As cloud environments grow and evolve more rapidly than ever, and with new cloud services emerging every day, achieving and maintaining a high level of organization across hundreds of resources and global teams can seem like a daunting task. However, it’s not impossible, and can be done through tagging. This post will cover the fundamentals of tags, as well as a comprehensive roadmap to developing an AWS tagging strategy.
What is Tagging?
Tagging is a method by which users can add descriptive metadata (“tags”) to their cloud assets such as EC2 instances, S3 buckets and Lambda functions. Most AWS services support tagging, however when newer services are initially released, they sometimes may not support this functionality. However as AWS is keenly aware of the importance and value of tagging to their many customers, these services usually eventually gain tagging features.
Tagging is the cornerstone of maintaining an organized cloud infrastructure, particularly in shared cloud accounts where different resources are provisioned for different purposes. Once proper tagging is in place, it’s easier for engineering, product and finance teams to search and filter your company’s cloud resources, and therefore to more quickly report on cost, usage and performance across various cloud services. The organization that tagging offers can also surface the necessary cloud data to answer business and product strategy questions such as: “what is the most expensive feature in our product,”, “how much does this product cost per user, or per instance”, and foster better relationships across disparate teams.
What is a Tag?
A tag is composed of two main components - a key and a unique value associated with that key. One key can have multiple values: for example, if using the key “Team”, you could assign some resources the value of “DevOps” and others “Engineering”. See the table below for more details. Popular other keys include Business Unit, Account, Project, Owner, and Cost Center.
The tagging of different resources can be tagged via the AWS Tag Editor in your AWS console. This service allows you to create and/or delete keys as well as add or remove tags from individual and/or multiple resources at once. If you deploy resources through an automated fashion (such as Cloud Formation templates), you can alternatively embed the tagging requirements in those templates so that resources are automatically launched with proper tags in place.
To reinforce tagging compliance as your company grows and evolves its cloud environment, you can also use AWS Config rules which can do anything from alert you to assets that aren’t properly tagged, to offer developers pre-selected tag values to avoid capitalization or naming mistakes, to preventing assets from launching all together if they are not properly tagged.
Want A Free Tagging Toolkit?
All the info and support you need to implement a strategy across your entire cloud environment
Some common obstacles for implementing proper tagging:
When looking to plan how to tag your cloud environment, it helps to start at a high level and answer a few questions related to People, Process and Technology. We recommend cross-functional collaboration in answering these questions, including soliciting feedback from all stakeholders of your organization who will be using, reporting on, or otherwise engaged with AWS and the related tags.
Coming out of that initial planning, there are several standard categories and dimensions that are a great way to kickoff the actual tagging process. These categories are certainly not exhaustive, and multiple buckets can and should be used simultaneously. However, whatever categories your teams decide to use should fit your development team’s capacity and your specific business needs.
(Used to describe what a resource is doing)
|Cluster ID||Identify resource farms that share common identification|
|Version||Identify different version of applications|
|Name||Individual Resource Name|
(Used to automate certain functions)
|Date/Time||Identify when a resource shot bet started, stopped, rotated or terminated|
|Opt In/Out||Indicate whether a resource should be automatically included in an automated activity (such as resizing)|
|Security||Determine requirements such as encryption and to identify tables or security groups that deserve extra scrutiny|
(Used to translate AWS environment into business contexts)
|Owner||Identify who is responsible for the resource|
|Cost Center / Business Unit||Identify which cost center is associated with a resource for cost allocation tracking|
|Customer||Identify a specific client that a particular group of resources serve|
|Project||Identify the project(s) the resource supports|
(Especially important in compliance heavy industries like healthcare or financial services)
|Confidentiality||Identify the level of data confidentiality a resource supports|
|Compliance||Identify workloads designed to adhere to specific requirements|
In conjunction with the answers to these high-level questions, there are many more granular questions related to the tagging itself that should also be considered, including:
Organizing a Tagging Structure
We at CloudZero recommend creating a set of dynamic document which outlines your organization’s answers to the questions above and provides a clear home for any tagging related questions, rules and rationales. Regular check-ins and updates across teams will help reinforce your chosen approach as time passes and teams evolve. Therefore, this document should be updated regularly and circulated to all relevant teams.
A sample bundle of these planning documents available for a free download can be found HERE.
In conclusion, there is no one way to “do” tagging, but no matter which way your organization chooses to approach this piece of AWS architecture, it is vital to have both a strategy as well as a solid understanding of how to implement your AWS tagging strategy.
If you want to learn more about tagging, be sure to check out the rest of our series HERE, and if you want to learn more about how CloudZero can help improve your company’s tags automatically through it’s machine learning tools, check out our platform HERE.