Tagging capability - Establishing Your Cloud Foundation on AWS

Tagging capability

Tagging is the act of assigning metadata to the different resources in your AWS environment for a variety of purposes, such as Attribute Based Access Control (ABAC), Cloud Financial Management, and automation (such as patching for select tagged instances). Tagging can also be used to create new resource constructs for visibility or control (such as grouping together resources that make up a micro-service, application, or workload). Tagging is fundamental to providing enterprise-level visibility and control.


  • Central IT (Primary)

  • Finance

  • Security

  • Software Engineering


  • Cloud Team - the team(s) who make cloud available to customers.

  • Security Team - the members of the cloud team responsible for security in AWS.

  • Finance Team - the members of the finance team responsible for reporting, allocating, and forecasting cloud costs.

  • Customer - entity within the company that consumes the logs stored within the log storage.

Supporting capabilities: Identity Management and Access Control capability


  • CF23 - S1: Tag definition and assignment

  • CF23 - S2: Tag compliance

  • CF23 - S3: Tag usage