Tagging AWS resources

Tags

You can assign metadata to your AWS resources in the form of tags. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources. You can create tags to categorize resources by purpose, owner, environment, or other criteria.

Best practices

As you create a tagging strategy for AWS resources, follow best practices:

  • Do not store personally identifiable information (PII) or other confidential or sensitive information in tags.

  • Use a standardized, case-sensitive format for tags, and apply it consistently across all resource types.

  • Consider tag guidelines that support multiple purposes, like managing resource access control, cost tracking, automation, and organization.

  • Use automated tools to help manage resource tags. AWS Resource Groups and the Resource Groups Tagging API enable programmatic control of tags, making it easier to automatically manage, search, and filter tags and resources.

  • Use too many tags rather than too few tags.

  • Remember that it is easy to change tags to accommodate changing business requirements, but consider the consequences of future changes. For example, changing access control tags means you must also update the policies that reference those tags and control access to your resources.

Tagging categories

Companies that are most effective in their use of tags typically create business-relevant tag groupings to organize their resources along technical, business, and security dimensions. Companies that use automated processes to manage their infrastructure also include additional, automation-specific tags.

Technical Tags Tags for Automation Business Tags Security Tags

  • Name – Identify individual resources

  • Application ID – Identify resources that are related to a specific application

  • Application Role – Describe the function of a particular resource (such as web server, message broker, database)

  • Cluster – Identify resource farms that share a common configuration and perform a specific function for an application

  • Environment – Distinguish between development, test, and production resources

  • Version – Help distinguish between versions of resources or applications

  • Date/Time – Identify the date or time a resource should be started, stopped, deleted, or rotated

  • Opt in/Opt out – Indicate whether a resource should be included in an automated activity such as starting, stopping, or resizing instances

  • Security – Determine requirements, such as encryption or enabling of Amazon VPC flow logs; identify route tables or security groups that need extra scrutiny

  • Project – Identify projects that the resource supports

  • Owner – Identify who is responsible for the resource

  • Cost Center/Business Unit – Identify the cost center or business unit associated with a resource, typically for cost allocation and tracking

  • Customer – Identify a specific client that a particular group of resources serves

  • Confidentiality – An identifier for the specific data confidentiality level a resource supports

  • Compliance – An identifier for workloads that must adhere to specific compliance requirements
Abhishek Verma

Abhishek Verma

Related posts

Currently there are no comments, so be the first!