In the previous blog post, we had discussed how a Resource Tagging Strategy is essential for multi-cloud environment. In this blog post, we will discuss the key features of a robust Resource Tagging policy and recommended best practices.
A disciplined Resource Tagging policy is the cornerstone of a robust cloud governance.
A well-crafted Resource Tagging policy and automated tag hygiene will bolster governance for visibility, accountability, cloud cost reporting, optimization, and seamless operations.
- Global Policy
A centralized IT team will own the process and will define a global tagging policy in a consistent way by securing feedback from key stakeholders.
The real benefit of Resource Tagging can be realized only when it is enforced globally across all teams. Even a slightest deviation will defeat the purpose. For successful results, it is critical to get the buy-in of key stakeholders. If not tagged as per the defined guidelines, resources can be inadvertently terminated, or escalation notifications sent to managers.
- Consistent Reporting
Set up consistent tag reporting to monitor the global tags by a group.
After implementing the Resource Tagging policy, a daily/weekly report should be set up for monitoring global tags. These reports show the current state and track improvements in tag coverage thus making the benefits measurable.
- Automated Alerts
Create daily automated alerts for missing tags.
Any resources that are missing tags, need to be reported daily through automated alerts. This visibility is essential for effective tag management and resource consistency.
- Automated Process
Focus on automating the tagging processes.
Once a Resource Tagging strategy has been implemented and standardized, the Resource Tagging process should be automated. Use scripts to generate alerts on missing or untagged resources and enforce the correct usage of tags. To standardize tags, automated scripts can be used to correct tag names as per the pre-defined standards.
Some Resource Tagging best practices recommended by AWS are:
- Do not store personally identifiable information (PII) or other confidential or sensitive information in tags
- Use a standardized, case-sensitive format for tags, and apply it consistently across all resource types
- Consider tag guidelines that support multiple purposes, like managing resource access control, cost tracking, automation, and organization
- Use automated tools to help manage resource tags
- Use too many tags rather than too few tags
- Remember that it is easy to change tags to accommodate changing business requirements but consider the consequences of future changes
(Source: AWS Tagging Best Practices Whitepaper)
Some Resource Tagging best practices from Azure are as follows:
- Not all resource types support tags. To determine if you can apply a tag to a resource type, see Tag support for Azure resources
- Each resource, resource group, and subscription can have a maximum of 50 tag name/value pairs
- The tag name is limited to 512 characters, and the tag value is limited to 256 characters
- Tags can't be applied to classic resources such as Cloud Services
- Tag names can't contain these characters: <, >, %, &, \\, ?, /
(Source – Azure Documentation)
Google Cloud Platform recommends the following:
- A tag can be no longer than 63 characters each
- A tag can only contain lowercase letters, numeric characters, and dashes
- A tag must start and end with either a number or a lowercase character
(Source: Google Cloud Platform Blog)
Tags can be based on various types depending on the Resource Tagging strategy. It’s seen that business-relevant tag groupings are very effective since they help organize resources along business, technical, and security dimensions. Additional, automation-specific tags can add more value as well.
In conclusion, implementing a robust and disciplined Resource Tagging policy empowers your cloud FinOps practice to streamline cloud cost management initiatives and help in operating a lean and highly optimized cloud operations.