- Why Change?
Discover the power of cloud cost intelligence.
Give engineering a cloud cost coach.
Learn more about CloudZero's pricing.
Request a demo to see CloudZero in action.
Learn more about CloudZero and who we are.
Got questions? We have answers.
Speak with our Cloud Cost Analysts and get the answers you need.Get in touch
How SeatGeek Decoded Its AWS Bill and Measured Cost Per CustomerRead customer story
Enable engineering to make cost-aware development decisions.
Give finance the context they need to make informed decisions.
Decentralize cloud cost and mature your FinOps program.
Discover the best cloud cost optimization content in the industry.
Browse helpful webinars, ebooks, and other useful resources.
Learn how we’ve helped happy customers like SeatGeek, Drift, Remitly, and more.
5 Tactical Ways To Align Engineering And Finance On Cloud SpendRead blog post
Discover how to properly tag your AWS environment — and what to do if you don't have perfect AWS tagging strategy.
Engineers want to innovate, fix issues, and improve existing code. Finance wants to report accurately on the company's return on technology investment. Yet, the cloud is like a menu without the pricing
Engineers can practice continuous improvement without slowing down but they can also use up computing resources without being fully aware of the costs they incur, only to be surprised with a higher than usual AWS bill.
Even worse is not knowing where, what, when, or who is driving up their AWS costs. This can make it difficult for both engineering and finance to understand their cloud costs and what drives their spend.
Enter AWS tagging.
Tagging provides a way for organizations to identify various resources on AWS — and can help companies understand their usage, costs, performance, and more.
In this guide, we’ll cover the fundamentals of tags — what tags are, when you should use them, and the challenges of tagging — as well as best practices you can use to create a comprehensive AWS tagging strategy.
Table Of Contents
AWS tags are labels that help identify various resources on AWS. AWS resources such as EC2, S3, Redshift, and EFS all support tagging.
Tags consist of a key and value pair. For each resource, you can create a unique key with only one value.
Tagging is like keeping a shopping list. You label different items according to their type and use, such as groceries and collard greens. Translate that into business terms. The key would be a business segment such as Team. You could then assign the values of DevOps, Finance, and Marketing to that key.
See the table below for more details.
You can assign more than one value to one key. Keys such as Business Unit, Account, Project, Owner, Environment, and Cost Center are also popular. Tags like these help you identify what team owns a resource, in what environment it runs, and in which business unit it belongs.
The following table shows multiple keys and the unique values they contain:
You can see now that tagging in AWS works by enabling users to add descriptive metadata ("tags") to assets, including EC2 instances, S3 buckets, databases, and Lambda functions in the cloud.
Tags add context to a resource by providing additional information about its use. This allows organizations to categorize their resource utilization insights, which can be especially helpful when organizing usage and cost data on a large scale.
Want A Free Tagging Toolkit?
All the info and support you need to implement a strategy across your entire cloud environment
There are two types of AWS tags:
Credit: AWS Docs
Let’s talk about AWS cost allocation tags.
While they are based on ordinary AWS tags, you need to take an extra step and designate specific tag(s) as cost allocation tag(s) in AWS. Once an account is moved to another organization as a member, you must re-activate the cost allocation tags again.
Plus, only a management account or a single account that isn’t a member of an organization can access cost allocation tags in Billing and Cost Management.
But that's not all.
Some common obstacles to implementing proper AWS tagging:
Tags help organize cloud infrastructure. Let's go back to the earlier shopping list to illustrate this point better.
Let's say you went to a store, put everything you needed in a cart, and walked to the checkout counter to pay. If the POS system is broken, what might you do?
The cashier could calculate the lump sum price of the items based on their physical price tags. There wouldn't be a receipt to detail what each item cost. The following month, when you calculate your monthly expenses, you wouldn’t know how much you spent on what items for what specific purposes.
For instance, you probably wouldn't remember exactly how much money you spent on groceries or toiletries. So you wouldn’t have a reference for budgeting the following months' expenses.
As most companies do on AWS, you would enter the new month blind, without an idea of how much each shopping category costs, when to prepare to re-order supplies, etc.
Just as receipts give you a sense of how much you have spent on specific items, tagging resources helps organizations:
As resources are provisioned to serve a mix of purposes in shared cloud accounts, tagging helps differentiate them, revealing how much each part costs regardless of the rest. As a result, engineering, product, and finance teams can search and filter your company's cloud resources more efficiently and report on cost, usage, and performance.
A company can also use tagging to answer questions about their business and product strategies, such as:
Surely you'd like to take advantage of these and other benefits of AWS tagging. So where do you begin?
Your AWS console offers an AWS Tag Editor for tagging different resources. The service allows you to create and/or delete keys and add and remove tags from individual and/or multiple resources at once.
Suppose you deploy resources using an automated method (such as Cloud Formation templates). In that case, you can embed tagging requirements in the template so that resources can launch automatically with the proper tags applied.
As your company grows and develops its cloud environment, you can also use AWS Config rules, which can do anything from alerting you to assets that aren't appropriately tagged to offering developers pre-selected tag values to prevent capitalization or naming mistakes, to preventing assets from launching all together if they are not tagged correctly.
So, how do you implement a suitable tagging strategy for your AWS needs?
When tagging your public cloud environment, it helps to start at a high level and answer a few questions related to People, Process, and Technology.
We recommend collaborating across departments to answer these questions, including obtaining feedback from all stakeholders of your organization who are planning to use AWS or relate to it in some other way.
After initial planning, a few standard categories and dimensions serve as a great stepping stone for actual tagging. These categories are certainly not exhaustive, and multiple buckets can and should be used simultaneously.
(Used to describe what a resource is doing)
|Cluster ID||Identify resource farms that share common identification|
|Version||Identify different version of applications|
|Name||Individual Resource Name|
(Used to automate certain functions)
|Date/Time||Identify when a resource shot bet started, stopped, rotated or terminated|
|Opt In/Out||Indicate whether a resource should be automatically included in an automated activity (such as resizing)|
|Security||Determine requirements such as encryption and to identify tables or security groups that deserve extra scrutiny|
(Used to translate AWS environment into business contexts)
|Owner||Identify who is responsible for the resource|
|Cost Center / Business Unit||Identify which cost center is associated with a resource for cost allocation tracking|
|Customer||Identify a specific client that a particular group of resources serve|
|Project||Identify the project(s) the resource supports|
(Especially important in compliance heavy industries like healthcare or financial services)
|Confidentiality||Identify the level of data confidentiality a resource supports|
|Compliance||Identify workloads designed to adhere to specific requirements|
With the answers to these high-level questions, there are many more granular questions related to the tagging itself that you’ll want to consider:
Here's a high-level overview of some of the best practices for improving your AWS tagging strategy (in no particular order).
Ultimately, no matter how your organization approaches tagging, it’s essential to have a plan and solid understanding of how you will implement your AWS tagging strategy.
We recommend that you create dynamic documents that outline your organization's answers to the questions above and provide a place for any questions, rules, or rationales related to tagging.
As time passes and teams evolve, regular check-ins and updates across teams will reinforce your chosen approach. Therefore, this document should be updated regularly and circulated to all relevant teams.
A sample bundle of these planning documents is available for a free download HERE.
Additionally, we recommend checking out our article, “Messy AWS Tags? Confidently Allocate Costs Without a Perfect Tagging Strategy”, to learn more about ways you can allocate costs without perfect tagging.
Lastly, if cost allocation is a concern for you and you need cost visibility today, CloudZero’s cost allocation solution can provide you with cost intelligence in a matter of hours — versus weeks or months. CloudZero meets you where you are in your tagging strategy — providing immediate visibility whether your tags are perfect, or a total mess.
CloudZero works similar to how you define Infrastructure as Code — we use a code artifact to define how to organize costs. This gives you flexibility and accuracy — even for Kubernetes, shared costs in multi-tenant applications, and non-taggable AWS services.