4Matt Technology

2020 Target: Cloud Tagging Policies

It sounds simple, but for you who have already worked in a large datacenter operation, you know that inventorying and organizing the environment that is already in production is far from simple. 

In the absence of a Cloud Tagging policy, it is very common for individuals or teams to use variations of the same TAG across the environment. When it happens, decision-making reports are extremely difficult to generate. To avoid these complications and ensure that Cloud Tagging policy is used effectively, the 04 Cloud Tagging policy best practices for your cloud environment are consolidated below. 

1- Cloud Tagging policy CATEGORIES:

For those who believed that TAG is only used for Cost Control, we present the four categories that companies already use in cloud governance:

Technical TAG
Cloud Tagging Business
Cloud Tagging Automation
Cloud Tagging Security


AWS IAM policies support conditions based on TAG's, allowing restriction of IAM permissions based on specific TAG's or values of TAG'S. For example, we may include conditions to limit EC2 API calls to specific environments (development, test or production) or Virtual Private Cloud (Amazon VPC) based on your Cloud Tagging policy.

As for Azure, with the use of resource TAG's for RBAC (role-based access control), we can segregate tasks within teams and only grant restricted access to perform their tasks, as opposed to granting unrestricted permissions to everyone in their subscription or resources from Azure, you can only allow certain actions at a specific scope.


One of the duties of the CCoE (cloud center of excellence) teams is to create ways to identify and alert the level of coverage for TAG's throughout the environment, always dividing these reports by business rules. One of the ways to better accomplish this task is to automate daily alerts about resources that are missing TAG's.


Ensuring that a new resource is automatically born with the TAG policy or groups is the essential way to accurately group assets into their appropriate business groups. See some examples of how to automate environments in TAG:

The. Function 1: If any asset is missing from the Environment TAG, send a notification and run a lambda function to tag the resource.

B. Function 2: If any asset is without TAG, alert its owner and stop the instance immediately.

Our recommendation:

These 4 best practices must be managed in a Cloud Center of Excellence (CCoE) and using a single cloud governance platform where you can control AWS, Azure, Google and VMware.

It is very common for companies to only pay attention to the creation and use of TAG policies in the cloud when their environment and consumption are already large and then it may be too late.

we are the 4Matt Technology, experts in Software Governance and CCoE, Cloud Center of Excellence.

TAG: allocation tags tagging best practices cost allocation tagging strategy cost allocation tags aws cost aws resource tagging resources aws billing savings plans tagging compliance values are case sensitive tags and aws cloud security
tag key cloud custodian allocate costs aws console iam policies business units billing and cost management tagging aws resources tags for cost allocation aws cloud aws environment aws cost management google cloud resource supports reduce your aws partner portal cloud environment business tags aws well-architected challenges with tagging organize aws resources aws cost optimization tagging governance untagged resources billing reports resource tagging
tag your resources cost optimization guide management console cloud cost optimization resource usage examples of aws aws service catalog tagging categories resources with tags infrastructure as code aws organizations aws tag
aws tagging strategy ec2 instances aws bill cloud resources aws cost explorer cost explorer aws aws costs cost optimization aws tags aws tagging cloud cost aws tagging best practices aws aws cost allocation cost management tagging strategies aws account aws cost allocation center tag naming naming convention tag resources aws cloudformation tag policies business unit tags for automation cloud costs reserved instance tags for cost in aws tag values tag keys resource tags save money servicenow SAM Software asset management software asset management FINops

Related Posts

Cybersecurity Asset Management: Protect your Company

Cybersecurity asset management, also known as CSAM (Cyber Security Asset Management), plays a crucial role in protecting a company's digital assets. Through this process, it is possible not only to identify and classify information assets, but also to monitor them continuously and effectively, ensuring the

Read more "

6 Practices to Ensure Security with ITAM

Information Technology Asset Management (ITAM) is a set of business practices that unites financial, inventory, contractual and risk functions to manage the lifecycle of IT assets and make strategic decisions for the enterprise. ITAM is crucial for any organization,

Read more "

Uncovering CMDB: Complete FAQ Guide

In this article, we will explore the world of CMDB (Configuration Management Database), answering the most common questions about this important aspect of IT management. From basic meaning to best practices and its implementation, let's dive into the essential questions related to CMDB. 1. CMDB means? CMDB is the

Read more "