Defining and publishing a tagging schema - Best Practices for Tagging AWS Resources

Defining and publishing a tagging schema

Employ a consistent approach in tagging your AWS resources, both for mandatory and optional tags. A comprehensive tagging schema helps you to achieve this consistency. The following examples can help get you started:

  • Agree on the mandatory tag keys

  • Define acceptable values and tag naming conventions (upper or lower case, dashes or underscores, hierarchy, and so on)

  • Confirm values would not constitute personally identifiable information (PII)

  • Decide who can define and create new tag keys

  • Agree on how to add new mandatory tag values and how to manage optional tags

Review the following tagging categories table, which can be used as a baseline of what you might include in your tagging schema. You still need to determine the convention you will use for the tag key and what values are permitted for each. The tagging schema is the document in which you define this for your environment.

Table 6 – Example of a definitive tagging schema

Use Case Tag Key Rationale Allowed Values (Listed or value prefix/suffix) Used for Cost Allocation Resource Types Scope Required
Cost Allocation example-inc:cost-allocation:ApplicationId Track cost vs value generated by each line of business DataLakeX, RetailSiteX Y All All Mandatory
Cost Allocation example-inc:cost-allocation:BusinessUnitId Monitor costs by business unit Architecture, DevOps, Finance Y All All Mandatory
Cost Allocation example-inc:cost-allocation:CostCenter Monitor costs by cost center 123-* Y All All Mandatory
Cost Allocation example-inc:cost-allocation:Owner Which budget holder is responsible for this workload Marketing, RetailSupport Y All All Mandatory
Access Control example-inc:access-control:LayerId Identify SubComponent / Layer to grant access to resources based on the role DB_Layer, Web_Layer, App_Layer N All All Optional
Automation example-inc:automation:EnvironmentId Implement scheduling of test and development environments, also referred to as software development lifecycle (SDLC) stage Prod, Dev, Test, Sandbox N EC2, RDS, EBS All Mandatory
DevOps example-inc:operations:Owner Which team/squad is responsible for the creation and maintenance of the resource Squad01 N All All Mandatory
Disaster Recovery example-inc:disaster-recovery:rpo Define the recovery point objective (RPO) for a resource 6h, 24h N S3, EBS Prod Mandatory
Data Classification example-inc:data:classification Classify data for compliance and governance Public, Private, Confidential, Restricted N S3, EBS All Mandatory
Compliance example-inc:compliance:framework Identifies the compliance framework the workload is subject to PCI-DSS, HIPAA N All Prod Mandatory

After the tagging schema is defined, manage the schema in a version-controlled repository that is made accessible to all the relevant stakeholders for easy reference and trackable updates. This approach improves efficiency and allows for agility.