Tagging is a simple way to manage AWS resources and achieve higher operational efficiency, transparency, security and cost savings. A seemingly innocuous practice based on logic and common sense, tagging helps in organizing AWS resources. Specifically, tagging helps zero in on resources when required—its relevance become amply evident during crisis when a resource has to be urgently located!
Tags are user-defined nomenclatures comprising relevant metrics for easy identification and management. Systematic tagging which accurately reflect the organization, purpose, owner, environment or other relevant criteria make it easy to search, filter and discover resources; allocate costs; control access to resources across services and regions, and back-up resource groups programmatically with a single API call.
Tagging is particularly useful in large deployments but must be inculcated as a best practice even amongst smaller deployments. New-age MSPs rigorously adopt this best practice as a strategy for easy manageability, enhanced security and efficiency. Umbrella recommends tagging and promotes it as a default strategy for three reasons:
- To easily identify a resource and categorize it according to deployment. For example, web servers, application servers and database servers.
- To achieve granularity in billing and analyse spending patterns by business, applications or projects.
- To introduce automation in routine tasks such as scheduling back-ups at regular intervals. Not all data output require backup, certain data require short-term storage and deletion after specified time while some data require storage and archival for compliance and reference.
Umbrella has developed tools that programmatically tag resources for specific functions such as switch off/ switch on resources on schedule; manage data back-ups, storage and archival at specified times. In addition to our own tools, we also use AWS Resource Groups Tagging API for custom tagging.
A key practice for effective tagging is to have standardization in naming convention and follow it consistently. Umbrella’s experience finds tagging works best when it is aligned with business and operations logic, adding dimensions to create specific groups.
For example tagging could be under the following heads: Business (owner/customer/project); Technical (application, version, environment such as dev/test/production); Security (confidentiality/compliance); Automation (opt in-opt out/date and time/security groups).
Below are some best practices Umbrella adopts while tagging:
- We use standardized, case-sensitive format for tags.
- While tagging we consider ability to organize, automate, manage access control, and track cost.
- We use custom-built automation to implement and manage resource tags.
- It is better to err on the side of using too many tags rather than too few tags.
- We ensure tagging accommodates changing business requirements—specifically tag-based access control, automation, and billing reports.