snippetMinor
How to use tags in Amazon Web Services and Azure
Viewed 0 times
tagsservicesamazonazurewebhowanduse
Problem
I am currently building a solution on Azure (though the question should relate to AWS equally) and I am using a
For instance, we have a storage account that is used for caching applications' blobs. The storage account is created with a random name but is found and presented to the application through its
At the moment I am taking the approach that as more tags become useful I'll start to add them.
Ultimately we're looking for a hands off 'ChatOps' style solution. So everything created should be automated.
Should I be looking at a structured approach to tagging (and what does that look like) or is the organic approach more sensible?
UniqueId tag to locate and use objects. For instance, we have a storage account that is used for caching applications' blobs. The storage account is created with a random name but is found and presented to the application through its
UniqueId=AppCache tag. At the moment I am taking the approach that as more tags become useful I'll start to add them.
Ultimately we're looking for a hands off 'ChatOps' style solution. So everything created should be automated.
Should I be looking at a structured approach to tagging (and what does that look like) or is the organic approach more sensible?
Solution
I would set up a base taxonomy to start with, you can use automation across your estate to ensure that all resources follow the taxonomy. You have a choice between simply deleting resources that don't comply or reporting on it to a central team who are responsible for chasing down and educating the owners.
I have followed the Best Practice set out by Microsoft for both Azure and Amazon:
In terms of the automation around this I have a tendency to use Janitor Monkey and some custom bots written is Azure Functions that sit in Slack Channels and do my bidding.
I have followed the Best Practice set out by Microsoft for both Azure and Amazon:
- Owner - normally this is a team distribution list although sometimes it is an individual if it is a "10% time" project. To make sure that the e-mail address entered is valid we run a hourly scan of our estate to detect if there are new e-mail addresses in this field then send an e-mail with an activation link, failing to activate results in deletion after three days.
- CostCenter - the numeric cost centre, we use this to feed into the end of month reconciliation.
- SDLCPhase - one of
Development,Test,SIT,UAT,PerfTest,PreProduction,Production. We use this to define different automated behavour:
- Development and Test: deleted overnight and at weekends to save on costs. Teams are responsible for reprovisioning using the automation in the morning.
- SIT, UAT and PerfTest: deleted when the cost center in our finance system is closed down.
- PreProduction: scaled down overnight and when the cost center is closed down.
- Production: we validate that all resources deployed to the production subscription have this tag, if they don't we send out e-mails extensively.
- DropDeadDate - for us, this is a required field for everything except Production. We run a nightly scan and send e-mails to the owner 7 days and 1 day before the DropDeadDate then delete the resource after it has passed.
In terms of the automation around this I have a tendency to use Janitor Monkey and some custom bots written is Azure Functions that sit in Slack Channels and do my bidding.
Context
StackExchange DevOps Q#919, answer score: 9
Revisions (0)
No revisions yet.