az-tag
Manage Azure resource tags
TLDR
Create a tag value
Create a tag in the subscription
Delete a tag from the subscription
List all tags on a subscription
Delete a tag value for a specific tag name
SYNOPSIS
az tag {create | delete | list | update} [--resource-id ID | --resource-group NAME] [options]
PARAMETERS
--resource-id ID
The full resource ID of the Azure resource (e.g., subscription, resource group, or specific resource) to manage tags for. Example: /subscriptions/ID/resourceGroups/RG/providers/Microsoft.Compute/virtualMachines/VM.
--resource-group NAME
The name of the resource group that contains the resource. This is an alternative to --resource-id when targeting a resource group or a resource within a known group.
--name KEY
The name (key) of the tag to be created or deleted. Used specifically with the 'create' subcommand for a single tag, or with 'delete' to remove a specific tag key.
--tags KEY[=VALUE] KEY[=VALUE]...
Space-separated tags in 'key=value' format. If a value is not specified for a key, it defaults to an empty string. Example: 'Environment=Prod Project=Alpha'. This parameter is used with 'create', 'update', and 'delete' subcommands.
--operation {replace | merge | delete}
Required when using the update subcommand. Specifies how tags are applied: replace (replaces all existing tags with the new ones), merge (adds new tags and updates existing ones), or delete (removes specified tags from the resource).
--yes
Do not prompt for confirmation. This option is typically used with the delete subcommand to suppress interactive confirmation prompts for tag removal.
DESCRIPTION
az tag commands provide a powerful way to manage metadata on Azure resources, resource groups, and subscriptions through key-value pairs known as tags.
Tags are essential for organizing, categorizing, and managing Azure deployments, especially at scale. They enable capabilities such as cost allocation, applying governance policies (e.g., ensuring all resources have an 'Environment' tag), and streamlining automation scripts. For instance, you can use tags to identify resources belonging to a specific department, environment (dev/test/prod), or project.
The command group allows users to programmatically create new tags, update existing ones (merging, replacing, or deleting specific tags), delete tags, and list all tags associated with a given resource or scope. This flexibility makes az tag indispensable for maintaining a well-governed and organized Azure environment.
CAVEATS
Limitations apply to Azure tags:
Tag limits: A resource or resource group can have a maximum of 50 tags. Subscription tags are limited to 10.
Case-insensitivity: Tag names are case-insensitive when performing operations, but the casing is preserved.
Character limits: Tag names are limited to 512 characters, and tag values to 256 characters.
Permissions: Users require specific permissions (e.g., 'Microsoft.Resources/tags/write') to manage tags, typically covered by the 'Contributor' or 'Owner' roles.
TAGGING BEST PRACTICES
Tags are critical for implementing proper cloud governance. Best practices include defining a consistent tagging strategy (e.g., Environment, CostCenter, Owner, Project), enforcing it with Azure Policy, and using tags for cost management and reporting. Effective tagging ensures resources are easily identifiable, manageable, and auditable.
SCOPE OF TAGGING
Tags can be applied at different scopes within Azure: at the subscription level, resource group level, or directly on individual resources. Tags applied at a higher scope (e.g., resource group) are not automatically inherited by resources within that scope, but can be propagated or enforced using Azure Policy.
HISTORY
The az tag command group is an integral part of the Azure CLI, which was first released in 2016. Tagging itself is a foundational capability within Azure for resource organization and governance. As Azure CLI evolved, the az tag commands were developed to provide a robust, programmatic interface for managing these critical resource metadata. Its development has focused on reflecting the evolving capabilities of Azure resource management and providing a consistent command-line experience for users.
SEE ALSO
az group(1), az policy(1), az resource(1)