When you work with large-scale cloud infrastructures such as AWS, it's best to logically group your resources with...
AWS tags represent metadata that attach to various cloud resources in the form of simple key-value pairs. Tags are completely user-defined, which means they can correspond to any category that fits your organizational needs.
Tags have become a crucial part of almost every AWS environment -- and rightfully so. For many organizations, it's simply unimaginable not to use AWS tags, especially as they deploy more cloud resources. If you want to maintain a fully controllable AWS environment, make sure to use tags as necessary, even if it requires you to implement the automated deletion of untagged resources.
Follow these best practices to get started with AWS tags.
Tag every possible resource
Use as many tags as you can, but remember that AWS allows only 50 tags per resource. These tagged resources enable you to more closely monitor your deployment, which is especially useful to run detailed analysis of something like your monthly bill.
Define categories for your tags
Tags have many uses, so you should split them into categories based on their purpose. For example, some tags relate to the technical details of your resources, such as their names or the environments in which they run. Other tags might identify business details, like the owner of a specific resource. When you review your spending history, these tags can tell you the amount of resources consumed by specific team members or clients, which enables you to more efficiently modify budgets and negotiate deals.
AWS also provides tags for automation, which can filter resources for automated tasks, such as stopping development environments or deleting stale Elastic Block Store volumes. However, AWS tags are case-sensitive, so if you use them for automation, be sure to avoid typos that can cause future inconsistencies as well as unplanned infrastructure behavior.
And, of course, tags are a vital component of cloud security. Use tags to limit who has access to create or interact with various resources.
To ensure your resources are properly tagged, use tools like AWS CloudFormation or AWS Service Catalog. CloudFormation includes the Resource Tags property, which pushes tags to desired resource types, while the AWS Service Catalog enables you to add a portfolio to tags that apply as soon as the resource launches.
You could also take a more reactive approach with services like AWS Config or the AWS Resource Groups Tagging API, which can find improperly applied tags. Don't rule out custom scripts, either, as they can also be useful.
Dig Deeper on AWS compliance, governance, privacy and regulations
Related Q&A from Ofir Nachmani
Get a cloud expert's take on the technical factors involved in the Capital One data breach that exposed sensitive data of millions of the bank's ... Continue Reading
While Amazon CloudFront can make traffic spikes more manageable, IT teams still need to carefully prepare their environment for these increases in ... Continue Reading
Some AWS users should consider a third-party tool to find better visibility into their network infrastructure and traffic patterns instead of relying... Continue Reading