Manage tags


In this section, you learn how to attach, detach, and list tags on Datastream resources, such as private connectivity configurations, connection profiles, and streams. For an overview of tags on Datastream, see Access control with tags.

A tag is a key-value pair that can be attached to an organization, folder, or project. You can use tags to allow or deny policies conditionally based on whether a resource has a specific tag.

For example, you might want to specify production, test, and development environments for resources in your resource hierarchy. To do this, you would create a key for your tag that describes the tag that you're creating. For this example, you could create a key with the name env.

After creating the key, you can create the different values that the key can have. For this example, after you create the tag key named env, you would specify that there are three potential environments, and create a value for each: prod, test, and dev.

In addition to attaching, detaching, and listing tags on Datastream resources, you can use the API or gcloud to perform the following actions to manage tags:

  • Create a tag
  • View a key for a tag
  • Add values to the tag key
  • Retrieve tag values
  • Update tags
  • List tag keys
  • List tag values
  • Delete tags

For more information on how to perform these actions through the API or gcloud, see Creating and managing tags.

Before you begin

Tags are managed through the Resource Manager. You need the following Datastream identity and access management (IAM) permissions to view and set tags on Datastream resources:

  • datastream.connectionProfiles.createTagBinding
  • datastream.connectionProfiles.deleteTagBinding
  • datastream.connectionProfiles.listTagBindings
  • datastream.connectionProfiles.listEffectiveTags
  • datastream.streams.createTagBinding
  • datastream.streams.deleteTagBinding
  • datastream.streams.listTagBindings
  • datastream.streams.listEffectiveTags
  • datastream.privateConnections.createTagBinding
  • datastream.privateConnections.deleteTagBinding
  • datastream.privateConnections.listTagBindings
  • datastream.privateConnections.listEffectiveTags

Attach tags to Datastream resources

After you've created and defined a tag using Resource Manager, you can attach the tag directly to your Datastream resource.

For example:

  • The tag value is 815471563813/environment/development.
    • 815471563813 is the organization ID.
    • environment is the tag key.
    • development is the tag value.
  • Your project name is my-project.
  • Your stream name is my-stream.
  • Your instance is in us-central1.

The following gcloud command attaches the tag to a resource, in this case, my-stream:

gcloud alpha resource-manager tags bindings create \
--tag-value=815471563813/environment/development \
--parent=// \

Detach tags from Datastream resources

The following gcloud command detaches the tag from my-stream:

gcloud alpha resource-manager tags bindings delete \
--tag-value=815471563813/environment/development \
--parent=// \

List tags on Datastream resources

The following gcloud command lists all tags directly attached to my-stream, except tags that my-stream has inherited:

gcloud alpha resource-manager tags bindings list \
    --parent=// \

What's next