Cloud Resource Tagging: Reaching your full potential

You take tagging for granted. “Wait!”, you say. “I don’t take it for granted!”, I promise that you do. Whether you are a novice cloud operator or a seasoned architect, you take tagging for granted and, you are doing it wrong. How do I know this? Experience. Specifically, your experience. The IT field has not prepared you to set up tagging appropriately, and therefore, you have one audience in mind for your tagging strategy; you. You tagged your environment based on how you logically built your stack to keep track of your resources. Then, you threw in a few other bonus items like an extra key:value pair for what Operating System the machine is running or if it’s in your production or staging environment. But, that is just the beginning of the potential insights you can gain with an appropriately tagged environment.

The English language has 26 letters in it, and yet great works of literature and song have been created with these building blocks. In contrast, with EC2, you can create up to 50 tags per instance. Imagine the insight you can gain into your environment when those resources have meaningful data attached to them.

Here are a few ideas for how to get more out of your tagging strategy and I will suggest some additional uses of proper tagging below.

Involve other teams and disciplines in your company

In writing, one must consider who the audience is before beginning any writing endeavor. The same goes for tagging. Tagging is not just for you and your IT team; it gives every part of your organization insight into your stack and their workload. Talk to finance, security, networking, HR, and maybe even your DevOps team. You will gain valuable insight into who your audience is and what they can gain from having insight into your cloud environment.

  • How are you using an instance?
  • Where is it located?
  • What is running on it?
  • Where to allocate costs?
  • Who built it?
  • What is attached to it?
  • Are there dependencies?
  • Is there a security concern and why?

Get actionable intelligence

If you activate your tags in the AWS Billing and Cost Management console, you can download some slick little CSV files to compare your charges to your resources.


That is certainly better than nothing but the time involved to gain meaningful insight is painful and extracted information provides zero suggestions into how to save money. I recommend a tool like CloudHealth to pull useful reports for cost, usage, performance and security using your tagging strategy. Also, they have algorithms to find cost savings for you. One drawback of using tagging exclusively is that it only provides point-in-time visibility without insight into historical, stateful data However, a solution like CloudHealth stores and trends your tagging data in daily, weekly, or monthly increments. (Note: We are a CloudHealth Technologies partner because they are awesome.)


Resource Tagging Ideas

Here are a few suggested, best practice, tagging ideas. Many come directly from our friends at AWS.

Technical Tags

Name – Used to identify individual resources

Application ID – Used to identify disparate resources that are related to a specific application

Application Role – Used to describe the function of a particular resource (e.g. web server, message broker, database)

Cluster – Used to identify resource farms that share a common configuration and that perform a specific function for an application

Environment – Used to distinguish between development, test, and production infrastructure

Version – Used to help distinguish between different versions of resources or applications

Tags for Automation

Date/Time – Used to identify the date a resource should be started, stopped, deleted, or rotated

Opt in/Opt out – Used to indicate whether a resource should be automatically included in an automated activity such as starting, stopping, or resizing instances

Security – Used to determine requirements such as encryption or enabling of VPC Flow Logs, and also to identify route tables or security groups that deserve extra scrutiny

Business Tags

Owner – Used to identify who is responsible for the resource

Cost Center/Business Unit – Used to identify the cost center or business unit associated with a resource; typically for cost allocation and tracking

Customer – Used to identify a specific client that a particular group of resources serves

Project – Used to identify the project(s) the resource supports

Security Tags

Confidentiality – An identifier for the specific data confidentiality level a resource supports

Compliance – An identifier for workloads designed to adhere to specific compliance requirements

Six Nines Process

As part of our discovery process, Six Nines makes a priority of understanding your business and technical perspectives and applies that knowledge to your environment. A detailed tagging strategy is an integral part of any project we engage in. Your tagging strategy will be built into any automated scripts that we write for you, and we will provide the tools to help you gain actionable insight from the tags we employ.

Helpful Links

CloudHealth Technologies:

AWS Tagging Strategies:

About Author: Dan Stinebaugh

All Comments

    Write a Comment