Updated on 2024-11-08 GMT+08:00

Before You Start

Welcome to Tag Management Service (TMS). Tags are useful for identifying cloud resources, especially when you have a good many resources of the same type. You can classify resources by usage, ownership, or environment. TMS is a visualized service that allows you to efficiently and centrally manage tags and categorize cloud resources across regions and services.

This document describes how to use application programming interfaces (APIs) to perform operations on tags, such as creating or deleting predefined tags, and querying or modify predefined tags. For details about all supported operations, see API Overview.

Before using TMS APIs, ensure that you are familiar with TMS concepts. For details, see Tag Management Service.

TMS supports Representational State Transfer (REST) APIs, allowing you to call APIs using HTTPS. For details about API calling, see API Calling.

Resources Supported by TMS

You can call the API for querying services supported by TMS to obtain the services, resources, and regions supported by TMS.

The provider field indicates the cloud service name, and the resource_types field indicates the resource.

Endpoints

An endpoint is the request address for calling an API. Endpoints vary depending on services and regions. For the TMS endpoint, see Regions and Endpoints.

Basic Concepts

  • Account

    An account is created upon successful signing up. The account has full access permissions for all of its cloud services and resources. It can be used to reset user passwords and grant user permissions. The account is a payment entity, which should not be used directly to perform routine management. To ensure account security, create Identity and Access Management (IAM) users and grant them permissions for routine management.

  • User

    An IAM user is created by an account in IAM to use cloud services. Each IAM user has its own identity credentials (password and access keys).

    API authentication requires information such as the account name, username, and password.

  • Region

    Regions are divided based on geographical location and network latency. Public services, such as Elastic Cloud Server (ECS), Elastic Volume Service (EVS), Object Storage Service (OBS), Virtual Private Cloud (VPC), Elastic IP (EIP), and Image Management Service (IMS), are shared within the same region. Regions are classified into universal regions and dedicated regions. A universal region provides universal cloud services for common tenants. A dedicated region provides specific services for specific tenants.

    For details, see Region and AZ.

  • AZ

    An AZ comprises of one or more physical data centers equipped with independent ventilation, fire, water, and electricity facilities. Computing, network, storage, and other resources in an AZ are logically divided into multiple clusters. AZs within a region are interconnected using high-speed optical fibers to allow you to build cross-AZ high-availability systems.

  • Project

    A project corresponds to a region. Default projects are defined to group and physically isolate resources (including computing, storage, and network resources) across regions. Users can be granted permissions in a default project to access all resources under their accounts in the region associated with the project. If you need more refined access control, create subprojects under a default project and create resources in subprojects. Then you can assign users the permissions required to access only the resources in the specific subprojects.

    Figure 1 Project isolation model
  • Enterprise project

    Enterprise projects group and manage resources across regions. Resources in different enterprise projects are logically isolated. An enterprise project can contain resources of multiple regions, and resources can be added to or removed from enterprise projects.

    For details about enterprise projects and about how to obtain enterprise project IDs, see Enterprise Management User Guide.