As cloud environments grow and evolve more rapidly than ever, and with new cloud services emerging every day, achieving and maintaining a high level of organization across hundreds of resources and global teams can seem like a daunting task. However, it’s not impossible, and can be done through tagging. This post will cover the fundamentals of tags, as well as a comprehensive roadmap to developing an AWS tagging strategy.
What is Tagging?
Tagging is a method by which users can add descriptive metadata (“tags”) to their cloud assets such as EC2 instances, S3 buckets and Lambda functions. Most AWS services support tagging, however when newer services are initially released, they sometimes may not support this functionality. However as AWS is keenly aware of the importance and value of tagging to their many customers, these services usually eventually gain tagging features.
Tagging is the cornerstone of maintaining an organized cloud infrastructure, particularly in shared cloud accounts where different resources are provisioned for different purposes. Once proper tagging is in place, it’s easier for engineering, product and finance teams to search and filter your company’s cloud resources, and therefore to more quickly report on cost, usage and performance across various cloud services. The organization that tagging offers can also surface the necessary cloud data to answer business and product strategy questions such as: “what is the most expensive feature in our product,”, “how much does this product cost per user, or per instance”, and foster better relationships across disparate teams.
What is a Tag?
A tag is composed of two main components - a key and a unique value associated with that key. One key can have multiple values: for example, if using the key “Team”, you could assign some resources the value of “DevOps” and others “Engineering”. See the table below for more details. Popular other keys include Business Unit, Account, Project, Owner, and Cost Center.
The tagging of different resources can be tagged via the AWS Tag Editor in your AWS console. This service allows you to create and/or delete keys as well as add or remove tags from individual and/or multiple resources at once. If you deploy resources through an automated fashion (such as Cloud Formation templates), you can alternatively embed the tagging requirements in those templates so that resources are automatically launched with proper tags in place.
To reinforce tagging compliance as your company grows and evolves its cloud environment, you can also use AWS Config rules which can do anything from alert you to assets that aren’t properly tagged, to offer developers pre-selected tag values to avoid capitalization or naming mistakes, to preventing assets from launching all together if they are not properly tagged.
Some common obstacles for implementing proper tagging:
Lack of an AWS tagging strategy or late adoption: It can be difficult to develop a comprehensive tagging strategy that requires input from many different parts of the organization. Many companies have yet to undergo this process or are trying to do it as their cloud usage grows
Inadequate governance and enforcement/consistency: As organizations scale and add new teams and cloud services, it’s inevitable that any existing tagging structures will break down without effort to hold them in place.
Unaware of available tools and platforms: Tagging can be hard, but you don’t have to go it alone. Platforms like CloudZero are here to help, whether your tagging is perfect or far from it.
When looking to plan how to tag your cloud environment, it helps to start at a high level and answer a few questions related to People, Process and Technology. We recommend cross-functional collaboration in answering these questions, including soliciting feedback from all stakeholders of your organization who will be using, reporting on, or otherwise engaged with AWS and the related tags.
People: Do you have buy-in from different business units and leaders? Do you have a dedicated team in place to lead the initiative?
Process: How complex is your cloud environment, and how complex do you want your tagging strategy to be? What is the process for adding or deleting new tags? What is the organization looking to achieve or to see through their tagging system? What are the reporting needs that we need our tagging structure to support? What prior tagging structures should be retained or changed?
Technology: Do you (or the team tasked with this initiative) have an understanding of tags and the products and services that support them? What is the team’s overall level of familiarity with AWS Tag Editor and AWS Config?
Coming out of that initial planning, there are several standard categories and dimensions that are a great way to kickoff the actual tagging process. These categories are certainly not exhaustive, and multiple buckets can and should be used simultaneously. However, whatever categories your teams decide to use should fit your development team’s capacity and your specific business needs.
(Used to describe what a resource is doing)
Identify resource farms that share common identification
Identify different version of applications
Individual Resource Name
(Used to automate certain functions)
Identify when a resource shot bet started, stopped, rotated or terminated
Indicate whether a resource should be automatically included in an automated activity (such as resizing)
Determine requirements such as encryption and to identify tables or security groups that deserve extra scrutiny
(Used to translate AWS environment into business contexts)
Identify who is responsible for the resource
Cost Center / Business Unit
Identify which cost center is associated with a resource for cost allocation tracking
Identify a specific client that a particular group of resources serve
Identify the project(s) the resource supports
(Especially important in compliance heavy industries like healthcare or financial services)
Identify the level of data confidentiality a resource supports
Identify workloads designed to adhere to specific requirements
In conjunction with the answers to these high-level questions, there are many more granular questions related to the tagging itself that should also be considered, including:
What casing will you standardize on? (Keys and values are case sensitive in AWS, and we recommend always using a standardized, case sensitive format)
Will your tags be used for resource control, automation, or both?
Which tags will be white or black listed?
Will you use automation such as AWS Config to assist in your tagging?
How many tags should you use? As more tags leads to more granularity in reporting, we recommend erring on the side of using too many tags as opposed to too few, however every organization needs to strike their own balance.
How will future changes to your business impact your tagging strategy? If you use tags to regulate access control, automation, or billing reports, understanding how changing those tags will affect the related processes is vital.
What naming or service restrictions do you need to take into consideration?
How will your tagging strategy promote regulatory compliance, if desired or necessary for your business?
Organizing a Tagging Structure
We at CloudZero recommend creating a set of dynamic document which outlines your organization’s answers to the questions above and provides a clear home for any tagging related questions, rules and rationales. Regular check-ins and updates across teams will help reinforce your chosen approach as time passes and teams evolve. Therefore, this document should be updated regularly and circulated to all relevant teams.
A sample bundle of these planning documents available for a free download can be found HERE.
In conclusion, there is no one way to “do” tagging, but no matter which way your organization chooses to approach this piece of AWS architecture, it is vital to have both a strategy as well as a solid understanding of how to implement your AWS tagging strategy.
If you want to learn more about tagging, be sure to check out the rest of our series HERE, and if you want to learn more about how CloudZero can help improve your company’s tags automatically through it’s machine learning tools, check out our platform HERE.
Learn More About CloudZero
CloudZero is the first real-time cloud cost platform designed specifically for engineering and DevOps teams.