In public cloud environments like Amazon Web Services (AWS) and Microsoft Azure, tagging is a critical piece of managing cloud computing costs and understanding the utilization of resources. Tagging public cloud resources is an essential step in gaining actionable data points around cloud costs and usage. While tagging can seem like an overwhelming process to implement, administrators can follow several best practices and develop their own strategies to simplify tagging across their organizations. CloudCheckr recently co-hosted a webinar with Privo on Tag Management Strategies to Help Make Sense of Your AWS Bill. Privo specializes in helping users plan, build, manage, and optimize their AWS infrastructure to get the most out of their cloud storage. Mike Boudreau, Director of Cloud Cost Optimization at Privo, joined CloudCheckr’s Director of Product Marketing Todd Bernhard to discuss best practices around tagging. In this webinar, attendees learned the types of public cloud tags, effective tag utilization, the requirements and limitations of tags, and cost and utilization reporting in cloud tools. Our guide below covers the material from the webinar, which you can watch on-demand here.
What is a tag?
A tag is a label assigned to a cloud resource. Tags consist of two parts: a key and a value. Think of it like a name tag: the key, or the type of tag, would be “name,” and the value, or label associated with that key, would be something like “Mike.” In business, the key “Department” might have values like “Operations” or “Finance,” and a key for “Environment” could list “Production” or “DevOps” as values.
There are two different kinds of tags. The first are tags created by AWS or Azure, such as an instance ID or subnet ID. These are automatically generated and cannot be altered. They typically contain long strings of letters and numerals and might look something like this:
The other type of tags are user-defined tags, which this guide will primarily focus on. These tags can be labeled in ways that make sense for a business. For example, a user might define a tag’s key as “environment” and its value as “production.”
Why use tags?
Public cloud tagging serves many purposes. Most notably, they give organizations greater visibility into cloud usage and costs across functions. They also help teams see more efficiency across departments, for instance between finance and DevOps. Without proper tags, businesses risk letting cloud costs slip through the cracks and could end up paying too much for their services. A solid public cloud tag management strategy can prevent mistakes and increase the efficiency of reporting, operations management, and even cybersecurity.
Common use cases for tagging include:
1. Cost reporting
Cost allocation is frequently the main reason that businesses prioritize tagging resources. With proper tagging, organizations gain clarity around cloud usage and costs. Public cloud reporting features enable administrators to chargeback usage to the appropriate department and easily reallocate resources as demand changes. In cases where cloud computing resources are shared across functions, administrators may be able to earn volume discounts for combined usage.
2. Access management
Tagging enables administrators to limit the access of users or roles to resources or services within an account. Access management plays a crucial role in an organization’s cloud governance by ensuring that only the right users have access to the right resources.
3. Security risk management
In addition to access management, tags are essential in identifying resources that may hold personally identifiable information. Tracking these resources also makes it easier to spot violations in security policy (e.g., a Simple Storage Service [S3] bucket that is public and shouldn’t be).
4. Operations management
Tags can help administrators identify resources that might need an update. They can also schedule backups for specific resources by looking at tagging data.
With tagging, administrators can see which resources need to be automated. This might include automatic startup or shutdown of instances depending upon demand.
6. Resource group management
By default, public cloud providers may organize resources by service. Tagging can help administrators change how resources are organized.
How to implement a public cloud tag management strategy in 5 simple steps
While tagging every cloud resource may seem a daunting task, especially with stakeholders across functions involved, businesses can take several steps to implement an effective tagging process. Here are five steps that can help you get started:
Step 1: Determine requirements
Start with a cross-functional team of stakeholders who will be using tags. Note that these may not necessarily be employees in technical roles. They may be from finance, sales, marketing, or any other group using cloud resources. Make sure to meet as a group. This will not only help you hear everyone’s concerns but also reduce miscommunication across teams.
Step 2: Document everything
Once this process is underway, make sure to document all meeting notes. Include the definitions of tags, how they will be used, and any reasons behind the decision to implement these tags. Tag owners should be able to clearly articulate the purpose of a tag. This cross-functional team will also need to agree on the requirements for tags and when they should or should not be in use.
Step 3: Be consistent
Early on, you will need to determine the naming conventions for your tagging system. Decide on a standardized naming approach for tags, and remember restrictions like case sensitivity. If a business is attributing assets to different departments, then all users involved should follow a standardized format for tagging. Make sure that capitalization and naming conventions are consistent across functions in order to avoid creating duplicate tags. Remember to be mindful of other tagging restrictions. In AWS, most resources are limited to no more than 50 tags each; exceptions include S3 objects, which can only have a maximum of 10 tags per resource. For each resource, each tag key must be unique and can only have one value. For billing and cost management, the maximum number of active user-defined keys is 500. Although these limits exist, they are sufficient in most cases to give organizations a granular level of data on their resources. Finally, only some services allow tagging on creation; with others you will be able to go back and add the tag later.
Step 4: Start small
The public cloud tag management needs of your organization will evolve as time goes on. To get started, choose a small set of required tags you will need in the short term and build on them as needed. You may want to choose a particular type of tag to begin with. For maximum benefit, try focusing on tags for cost reporting. Align these tags with internal reporting requirements, such as by department or function, to enable you to filter data accordingly. This will help you see cloud usage across departments and issue appropriate chargebacks.
Step 5: Tag everything
As Todd Bernhard of CloudCheckr said in the webinar, “Tag early and tag often!” Even if certain resources are not widely used today, they could become the focus of a future project. By tagging everything early, you can prevent these costs from becoming difficult to track and manage later.
Getting more from cloud resource tagging
“You can’t manage what you don’t measure.” – Peter Drucker
So you’ve set up your tags and created a strategy to share responsibility for tagging across your organization. Now what? With proper tagging, reporting can help you determine whether your organization is meeting KPIs around cloud usage. It also provides an accurate view of cloud utilization for chargebacks and showbacks. You can generate these reports using native cloud tools as well as a cloud management platform for increased visibility.
Using reporting features
Native reporting features in AWS and Azure can shed light on historical cost and utilization trends. IT budgets are often dependent on showing that a technology investment is vital for operations. Reports enable you to demonstrate this through reports on historical use by department and the costs associated with each department’s utilization. Reporting can also help you discover inactive tags and resources, which can be valuable when trying to consolidate cloud costs.
Identifying historical trends
Monitoring tags with a cloud management platform
Manually monitoring and mapping tags can be difficult and time-consuming. Cloud management software like CloudCheckr CMx can help you gain additional reporting functionality and develop more efficient tag management practices.
Generating reports and invoices
CloudCheckr CMx enables you to filter resources by tags in order to create an invoice for a customer or function. When resources are tagged accurately, you can sort by aggregate, cost type, group by, and resource ID and filter by account, region, service, operation, and usage type.
Setting critical alerts
Sudden increases in cloud costs can be an unpleasant surprise at best and could easily disrupt an annual budget at worst. With CloudCheckr CMx, you can set alerts to know when cloud computing costs have spiked. These budget alerts can be set to activate when costs for an account, service, or tag reach a certain percentage. CloudCheckr’s alerts integrate with email, SMS, Slack, Jira, and other services for up-to-the-minute updates.
Mapping tags in CloudCheckr CMx
Tags have syntax-based restrictions like case sensitivity, so administrators must standardize naming and capitalization conventions. For example, AWS prevents the creation of duplicate tag keys, but it also won’t alert administrators when two tags like “Production” and “production” are created. CloudCheckr CMx offers additional capabilities for effective tag mapping. Tag mapping identifies similar tags so that you can simplify and merge them. This is a crucial step to simplify reporting and enables administrators to identify cloud usage by department, environment, or other factors without making costly errors. An example of tag mapping may look something like this:
the above tags could all be mapped to…
Another tag mapping feature in CloudCheckr CMx allows you to assign percentages to tag maps in order to divide charges based on tag values. This feature can help an organization split the costs of a single resource by percentage. This might look something like:
Map 50% of the cost to Tag Key: CC_ProjectCenter, Tag Value: 1
Map 40% of the cost to Tag Key: CC_ProjectCenter, Tag Value: 2
Map 10% of the cost to Tag Key: CC_ProjectCenter, Tag Value: 3
Overall, the more accurate your tag mapping, the more granular and accurate your data and the more transparency you have into cloud costs and utilization.
4 measures you can take to maintain your public cloud tagging efforts
Good tag management is not a one-and-done process. By developing a solid tag management strategy among key stakeholders and using resources like CloudCheckr CMx, you can continually monitor tags to ensure that your resources are properly utilized. Here are some additional steps that will help you maintain tagging best practices:
1. Periodically audit tags
An audit can help you determine which tags are in use and which ones may have become irrelevant. To do this, look at cost-of-usage reports to see each tag key. You can always deactivate inactive keys.
2. Update tags when needed
While your team’s bandwidth may vary throughout the year, there isn’t necessarily a “right” time to look at tags. If your organization has seen any major changes, such as to its org chart (e.g., merging departments), reviewing and updating tags may become a priority.
3. Manage requests in a timely fashion
When departments realize they get more visibility into cloud spending, they will likely have requests for more granular data. You may need to go in and add tags periodically based on requests from finance or other teams so that they have access to this information when they need it. Ideally, you should do this sooner rather than later to keep cost allocations and utilization data up to date.