AWS Tags are a very simple concept. However, if AWS Tags are applied in a clear and consistent manner, they can make overall Cloud Governance much easier. This blog will cover some practical advice on applying AWS Tags for better oversight of resources.

Applying AWS Tags

AWS Tags can be applied to virtually any resource, compute, storage, database, etc., in your AWS Account. A tag is simply a name-value pair that is associated with your resource. There are simple rules around the syntax of an AWS Tag (AWS Tagging Reference). Tags are native to AWS and are easy to apply.

The basic principle behind AWS Tags is to help categorize and identify resource. As you can see, a few basic keywords and values helps identify my espresso grinder!

Tip #1: Consistency is Key

Consistency is the most obvious tip, but can become more challenging as your organization grows. Consistency is important for both the Tag Name, e.g., Name, Project, etc., as well as the values that can be used for with a given Tag Name.

Develop clear documentation and standards around AWS Tag Names and Values. If possible, try to standardize on Values for a specific Name, e.g., a well-known list of “Locations” or “CostCenter“.

For each Tag Name, make sure that its being applied appropriately, including uppercase/lowercase, spelling, etc. “CostCenter” is not the same as “costcenter“. In the future, when you decide to leverage tags to inventory your cloud footprint, simple typos and/or uppercase letters will throw off your results!

Finally, if at all possible, try to standardize on the format of Tag Values, e.g., “EspGrind-001“, “EspGrind-002“, etc. For certain Tags which could be aggregated in the future, try to standardize the list of values for that Tag, e.g., “CostCenter” can have the values “Dev-007“, “Prod-002“, etc.

Tip #2: Enforce Tags

There are many ways to enforce Tags and it will be highly dependent on how AWS resources are created. Each deployment tool will have its own methods for enforcing Tags.

Enforcement of consistent AWS Tags and Values will make Cloud Governance and Oversight, including Cost Management and Security, much easier. Use your deployment tooling and AWS Policies to enforce tags!

It is also important to note that you can enforce Tags natively via AWS, here are some examples: AWS Tag Enforcement.

Tip 3: Cost Management

Tags are critical to any resource management, and therefore any cost management. By adhering to AWS’s recommended Tagging policies, you will find that many of the standard AWS Reports, including AWS Truster Advisor Cost Management, are more useful. See my other blog post on Controlling Cloud Costs.

Without clear AWS Tags, it is virtually impossible to categorize all your AWS Resources. These categories are the cornerstone for cost management and cost attribution.

Even if you don’t use off the shelf tooling, any API or CLI tools will be much easier to write with clear and consistent AWS Tags. As noted above, simple typos may mean those resources won’t be accounted for and create accounting errors!

Final Thoughts

As a Security Engineer, it is also important for me to note that AWS Tags can play a key role in your management of AWS Resources. I wanted to publish this blog as a primer for Security using AWS Tags.