It sounds simple, but for you who have already worked in a large datacenter operation, you know that inventorying and organizing the environment that is already in production is far from simple.
In the absence of a Cloud Tagging policy, it is very common for individuals or teams to use variations of the same TAG across the environment. When it happens, decision-making reports are extremely difficult to generate. To avoid these complications and ensure that Cloud Tagging policy is used effectively, the 04 Cloud Tagging policy best practices for your cloud environment are consolidated below.
1- Cloud Tagging policy CATEGORIES:
For those who believed that TAG is only used for Cost Control, we present the four categories that companies already use in cloud governance:
2- ACCESS CONTROL IN CLOUD TAGGING POLICIES:
AWS IAM policies support conditions based on TAG's, allowing restriction of IAM permissions based on specific TAG's or values of TAG'S. For example, we may include conditions to limit EC2 API calls to specific environments (development, test or production) or Virtual Private Cloud (Amazon VPC) based on your Cloud Tagging policy.
As for Azure, with the use of resource TAG's for RBAC (role-based access control), we can segregate tasks within teams and only grant restricted access to perform their tasks, as opposed to granting unrestricted permissions to everyone in their subscription or resources from Azure, you can only allow certain actions at a specific scope.
3- REPORTS and ALERTS:
One of the duties of the CCoE (cloud center of excellence) teams is to create ways to identify and alert the level of coverage for TAG's throughout the environment, always dividing these reports by business rules. One of the ways to better accomplish this task is to automate daily alerts about resources that are missing TAG's.
4- COMPLIANCE AND AUTOMATION TAG:
Ensuring that a new resource is automatically born with the TAG policy or groups is the essential way to accurately group assets into their appropriate business groups. See some examples of how to automate environments in TAG:
The. Function 1: If any asset is missing from the Environment TAG, send a notification and run a lambda function to tag the resource.
B. Function 2: If any asset is without TAG, alert its owner and stop the instance immediately.
Our recommendation:
These 4 best practices must be managed in a Cloud Center of Excellence (CCoE) and using a single cloud governance platform where you can control AWS, Azure, Google and VMware.
It is very common for companies to only pay attention to the creation and use of TAG policies in the cloud when their environment and consumption are already large and then it may be too late.
we are the 4Matt Technology, experts in Software Governance and CCoE, Cloud Center of Excellence.
TAG: allocation tags tagging best practices cost allocation tagging strategy cost allocation tags aws cost aws resource tagging resources aws billing savings plans tagging compliance values are case sensitive tags and aws cloud security
tag key cloud custodian allocate costs aws console iam policies business units billing and cost management tagging aws resources tags for cost allocation aws cloud aws environment aws cost management google cloud resource supports reduce your aws partner portal cloud environment business tags aws well-architected challenges with tagging organize aws resources aws cost optimization tagging governance untagged resources billing reports resource tagging
tag your resources cost optimization guide management console cloud cost optimization resource usage examples of aws aws service catalog tagging categories resources with tags infrastructure as code aws organizations aws tag
aws tagging strategy ec2 instances aws bill cloud resources aws cost explorer cost explorer aws aws costs cost optimization aws tags aws tagging cloud cost aws tagging best practices aws aws cost allocation cost management tagging strategies aws account aws cost allocation center tag naming naming convention tag resources aws cloudformation tag policies business unit tags for automation cloud costs reserved instance tags for cost in aws tag values tag keys resource tags save money servicenow SAM Software asset management software asset management FINops