Discover how CloudZero helps engineering and finance get on the same team — and unlock cloud cost intelligence to power cloud profitability

Learn more Arrow Arrow

Explore CloudZero

Discover the power of cloud cost intelligence

Why Change Icon
Why Change?

Give your team a better cost platform

Services Icon

Give engineering a cloud cost coach

About Icon

Learn more about CloudZero and who we are

Pricing Icon

Learn more about CloudZero's pricing

Tour Icon

Take a customized tour of CloudZero


Explore CloudZero by feature

Cost Anomaly Detection Icon
Cost Anomaly Detection

Build fast with cost guardrails

Budgeting Icon
Budgeting And Forecasting

Drive accountability and stay on budget

Discount Dashboard Icon
Discount Optimization Dashboard

Manage all your discounts in one place

Dimensions Icon
CloudZero Dimensions

Organize spend to match your business

By Use Case

Cost Per Customer
Cost Per Customer Analysis

Understand your cloud unit economics and measure cost per customer

Kubernetes Cost Analysis
Kubernetes Cost Analysis

Discover and monitor your real Kubernetes and container costs

Unit Cost Analysis
Unit Cost Analysis

Measure and monitor the unit metrics that matter most to your business

Cost Allocation
Tagging And Cost Allocation

Allocate cost and gain cost visibility even if your tagging isn’t perfect

SaaS COGS Measurement

Identify and measure your software COGS

Engineering Cost Awareness
Engineering Cost Awareness

Decentralize cost decisions to your engineering teams

Cloud Cost Optimization
Cloud Cost Optimization

Automatically identify wasted spend, then proactively build cost-effective infrastructure

By Role

All Your Cloud Spend, In One View

CloudZero ingests data from AWS, GCP, Azure, Snowflake, Kubernetes, and more

View all cost sources Arrow Arrow


Discover the best cloud cost intelligence resources

Resources Icon Resources

Browse webinars, ebooks, press releases, and other helpful resources

Blog Icon Blog

Discover the best cloud cost intelligence content

Case Study Icon Case Studies

Learn how we’ve helped happy customers like SeatGeek, Drift, Remitly, and more

Events Icon Events

Check out our best upcoming and past events

Cost Assessment Icon Free Cloud Cost Assessment

Gauge the health and maturity level of your cost management and optimization efforts


CloudZero Advisor

Compare pricing and get advice on AWS services including EC2, RDS, ElastiCache, and more

Learn more Arrow Arrow

How SeatGeek Measures Cost Per Customer

Discover how SeatGeek decoded its AWS bill and measures cost per customer

Read customer story orangearrow arrow-right

How Skyscanner Creates A Cost-Aware Culture

Learn how Skyscanner decentralized cloud cost to their engineering teams

Read customer story orangearrow arrow-right

How Malwarebytes Measures Cost Per Customer

Learn how Malwarebytes measures cloud cost per product

Read customer story orangearrow arrow-right

How Remitly Shifts Cloud Costs Left

Learn how Remitly built an engineering culture of cost autonomy

Read customer story orangearrow arrow-right

How Ninjacat Combines AWS And Snowflake Spend

Discover how Ninjacat uses cloud cost intelligence to inform business decisions

Read customer story orangearrow arrow-right

How Smartbear Uses Cloud Cost To Inform GTM Strategies

Learn Smartbear optimized engineering use and inform go-to-market strategies

Read customer story orangearrow arrow-right
arrow-left arrow-right
View all customer stories

AWS Tagging Strategy Guide: 15 Best Practices In 2023

Discover how to properly tag your AWS environment — and what to do if you don't have a perfect AWS tagging strategy.

Is your current cloud cost tool giving you the cost intelligence you need?  Most tools are manual, clunky, and inexact. Discover how CloudZero takes a new  approach to organizing your cloud spend.Click here to learn more.

Engineers want to innovate, fix issues, and improve existing code. Finance wants to report accurately on the company's return on technology investment. Yet, the cloud is like a menu without the pricing.

Engineers can practice continuous improvement without slowing down but they can also use up computing resources without being fully aware of the costs they incur, only to be surprised with a higher than usual AWS bill

Even worse is not knowing where, what, when, or who is driving up their AWS costs. This can make it difficult for both engineering and finance to understand their cloud costs and what drives their spend.

Enter AWS tagging.

Tagging provides a way for organizations to identify various resources on AWS — and can help companies understand their usage, costs, performance, and more.

A tagging strategy defines specific rules and practices for an organization to follow and implement. This strategy helps your team know exactly how to use tags (including proper formatting), who should create them, and how tagging decisions will be made.

In this guide, we’ll cover the fundamentals of tags — what tags are, when you should use them, and the challenges of tagging — as well as best practices you can use to create a comprehensive AWS tagging strategy.

Table Of Contents

What Are Tags in AWS?

AWS tags are labels that help identify various resources on AWS. AWS resources such as EC2, S3, Redshift, and EFS all support tagging. 

Tags consist of a key and value pair. For each resource, you can create a unique key with only one value. 

Tagging is like keeping a shopping list. You label different items according to their type and use, such as groceries and collard greens. Translate that into business terms. The key would be a business segment such as Team. You could then assign the values of DevOps, Finance, and Marketing to that key.

See the table below for more details.

Key Values
Team DevOps
Team Engineering
Team Product
Team Marketing

You can assign more than one value to one key. Keys such as Business Unit, Account, Project, Owner, Environment, and Cost Center are also popular. Tags like these help you identify what team owns a resource, in what environment it runs, and in which business unit it belongs.

The following table shows multiple keys and the unique values they contain:

Key Values
Team DevOps
Team Engineering
Team Product
Team Marketing

You can see now that tagging in AWS works by enabling users to add descriptive metadata ("tags") to assets, including EC2 instances, S3 buckets, databases, and Lambda functions in the cloud. 

Tags add context to a resource by providing additional information about its use. This allows organizations to categorize their resource utilization insights, which can be especially helpful when organizing usage and cost data on a large scale. 


Want A Free Tagging Toolkit?

All the info and support you need to implement a strategy across your entire cloud environment

Get The Toolkit


The two types of AWS tags

There are two types of AWS tags:

  • AWS generated tags - These are tags that AWS automatically generates, so you cannot alter them. Their prefix is usually aws: (aws:createdBy), and they typically contain a string of numbers and letters. You can tell who created the resource by looking at the createdBy tag. Subnet IDs and instance IDs are two examples of AWS generated tags.
  • User generated tags - These are tags you create, define, and implement as you see fit for your use cases. AWS lets you add 50 tags to a single resource. 

AWS Tagging Example

Credit: AWS Docs

Let’s talk about AWS cost allocation tags. 

While they are based on ordinary AWS tags, you need to take an extra step and designate specific tag(s) as cost allocation tag(s) in AWS. Once an account is moved to another organization as a member, you must re-activate the cost allocation tags again. 

Plus, only a management account or a single account that isn’t a member of an organization can access cost allocation tags in Billing and Cost Management.

But that's not all. 

  • You can only see your cost allocation tags in Billing and Cost Management if you've also enabled AWS Cost and Usage Reports, AWS Cost Explorer, legacy reports, or AWS Budgets. 
  • Resources you created before tagging do not have tags assigned to them. They cannot be backdated.
  • Unmetered resources can be tagged, but they do not appear in the Cost Management suite.
  • Since Billing and Cost Management does not decode or encode tags for you, you have to manually tag your resources to start collecting and making sense of your AWS spending.

The Three Major Challenges With Tagging

Some common obstacles to implementing proper AWS tagging:

  1. Lack of an AWS tagging strategy or late adoption - It can be challenging to develop a comprehensive tagging strategy that requires input from many different parts of the organization. Many companies have yet to undergo this process or are trying to do it as their cloud usage grows.
  2. Inadequate governance and enforcement/consistency - As organizations scale and add new teams and cloud services, any existing tagging structures will inevitably break down without effort to hold them in place. 
  3. Unaware of available tools and platforms - Tagging can be complex, but you don’t have to go it alone. Platforms like CloudZero are here to help, whether your tagging is perfect or far from it. 
CloudZero provides you with visibility into your current tags, so you can  easily understand where you have gaps. Then, you can either tag it or group  based on other attributes. Never let tagging be a barrier to cost visibility. Click here to learn more.

Why Would You Use Tags In AWS? AWS Tagging Use Cases

Tags help organize cloud infrastructure. Let's go back to the earlier shopping list to illustrate this point better. 

Let's say you went to a store, put everything you needed in a cart, and walked to the checkout counter to pay. If the POS system is broken, what might you do? 

The cashier could calculate the lump sum price of the items based on their physical price tags. There wouldn't be a receipt to detail what each item cost. The following month, when you calculate your monthly expenses, you wouldn’t know how much you spent on what items for what specific purposes. 

For instance, you probably wouldn't remember exactly how much money you spent on groceries or toiletries. So you wouldn’t have a reference for budgeting the following months' expenses. 

As most companies do on AWS, you would enter the new month blind, without an idea of how much each shopping category costs, when to prepare to re-order supplies, etc. 

Just as receipts give you a sense of how much you have spent on specific items, tagging resources helps organizations: 

  • Know where their AWS budget is going.
  • Analyze their resource usage so they can forecast future resource requirements.
  • Find ways to reduce their AWS bill using cloud cost optimization methods, like eliminating unused resources. It is impossible to optimize what you do not measure, after all.
  • Relate cloud resource utilization to business units, such as departments or projects.
  • Use tagging data to identify resources that require updating.
  • Use security-related tags and anomaly detection to assess the security of the resources.
  • Use owner tags to improve accountability by revealing who has activated which resources, which instances they have activated, and restricting which resources an individual can access.             

As resources are provisioned to serve a mix of purposes in shared cloud accounts, tagging helps differentiate them, revealing how much each part costs regardless of the rest. As a result, engineering, product, and finance teams can search and filter your company's cloud resources more efficiently and report on cost, usage, and performance.

A company can also use tagging to answer questions about their business and product strategies, such as:

  • What is the most expensive feature of our product?
  • How much does this product cost per user or per instance?
  • Which projects cost us the most to support?
  • What features do most of our customers use?

Surely you'd like to take advantage of these and other benefits of AWS tagging. So where do you begin?

CloudZero aligns cloud costs to key business metrics, such as cost per  customer or product feature. Our Cost Per Customer report allows teams to see  how individual customers drive their cloud spend and how much specific  customers cost their business. With cloud cost intelligence, companies can make  informed engineering, business, and pricing that ensure profitability.Click  here to learn more.

How To Implement A Comprehensive AWS Tagging Strategy

Your AWS console offers an AWS Tag Editor for tagging different resources. The service allows you to create and/or delete keys and add and remove tags from individual and/or multiple resources at once.

Suppose you deploy resources using an automated method (such as Cloud Formation templates). In that case, you can embed tagging requirements in the template so that resources can launch automatically with the proper tags applied.

As your company grows and develops its cloud environment, you can also use AWS Config rules, which can do anything from alerting you to assets that aren't appropriately tagged to offering developers pre-selected tag values to prevent capitalization or naming mistakes, to preventing assets from launching all together if they are not tagged correctly.

So, how do you implement a suitable tagging strategy for your AWS needs? 

When tagging your public cloud environment, it helps to start at a high level and answer a few questions related to People, Process, and Technology. 

We recommend collaborating across departments to answer these questions, including obtaining feedback from all stakeholders of your organization who are planning to use AWS or relate to it in some other way. 

  • People - Do you have buy-in from different business units and leaders? Do you have a dedicated team in place to lead the initiative?
  • Process - How complex is your cloud environment, and how complex do you want your tagging strategy to be? What is the process for adding or deleting new tags? What is the organization looking to achieve or to see through its tagging system? What are the reporting needs that we need our tagging structure to support? What prior tagging structures should be retained or changed?
  • Technology - Do you (or the team tasked with this initiative) have an understanding of tags and the products and services that support them? What is the team’s overall level of familiarity with AWS Tag Editor and AWS Config? 

After initial planning, a few standard categories and dimensions serve as a great stepping stone for actual tagging. These categories are certainly not exhaustive, and multiple buckets can and should be used simultaneously.


(Used to describe what a resource is doing)

Cluster ID Identify resource farms that share common identification
Version Identify different version of applications
Name Individual Resource Name


(Used to automate certain functions)

Date/Time Identify when a resource shot bet started, stopped, rotated or terminated
Opt In/Out Indicate whether a resource should be automatically included in an automated activity (such as resizing)
Security Determine requirements such as encryption and to identify tables or security groups that deserve extra scrutiny


(Used to translate AWS environment into business contexts)

Owner Identify who is responsible for the resource
Cost Center / Business Unit Identify which cost center is associated with a resource for cost allocation tracking
Customer  Identify a specific client that a particular group of resources serve
Project Identify the project(s) the resource supports


(Especially important in compliance heavy industries like healthcare or financial services)

Confidentiality Identify the level of data confidentiality a resource supports
Compliance Identify workloads designed to adhere to specific requirements

With the answers to these high-level questions, there are many more granular questions related to the tagging itself that you’ll want to consider:

  • What casing will you standardize on? (Keys and values are case sensitive in AWS, and we recommend always using a standardized, case sensitive format)
  • Will your tags be used for resource control, automation, or both?
  • Which tags will be allowed or blocked? 
  • Will you use automation such as AWS Config to assist in your tagging? 
  • How many tags should you use? As more tags lead to more granularity in reporting, we recommend erring on the side of using too many tags instead of too few. 
  • How will future changes to your business impact your tagging strategy? If you use tags to regulate access control, automation, or billing reports, understand how changing those tags will affect the related processes. 
  • What naming or service restrictions do you need to take into consideration? 
  • How will your tagging strategy promote regulatory compliance, if desired or necessary for your business?

CloudZero uses a code-driven approach that lets companies organize cloud costs  without tagging — even on containerized and multi-tenant infrastructure or in  the case of untagged, untaggable, and shared resources. Allocate cloud spend  without the hassle.Click here to learn more.

15 AWS Tagging Strategy Best Practices 

Here's a high-level overview of some of the best practices for improving your AWS tagging strategy (in no particular order).

  1. Identify and brainstorm tag requirements with a cross-functional team. 
  2. Name your tags, so every employee in your organization knows the key, values, and purpose and how to use them consistently.
  3. The more tags, the better. The more tags you have, the better your AWS visibility.  
  4. Standardize your tagging format to prevent duplications, mix-ups, and inconsistencies.
  5. Bulk tag resources with AWS Tag Editor.   
  6. Don't use tags to store confidential data, such as your personal information. Because tags are used across many services on AWS, the information could be accidentally shared.
  7. Automation tools, such as CloudFormation templates, can help you tag resources proactively, especially as you scale. 
  8. Use AWS Identity and Access Management (IAM) to restrict who has access to the resources you tag.
  9. Get notified automatically when tags are incorrect or missing.
  10. Tag costs with actual business purposes, categories, and segments.
  11. Configure alert management and anomaly detection to ensure your team gets rapid alerts. Limit the number of alerts they receive to prevent alert fatigue. 
  12. Designate a tag owner - the individual who owns a specific tag and is able to demonstrate its value to the organization.
  13. Avoid compound tags (tags with multiple values) in favor of single value tags.     
  14. Meet regularly to review, revise, and reinvent AWS tagging best practices based on your changing needs. 
  15. Use a platform that meets you where you are in your tagging journey — and can provide cost insight even if your tagging isn’t perfect.

What To Do If Your Tags Are Already A Mess? How To Allocate Costs Without Perfect Tags

Ultimately, no matter how your organization approaches tagging, it’s essential to have a plan and solid understanding of how you will implement your AWS tagging strategy. 

We recommend that you create dynamic documents that outline your organization's answers to the questions above and provide a place for any questions, rules, or rationales related to tagging. 

As time passes and teams evolve, regular check-ins and updates across teams will reinforce your chosen approach. Therefore, this document should be updated regularly and circulated to all relevant teams.

A sample bundle of these planning documents is available for a free download HERE

Additionally, we recommend checking out our article, “Messy AWS Tags? Confidently Allocate Costs Without a Perfect Tagging Strategy”, to learn more about ways you can allocate costs without perfect tagging.

Lastly, if cost allocation is a concern for you and you need cost visibility today, CloudZero’s cost allocation solution can provide you with cost intelligence in a matter of hours — versus weeks or months. CloudZero meets you where you are in your tagging strategy — providing immediate visibility whether your tags are perfect, or a total mess.

CloudZero works similar to how you define Infrastructure as Code — we use a code artifact to define how to organize costs. This gives you flexibility and accuracy — even for Kubernetes, shared costs in multi-tenant applications, and non-taggable AWS services.

Schedule a demo today to see how it works!

Cody Slingerland

Author: Cody Slingerland

Cody Slingerland, a FinOps certified practitioner, is an avid content creator with over 10 years of experience creating content for SaaS and technology companies. Cody collaborates with internal team members and subject matter experts to create expert-written content on the CloudZero blog.


Join thousands of engineers who already receive the best AWS and cloud cost intelligence content.