Every AWS resource has key value pairs called tags. You can organize your resources using these key-value pairs. In this article, I want to tell you these organization scenarios and examples.
Let’s take a quick look at what we can do using tags
1- Keep track of how much you pay for your resources
If there are multiple teams on same the account, It is hard to track resource esage. For example, there may be unused resources, not utilized resources, resources with a higher-than-normal pay rise, etc. You can detect such situations early thanks to the tags. In cost explorer, there are tag filters for your resources.
2- Manage Access Control
IAM policies have an option for tags. You can give access to resources by tags. Here is a tutorial about IAM roles with tags
3- Automated Processes
You can add conditions to your automated jobs, scripts about AWS Resources. For example, stop at night if environment=stage.
As you can see, there are many advantages to adding tags to your sources. I don’t recommend having a service without tags on AWS. In such a case, it becomes very difficult to find out who created the resource and for what purpose, and to follow up the invoice.
How should be a resource tag policy?
To take advantage of the benefits I mentioned in the previous section, everyone working in your AWS account must follow the same tagging rules. Because it is not easy to detect wrongly tagged or untagged resources. That’s why tags should be easy to understand and descriptive also the case style needs to be common as it will be case sensitive.
I would like to give a few examples of tags that may be useful to you. These can be tags such as ‘team’, ‘environment’, ‘domain’, ‘project’. For example, if we look at the invoice details, we can filter the invoice on the basis of team, project and environment. We can track how much each team spends.
The team structure and the technologies used can cause changes in the tag structure. For example, if you have projects that use infrastructure as code, you can add managed-by tag and add values such as Cloudformation, Terraform, CDK. You can agree with your team on issues such as let’s not change the ‘managed-by!=manual’ resources over the interface. To expand your imagination about tags, you can read this article.
Here is an example:
Name: this one is an AWS predefined tag. If you add a “Name” tag to your resource, you can see the value on the AWS console.
team: responsible team for this resource
environment: environment of resource like production, stage, development
project: What project does this resource belong to?
access:team: this is multiple value tag to add conditions to IAM policy.
Some seemingly insignificant things can sometimes be more important than we expect. AWS tags were like that for me too. I hope this article was useful for you. You can see other articles on this subject on the homepage. See you later
Leave a Reply