How to achieve Cloud Governance using AWS Tagging practices
This article provides a comprehensive overview of achieving cloud governance using AWS Tags, and also highlights a few of the use cases in general.
Before you start
- CloudySave is an all-around one-stop-shop for your organization & teams to reduce your AWS Cloud Costs by more than 55%.
- Cloud save team assesses your AWS infra and assists your teams in defining standard AWS tagging practices.
- Our goal is to provide clear visibility about the spending and usage patterns to your Engineers and Ops teams.
What Does Governance Mean in IT?
- Governance typically refers to security practices to oversee responsibilities, mission-critical, decision-making & long-term objectives of an organization/teams.
- According to Gartner, IT governance is defined as the processes that ensure the effective and efficient use of IT in enabling an organization to achieve its goals.
Cloud Transition
Its always advisable for teams to work on a strategy using policy based approach when starting out with AWS Cloud. This assists in accomplishing governance practices leveraging the security and making sure to oversee operations/management when onboarding new to the cloud.
What is the Governance Challenge that can be accomplished using AWS Tags?
the following steps can be a good starting point without losing agility and innovation.
- Defining rules for managing resources.
- Discovering changes and resources.
- Monitoring compliance.
- Reacting to any sudden or future changes
How Governance can be improved with Tags in general?
Governance helps an organization/teams to improve the following characteristics. These can be enhanced by using tags in general.
- Efficiency/Usage patterns.
- Reduced risk factors & improved management of critical/vulnerable events.
- Effective & Reliable cost optimization techniques.
- Improved communication across teams.
- Take care of redundant and rogue services/resources.
- Accelerating technical innovation.
Key Steps needed to achieve Cloud Governance using Tags?
No Governance:
- Low interaction with teams/services.
- Reactive environment.
- No practical ways of predicting costs/usage.
- Manual intervention in scenarios that can be easily automated.
- Loss of hierarchy across teams/orgs.
Adoption:
- Maturated Policy-based approach.
- Faster Deployment cycles.
- Easier communication and teams assistance.
- Routine checks & easier hand-overs.
Mature:
- Automation based approaches.
- Self-Service and event-driven activities.
- Improved Agility & practices.
- Enhanced Security & compliance.
Framework for Automating Governance using AWS Tags:
- Nowadays, Infrastructure-As-a-Code has become widespread and greatly influenced companies/teams to adopt these tools to effectively manage cloud resources.
- The simplicity of cloud deployment and its provisioning eases the creation of resources and reduces a great deal of stress on top of teams/orgs.
- This dynamic nature of deploying patterns greatly improves governance but needs to be a stable automated structure and AWS makes this possible by adding a tagging feature.
So what are the things that you can govern using tags? Tags can be extremely flexible to utilize. There are a lot of use cases to choose from and here are a few common use cases:
- Resource Groups: Tags are capable of being used to define multiple resources for improving visibility of logical resource groups. Ex: data layers, app clusters, environments and compliance tracking.
- Cost allocation and chargebacks: Tags give you the ability to start mapping customers/cost-centers to cloud resources & allow easy creation of chargebacks reports.
- Backups Management: The tags deployed with Backup policy values can assist in automating the backup process without depending on other details.
- Alert Management: Include Owner tag on resources, When required, this tag can provide details about the particular users and groups if there are predefined/urgent alerts.
- Lights ON/OFF: Tags will aid you in the identification of environments and specifications of developer work hours. This will pave way for customers to begin automating the start and stop of servers when they are not being utilized and helps to reduce costs.
- Role based Permissions: Tags provide the ability to automate IAM policies and rules. You can learn more about IAM policies.
The below tagging categories are the most recommended to be used when aiming to reach AWS Tagging Governance:
- Business Tags: Cost Center, Project, Customer or Owner.
- Technical Tags: Name, Cluster, Environment or Version.
- Function Tags: Start, Stop, Monitoring or Support.
- Compliance Tags: Scope, Security or Encryption
AWS Tagging reflect a manner of discipline that needs to be followed consistently.
Few of tagging features are discussed below that allows flexibility and improved planning
- Max of 10 tags for each resource.
- Every tag consists of a Key and a Value.
- Tags allocated for specified accounts/teams.
- Keys and values always need to be case-sensitive.
- Every Tag is unique for each resource.
- Tag Values are capable of including various data. (Ex: special characters)
- Make sure <aws> cannot be added as prefix to tags.
Below you can find a couple of best practice examples of Tagging:
Final Thoughts
- Tagging will provide teams with great control that co-relates with automated cloud governance. Due to its importance, it’s better to ensure governance by leveraging AWS tags.
- Provisioning by AWS Cloudformation and service catalog, in addition to powerful configuration management best practices are capable of offering you the certainty that every resource is being tagged consistently and correctly according to standards.
Here are few awesome resources on AWS Tagging:
AWS Tagging Proactive Governance
CloudySave helps to improve your AWS Usage & management by providing full visibility to your DevOps & Engineers into their Cloud Usage.