • When an EIP is associated with an ALB instance through an update operation, it automatically inherits the instance's tags and is updated when the instance's tags change.

    • When you edit the tags of the ALB instance, the tags of the EIP are updated accordingly.

    No

    rule:UpdateLoadBalancerZones-UpdateLoadBalancerAddressTypeConfig-TagAlb:Alb-LoadBalancer:Vpc-Eip

    VPC - Internet NAT gateway

    Elastic IP Address

    • When an EIP is associated with a VPC Internet NAT gateway, it automatically inherits the gateway's tags and is updated when the gateway's tags change.

    • When the EIP is disassociated from the VPC Internet NAT gateway, the system automatically deletes the inherited tags from the EIP.

    Yes

    rule:AssociateEipAddress-UnassociateEipAddress-TagVpc:Vpc-Natgateway:Vpc-Eip

    Elastic Container Instance (ECI) - pod

    Elastic IP Address

    • When an EIP is associated with an ECI instance, it automatically inherits the instance's tags and is updated when the instance's tags change.

    • When the EIP is disassociated from the ECI instance, the system automatically deletes the inherited tags from the EIP.

    No

    rule:AssociateEip-UnassociateEip-TagEci:Eci-ContainerGroup:Vpc-Eip

    Regions that support associated tag inheritance

    Indonesia (Jakarta), Malaysia (Kuala Lumpur), China (Hohhot), Singapore, Germany (Frankfurt), US (Virginia), US (Silicon Valley), China (Hong Kong), China (Qingdao), Japan (Tokyo), China (Zhangjiakou), China (Shenzhen), China (Beijing), China (Shanghai), China (Hangzhou), China (Chengdu), UK (London), China (Heyuan), China (Ulanqab), China (Guangzhou), Philippines (Manila), Thailand (Bangkok), China (Nanjing - local region - shutting down), China (Fuzhou - local region - shutting down).