LinuxCommandLibrary

az-tag

Manage Azure resource tags

TLDR

Create a tag value

$ az tag add-value [[-n|--name]] [tag_name] --value [tag_value]
copy

Create a tag in the subscription
$ az tag create [[-n|--name]] [tag_name]
copy

Delete a tag from the subscription
$ az tag delete [[-n|--name]] [tag_name]
copy

List all tags on a subscription
$ az tag list --resource-id /subscriptions/[subscription_id]
copy

Delete a tag value for a specific tag name
$ az tag remove-value [[-n|--name]] [tag_name] --value [tag_value]
copy

SYNOPSIS

az tag {create | delete | list | update} [--resource-id ID | --resource-group NAME] [options]

PARAMETERS

--resource-id ID
    The full resource ID of the Azure resource (e.g., subscription, resource group, or specific resource) to manage tags for. Example: /subscriptions/ID/resourceGroups/RG/providers/Microsoft.Compute/virtualMachines/VM.

--resource-group NAME
    The name of the resource group that contains the resource. This is an alternative to --resource-id when targeting a resource group or a resource within a known group.

--name KEY
    The name (key) of the tag to be created or deleted. Used specifically with the 'create' subcommand for a single tag, or with 'delete' to remove a specific tag key.

--tags KEY[=VALUE] KEY[=VALUE]...
    Space-separated tags in 'key=value' format. If a value is not specified for a key, it defaults to an empty string. Example: 'Environment=Prod Project=Alpha'. This parameter is used with 'create', 'update', and 'delete' subcommands.

--operation {replace | merge | delete}
    Required when using the update subcommand. Specifies how tags are applied: replace (replaces all existing tags with the new ones), merge (adds new tags and updates existing ones), or delete (removes specified tags from the resource).

--yes
    Do not prompt for confirmation. This option is typically used with the delete subcommand to suppress interactive confirmation prompts for tag removal.

DESCRIPTION

az tag commands provide a powerful way to manage metadata on Azure resources, resource groups, and subscriptions through key-value pairs known as tags.

Tags are essential for organizing, categorizing, and managing Azure deployments, especially at scale. They enable capabilities such as cost allocation, applying governance policies (e.g., ensuring all resources have an 'Environment' tag), and streamlining automation scripts. For instance, you can use tags to identify resources belonging to a specific department, environment (dev/test/prod), or project.

The command group allows users to programmatically create new tags, update existing ones (merging, replacing, or deleting specific tags), delete tags, and list all tags associated with a given resource or scope. This flexibility makes az tag indispensable for maintaining a well-governed and organized Azure environment.

CAVEATS

Limitations apply to Azure tags:
Tag limits: A resource or resource group can have a maximum of 50 tags. Subscription tags are limited to 10.
Case-insensitivity: Tag names are case-insensitive when performing operations, but the casing is preserved.
Character limits: Tag names are limited to 512 characters, and tag values to 256 characters.
Permissions: Users require specific permissions (e.g., 'Microsoft.Resources/tags/write') to manage tags, typically covered by the 'Contributor' or 'Owner' roles.

TAGGING BEST PRACTICES

Tags are critical for implementing proper cloud governance. Best practices include defining a consistent tagging strategy (e.g., Environment, CostCenter, Owner, Project), enforcing it with Azure Policy, and using tags for cost management and reporting. Effective tagging ensures resources are easily identifiable, manageable, and auditable.

SCOPE OF TAGGING

Tags can be applied at different scopes within Azure: at the subscription level, resource group level, or directly on individual resources. Tags applied at a higher scope (e.g., resource group) are not automatically inherited by resources within that scope, but can be propagated or enforced using Azure Policy.

HISTORY

The az tag command group is an integral part of the Azure CLI, which was first released in 2016. Tagging itself is a foundational capability within Azure for resource organization and governance. As Azure CLI evolved, the az tag commands were developed to provide a robust, programmatic interface for managing these critical resource metadata. Its development has focused on reflecting the evolving capabilities of Azure resource management and providing a consistent command-line experience for users.

SEE ALSO

az group(1), az policy(1), az resource(1)

Copied to clipboard