Organize resources using tags

This page describes Google Cloud tags and how to use them with Dataproc Metastore. To add tags to Dataproc Metastore Services and Federations using the Google Cloud CLI, see Attach and manage tags.

Overview of tags

Google Cloud tags_ are key-value pairs that you can use to organize your Dataproc Metastore resources.

For example, a tag key can be a property, such as environment, and the tag value can be an attribute, such as development or production. A tag can have only one value for a given key on a particular resource.

Tags are created at the organization or project level. In Dataproc Metastore, they are attached to the service or or federation resources through the Resource Manager, which is used across Google Cloud.

You can add a reference to tags in Identity and Access Management (IAM) policy bindings to grant conditional access to resources. Tags are different from labels which are another way to organize and filter your Dataproc Metastore resources. Tags and labels work independently of each other, and you can use both on the same Dataproc Metastore resource.

Grant permissions based on conditional tag bindings

After you attach a tag to an Dataproc Metastore resource, you can use the tag with IAM Conditions to conditionally grant access to Dataproc Metastore resources. For more information about setting conditions based on tags, see Resource tags. IAM Conditions let you impose fine-grained access control on Dataproc Metastore resources.

To use IAM Conditions, you reference the tags in IAM policy bindings. For more information about how to control access to your Google Cloud resources using use tags with IAM, see Tags and conditional access.

Export Cloud Billing data to BigQuery with resource-level tags

After configuring your project to export Cloud Billing data to BigQuery, your Cloud Billing data such as usage, cost estimates, and pricing details are automatically and continuously exported to a BigQuery dataset. You can then query this data using resource-level tags in BigQuery.

For setup instructions and query examples, see:

• Set up Cloud Billing data export to BigQuery
• Query examples with tags

Enforcement of mandatory tags using organization policies

You can enforce mandatory tags on Dataproc Metastore federation and service resources using an organization policy. To ensure compliance, mandatory tags enforce your organization's tagging policies, and prevent the creation of Dataproc Metastore resources if the mandatory tag values are missing.

To learn how to enforce mandatory tags using custom organization policies, see enforcing mandatory tags in Resource Manager documentation.

Limitations

Tags have the following restrictions:

• You can't attach tags to the instance resource in Dataproc Metastore.
• Backup and metadata import resources don't inherit tags from their corresponding services.

What's next

• Learn how to create and manage tags using Resource Manager.
• See specific gcloud CLI commands for Dataproc Metastore in Manage tags on Dataproc Metastore.