How to Develop a Public Cloud Tag Management Strategy

The Ultimate Guide to Public Cloud Tag Management

Why a Cloud Tagging Strategy Matters and How You Can Get Started

Key takeaways:

• Learn the types of tags in public cloud and why to use them
• Develop an effective tag management strategy across organizations of any size
• Discover how cloud management tools can help you make sense of tagging

In public cloud environments like Amazon Web Services (AWS) and Microsoft Azure, tagging is a critical piece of managing cloud computing costs and understanding the utilization of resources. Tagging public cloud resources is an essential step in gaining actionable data points around cloud costs and usage. While tagging can seem like an overwhelming process to implement, administrators can follow several best practices and develop their own strategies to simplify tagging across their organizations.

Keep reading this guide to learn the types of public cloud tags, effective tag utilization, the requirements and limitations of tags, and cost and utilization reporting in cloud tools.

What is a tag?

A tag is a label assigned to a cloud resource. Tags consist of two parts: a key and a value. Think of it like a name tag: the key, or the type of tag, would be “name,” and the value, or label associated with that key, would be something like “Mike.” In business, the key “Department” might have values like “Operations” or “Finance,” and a key for “Environment” could list “Production” or “DevOps” as values.

There are two different kinds of tags. The first are tags created by AWS or Azure, such as an instance ID or subnet ID. These are automatically generated and cannot be altered. They typically contain long strings of letters and numerals and might look something like this:

The other type of tags are user-defined tags, which this guide will primarily focus on. These tags can be labeled in ways that make sense for a business. For example, a user might define a tag’s key as “environment” and its value as “production.”

Why use tags?

Public cloud tagging serves many purposes. Most notably, they give organizations greater visibility into cloud usage and costs across functions. They also help teams see more efficiency across departments, for instance between finance and DevOps.

Without proper tags, businesses risk letting cloud costs slip through the cracks and could end up paying too much for their services. A solid public cloud tag management strategy can prevent mistakes and increase the efficiency of reporting, operations management, and even cybersecurity.

Common use cases for tagging include:

1. Cost reporting

Cost allocation is frequently the main reason that businesses prioritize tagging resources. With proper tagging, organizations gain clarity around cloud usage and costs. Public cloud reporting features enable administrators to chargeback usage to the appropriate department and easily reallocate resources as demand changes. In cases where cloud computing resources are shared across functions, administrators may be able to earn volume discounts for combined usage.

2. Access management

Tagging enables administrators to limit the access of users or roles to resources or services within an account. Access management plays a crucial role in an organization’s cloud governance by ensuring that only the right users have access to the right resources.

3. Security risk management

In addition to access management, tags are essential in identifying resources that may hold personally identifiable information. Tracking these resources also makes it easier to spot violations in security policy (e.g., a Simple Storage Service [S3] bucket that is public and shouldn’t be).

4. Operations management

Tags can help administrators identify resources that might need an update. They can also schedule backups for specific resources by looking at tagging data.

5. Automation

With tagging, administrators can see which resources need to be automated. This might include automatic startup or shutdown of instances depending upon demand.

6. Resource group management

By default, public cloud providers may organize resources by service. Tagging can help administrators change how resources are organized.

How to implement a public cloud tag management strategy in 5 simple steps

While tagging every cloud resource may seem a daunting task, especially with stakeholders across functions involved, businesses can take several steps to implement an effective tagging process. Here are five steps that can help you get started:

Step 1: Determine requirements

Start with a cross-functional team of stakeholders who will be using tags. Note that these may not necessarily be employees in technical roles. They may be from finance, sales, marketing, or any other group using cloud resources. Make sure to meet as a group. This will not only help you hear everyone’s concerns but also reduce miscommunication across teams.

Step 2: Document everything

Once this process is underway, make sure to document all meeting notes. Include the definitions of tags, how they will be used, and any reasons behind the decision to implement these tags. Tag owners should be able to clearly articulate the purpose of a tag. This cross-functional team will also need to agree on the requirements for tags and when they should or should not be in use.

Step 3: Be consistent

Early on, you will need to determine the naming conventions for your tagging system. Decide on a standardized naming approach for tags, and remember restrictions like case sensitivity. If a business is attributing assets to different departments, then all users involved should follow a standardized format for tagging. Make sure that capitalization and naming conventions are consistent across functions in order to avoid creating duplicate tags.

Remember to be mindful of other tagging restrictions. In AWS, most resources are limited to no more than 50 tags each; exceptions include S3 objects, which can only have a maximum of 10 tags per resource. For each resource, each tag key must be unique and can only have one value. For billing and cost management, the maximum number of active user-defined keys is 500. Although these limits exist, they are sufficient in most cases to give organizations a granular level of data on their resources. Finally, only some services allow tagging on creation; with others you will be able to go back and add the tag later.

Step 4: Start small

The public cloud tag management needs of your organization will evolve as time goes on. To get started, choose a small set of required tags you will need in the short term and build on them as needed. You may want to choose a particular type of tag to begin with. For maximum benefit, try focusing on tags for cost reporting. Align these tags with internal reporting requirements, such as by department or function, to enable you to filter data accordingly. This will help you see cloud usage across departments and issue appropriate chargebacks.

Step 5: Tag everything

Tag early and tag often! Even if certain resources are not widely used today, they could become the focus of a future project. By tagging everything early, you can prevent these costs from becoming difficult to track and manage later.

Getting more from cloud resource tagging

“You can’t manage what you don’t measure.” – Peter Drucker

So you’ve set up your tags and created a strategy to share responsibility for tagging across your organization. Now what?
With proper tagging, reporting can help you determine whether your organization is meeting KPIs around cloud usage. It also provides an accurate view of cloud utilization for chargebacks and showbacks. You can generate these reports using native cloud tools as well as a cloud management platform for increased visibility.

Using reporting features

Native reporting features in AWS and Azure can shed light on historical cost and utilization trends. IT budgets are often dependent on showing that a technology investment is vital for operations. Reports enable you to demonstrate this through reports on historical use by department and the costs associated with each department’s utilization. Reporting can also help you discover inactive tags and resources, which can be valuable when trying to consolidate cloud costs.

Allocating costs

Identifying historical trends

Monitoring tags with a cloud management platform

Manually monitoring and mapping tags can be difficult and time-consuming. Cloud management software like CloudCheckr can help you gain additional reporting functionality and develop more efficient public cloud tag management practices.

Generating reports and invoices

CloudCheckr enables you to filter resources by tags in order to create an invoice for a customer or function. When resources are tagged accurately, you can sort by aggregate, cost type, group by, and resource ID and filter by account, region, service, operation, and usage type. 

Setting critical alerts

Sudden increases in cloud costs can be an unpleasant surprise at best and could easily disrupt an annual budget at worst. With CloudCheckr, you can set alerts to know when cloud computing costs have spiked. These budget alerts can be set to activate when costs for an account, service, or tag reach a certain percentage. CloudCheckr’s alerts integrate with email, SMS, Slack, Jira, and other services for up-to-the-minute updates.

Mapping tags in CloudCheckr

Tags have syntax-based restrictions like case sensitivity, so administrators must standardize naming and capitalization conventions. For example, AWS prevents the creation of duplicate tag keys, but it also won’t alert administrators when two tags like “Production” and “production” are created.

CloudCheckr offers additional capabilities for effective tag mapping. Tag mapping identifies similar tags so that you can simplify and merge them. This is a crucial step to simplify reporting and enables administrators to identify cloud usage by department, environment, or other factors without making costly errors.

An example of tag mapping may look something like this:

Another tag mapping feature in CloudCheckr allows you to assign percentages to tag maps in order to divide charges based on tag values. This feature can help an organization split the costs of a single resource by percentage. This might look something like:

• Map 50% of the cost to Tag Key: CC_ProjectCenter, Tag Value: 1
• Map 40% of the cost to Tag Key: CC_ProjectCenter, Tag Value: 2
• Map 10% of the cost to Tag Key: CC_ProjectCenter, Tag Value: 3 

Overall, the more accurate your tag mapping, the more granular and accurate your data and the more transparency you have into cloud costs and utilization.

4 measures you can take to maintain your public cloud tagging efforts

Good tag management is not a one-and-done process. By developing a solid tag management strategy among key stakeholders and using resources like CloudCheckr, you can continually monitor tags to ensure that your resources are properly utilized. Here are some additional steps that will help you maintain tagging best practices:

1. Periodically audit tags

An audit can help you determine which tags are in use and which ones may have become irrelevant. To do this, look at cost-of-usage reports to see each tag key. You can always deactivate inactive keys.

2. Update tags when needed

While your team’s bandwidth may vary throughout the year, there isn’t necessarily a “right” time to look at tags. If your organization has seen any major changes, such as to its org chart (e.g., merging departments), reviewing and updating tags may become a priority.

3. Manage requests in a timely fashion

When departments realize they get more visibility into cloud spending, they will likely have requests for more granular data. You may need to go in and add tags periodically based on requests from finance or other teams so that they have access to this information when they need it. Ideally, you should do this sooner rather than later to keep cost allocations and utilization data up to date.

4. Continue your education

Tagging may feel like a complex process, but there are plenty of resources available to help you make the most of your tags. Amazon Web Services has a multitude of resources, including a list of best practices, and Microsoft Azure has additional documentation.

Ready to implement your public cloud tag management strategy?

CloudCheckr has the tools you need to manage costs, clean up tags, generate more granular reports, and ensure that you get the most out of your cloud investment. Learn more about CloudCheckr.