Queries the tag keys of resources within the management account or a member of a resource directory by using the management account of the resource directory or a delegated administrator account of Resource Center.
Debugging
Authorization information
The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:
- Operation: the value that you can use in the Action element to specify the operation on a resource.
- Access level: the access level of each operation. The levels are read, write, and list.
- Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level,
All Resourcesis used in the Resource type column of the operation.
- Condition Key: the condition key that is defined by the cloud service.
- Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
| Operation | Access level | Resource type | Condition key | Associated operation |
|---|---|---|---|---|
| resourcecenter:SearchMultiAccountResources | Read |
|
| none |
Request parameters
| Parameter | Type | Required | Description | Example |
|---|---|---|---|---|
| Scope | string | Yes | The search scope. You can set the value to one of the following items:
| rd-r4**** |
| MaxResults | integer | No | The maximum number of entries to return on each page. Valid values: 1 to 100. Default value: 20. | 10 |
| NextToken | string | No | The pagination token that is used in the next request to retrieve a new page of results. If the total number of entries returned for the current request exceeds the value of the | eyJzZWFyY2hBZnRlcnMiOlsiMTAwMTU2Nzk4MTU1OSJd**** |
| TagKey | string | No | The tag key. | test_key |
| MatchType | string | No | The matching mode. Valid values:
| Equals |
Response parameters
Examples
Sample success responses
JSONformat
{
"NextToken": "AAAAARfZmVDe9NvRXloR5+8CK9nNJufMdRA7W1miLC1P****",
"TagKeys": [
"test_key"
],
"RequestId": "FA6086F9-6363-51A5-A507-88E3201EBCCB"
}Error codes
| HTTP status code | Error code | Error message | Description |
|---|---|---|---|
| 400 | NoPermission | You are not authorized to perform this operation. | You are not authorized to perform the operation. |
| 400 | InvalidParameter.MaxResults | The specified parameter MaxResults is not valid. | The MaxResults parameter is invalid. |
| 400 | MultiAccountServiceNotEnabled | Multi account ResourceCenter service is not enabled. | The Resource Meta Center (RMC) service is not activated. |
| 404 | NotExists.ResourceDirectory | The resource directory for the account is not enabled. | No resource directory is enabled for the account. |
| 404 | NotExists.ResourceDirectory.FolderId | The specified folder does not exist. | The specified folder does not exist. |
| 409 | NoPermission.ResourceDirectory.MemberAccount | ResourceDirectory Member Account is not authorized to perform this operation. | You are not allowed to use a member of a resource directory to perform this operation. Use the management account of the resource directory to perform the operation. |
| 409 | InvalidParameter.Scope | The Scope is invalid. | The Scope parameter is invalid |
| 409 | InvalidParameter.MatchType | The specified parameter MatchType is not valid. | The MatchType parameter is invalid. |
For a list of error codes, visit the Service error codes.
Change history
| Change time | Summary of changes | Operation | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| 2023-05-05 | The Error code has changed | see changesets | ||||||||
|