How to Use AWS Tags for Your Automation Strategy

AWS offers a unique and powerful tagging feature for AWS resources. The essential idea of tagging is having the ability to identify the resource easier in an organized fashion. This tool can be beneficial in a variety of ways. In this article, we will talk about its tagging functionalities, categories, and use cases. In this two-part article, we will decode AWS Tags and their use cases and show how to automate Amazon cloud backup process using tags.

The Benefits of Tagging

A tag is a metadata attached to a resource with the ability to identify a resource easily. It is always in a key-value pair, meaning that each tag is a simple label (key) with a value associated with it. Many users solely use tags to give a common name to a resource, but if a resource is tagged well and managed for a proper use case, it will help with multiple use cases.

aws-tags-automation-1

Let’s understand the commonly used tagging categories.

  1. Tagging for Deployment: Whether the deployed resource is Development / Production or Test.
  2. Tagging based on Application Usage: This is dependant on the use case of that resource. Specifically, it depends on whether the application is hosted on EC2 is Web Application / App Server / Database / Analytic server, etc.
  3. Tagging based on ownership: Sometimes, you will need to define who can access or who is responsible for the resource. It might be an IAM user or a Lambda function.
  4. Tagging for Automation: Sometimes, you want to set up tags that will help identify the resource and bring automation such as backup, start, or stop the instance.
  5. Tagging for Cost Structure: In some cases, there might be multiple cost centers within an organization using same AWS account. You can tag your resources based on those cost centers and use AWS tag-based reports to find the actual costs for each cost center.

aws-tags-automation-2Think of an environment where there are hundreds of instances running. In that case, it can be difficult to identify the purpose of that resource. Here, tagging resources based on multiple categories can help manage them better programmatically as well as visually. As an example,  you can have Production as well Test Database Servers. In this case, you tag each Production server separately along with additional tags for a Business Use case, as shown in the image.

Putting Tagging Into Practice

Tagging helps in multiple use cases. Some of them are listed below:

  1. Resource Management: When you have a huge server fleet, it’s not easy to manage resources without tagging. Tagging empowers you to identify the resource and manage them easily. This is especially useful when you have a large number of resources to manage under the same account, or when you are launching multiple new resources using AutoScaling or any automated process.
  2. Cost Management: This is one of the prime use cases. You can always use tags to organize bill cost structure. In order to utilize this function, you are required to enable it from your AWS accounts by setting up cost allocation reports.This feature helps identify and break resource usage based on cost center / department separately.
  3. Resource Grouping: Resource Groups allows a user to easily create, maintain, and view a collection of resources that share common tags. It also allows you to search globally as well as edit tags in bulk, all with just a few clicks.
  4. Tagging for Automation: One unique use case is tagging a resource for automation. For example, if you want to automate the backup of a few resources, you can tag the resources with a unique tag and automate the backup process with tagging. CPM offers that unique feature where it enables you to initiate backup based on tagging.
  5. Tagging for Control : With AWS IAM to help, the account owner can define conditions in IAM policy that allow access to only selected users based on tags. For example, If I want user A to start / stop resources that have been tagged “N2WS”, I can define the policy as below:
    aws-tags-automation-3
  6. Automated Provision / Replica: Sometimes, you are provisioning resources automatically, such as using Auto Scaling. In such cases, tagging is very important when identifying the use case of the resource. It can also help in automated backup configuration or for replica creation of that resource.

As we have seen, there are multiple types of tagging to meet the needs of various use cases. However, we should also understand the limitations of tagging.

  1. Tags are just simple strings that you can assign a value to. By assigning any value, it does not create any semantic meaning for AWS.
  2. The value of a tag can be an empty string but it cannot be NULL
  3. When looking at the popularity of Tags, AWS has recently increased the limit of tags per resource from 10 to 50 for most services. The list of services and their limits is available here.
  4. Each tag should have a key that is less than 127 Unicode characters in UTF-8
  5. Each value should be less than 255 Unicode characters in UTF-8
  6. Tags are case sensitive
  7. You cannot use AWS as prefixes for the tag since it is reserved for AWS
  8. Generally, acceptable characters for tags are: letters, spaces, and numbers representable in UTF-8, plus the following special characters: + – = . _ : / @.
  9. You cannot tag all resources. Some resources can only be tagged with API or CLI.

As we have seen in this article, tagging Amazon resources is a mechanism that helps in managing and organizing resources in an AWS environment. You should tag the resources based on categories so that they can easily be identified based on their use case. If resources are tagged properly, they can also help in organizing cost breakup, automation, and access control. It is important for an organization to adopt a consistent tagging policy to track, analyze, optimize, and automate.

References:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html
https://aws.amazon.com/blogs/aws/resource-groups-and-tagging/
https://blogs.aws.amazon.com/security/post/Tx3O5RCX34VOGY6/Now-Organize-Your-AWS-Resources-by-Using-up-to-50-Tags-per-Resource

Share this post →

You might also like: