Do aws-generated tags count against this limit? No
https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html
generated tags consistency is managed by AWS
generated tags doesn't count for 50 tags limit
Space – will not work SCP – does not allow spaces
Not retroactive Tag to identify the project running the application (i.e ProjectID)
A project is a defined scope of work to achieve a business objective.
Tag to identify the application (i.e. unique ApplicationID)
several applications might be part of the same project
Tag SubComponent / Layer / Role (i.e LayerID)
an application is composed of several layers - for which some might be shared with other applications, i.e. web layer, db layer)
Tag to identify the business unit (i.e. unique businessUnitID)
Tag to identify the CostCenter unit (i.e. unique CostCenterID)
Tag to identify the environment where the application is running (EnvironmentId, →prod, test, dev, etc)
Tag to identify the Schedule - usage of unique identifiers is required, allows to report on scheduled vs non-scheduled workloads.
Tag to identify Rightsizing effort -Allows to track cost/hours of resources targeted for RS (Evolution of opportunity cost)
RightSizing ID : Q1 2018-6hexcode
SourceInstanceType: m3.xlarge
DestinationInstanceType m5.xlarge
Tag to replicate the ARN of the resource - i.e. Allows to track the most expensive resources inside a specific ApplicationID
Billing Auto Tags
need to be enabled via billing consoles,
If you use automation, for example cloudformations, enable automation tags to billing tags
i.e. aws:stack-id activated as a billing tag
Brainstorm
Proactive good for new environment
Proactive can break if automation is already in place
Proactive can work only if the api support atomic operations (via scp or iam)
Reactive is easier
TIMING: 2 min – lecture/Discussion
To enforce tagging and to block resources you can implement Service Control Policies to prevent deployment if it’s missing tags, and Tag Policies to control values for tags.
You can create and apply Tag Policies and apply them to any desired AWS accounts or OUs within your Organization, or to the the entire Organization. The policies at each level are aggregated into an effective policy for an account.
Each tag policy contains a set of tag rules. Each rule maps a tag key to the allowable values for the key. The tag policies are checked when you perform operations that affect the tags on an existing resource. After you set up your tag policies, you can easily discover tagged resources that do not conform.
Service Catalog enforcement - https://docs.aws.amazon.com/servicecatalog/latest/adminguide/tagoption-policies.html
CFN/Terraform enforcement - https://dev.to/toeknee123/using-terraform-and-aws-cloudformation-to-enforce-your-aws-tags-4ih2
You can create and apply Tag Policies and apply them to any desired AWS accounts or OUs within your AWS Organization or to the entire org. The policies at each level are aggregated into an effective policy for an account.
Each tag policy contains a set of tag rules. Each rule maps a tag key to the allowable values for the key. The tag policies are checked when you perform operations that affect the tags on an existing resource. After you set up your tag policies, you can easily discover tagged resources that do not conform, which can help you maintain consistent tags across your organization's resources.
Tag policies are JSON files that define the following:
• A set of tag keys
• Their permissible values
• Any constraints you want to place on the use of tags for the accounts in your organization
+Check in
Lets move on to how to enforce your tagging in a more reactive manner
You can assign tags to your AWS Config resources for cost allocation and access control. Tagging is available for AWS Config resources that describe AWS Config rules and multi-account, multi-region Aggregators with AWS Config. You can add, remove or list tags for your AWS Config resources using the available APIs.
You can also use tag editor to Discover untagged/wrongly tagged assets and To bulk filter, add, and edit tags
Tag Editor
o You can add tags to resources when you create the resource. You can use the aws service console or API to add, change, or remove those tags one resource at a time. To add tags to—or edit or delete tags of—multiple resources at once, use Tag Editor.
With Tag Editor, you search for the resources that you want to tag, and then manage tags for the resources in your search results
o You can also use the Resource Group Tagging API to tag via API as opposed to tagging in the Tag Editor Console
After you have found the resources that you want to tag, you can add, remove, and edit the tags for some or all of your search results. Tag Editor shows you any tags that have been added to resources, whether those tags were added in Tag Editor or by using the resource's service console or API.
Tag Editor permissions can be configured to allow users/roles to create/delete/update tags for resources with minimum permission set.
The presenter deliver quick demo to show how to:
find resources with a specific tag
find resources without a specific tag
Tag Editor scope is in the account (no multi account), use Tag Policies to manage tags across multiple accounts
https://aws.amazon.com/blogs/aws/new-use-tag-policies-to-manage-tags-across-multiple-aws-accounts/
References:
KC Video with Tag Editor demo: https://www.youtube.com/watch?v=MX9DaAQS15I minutes 31:07 – 36:00
See appendix for an example of policy configuration to enable tagging management for EC2 resources only
https://docs.aws.amazon.com/ARG/latest/userguide/tag-editor.html
As you saw you can add edit or delete multiple resources tags at once. Well show you an example of how to add. You can use Tag Editor to add tags to selected resources that are in the results of your Find resources to tag query in the console.
This screenshot shows the results of your Find resources to tag query. select the check boxes next to the resources you want to add tags to. Enter a text string in Filter resources to filter for part of a resource's name, ID, tag keys, or tag values. In the Tags column, note that resources in the results already have tags applied to them. In the following example, the first selected EC2 instance already has two tags.
Choose Manage tags of the selected resources.
Once we have chosen the Manage tags of the selected resources we will be presented the Manage tags page,
You CAN view the tags on the resources that you selected. Although your original query returned more resources, note that you are adding tags only to the resources that you selected as shown here you will then have an option to Add tag.
Enter a tag key and an optional tag value. In this walkthrough, we add the tag key Team and the tag value Development.
A resource can have a maximum of 50 user-applied tags. You might not be able to add new tags to a resource if you are approaching 50 user-applied tags. Typically, read-only system tags do not apply to the 50-tag limit. Tag keys must also be unique within your selected resources. You cannot add a new tag with a key that matches an existing tag key in your selected resources.
When you are finished adding tags, choose Review and apply changes.
If you accept the changes, choose Apply changes to all selected.
Depending on the number of resources you selected, applying new tags can take a few minutes. Do not leave the page or open a different page in the same browser tab. If changes were successful, a green success banner is displayed at the top of the page.
You can see here tagging is also very useful when it comes to visualizing and monitoring
In this example we were able to filter our cost explorer report by the specific application (APP2) and the environment spun up (test/dev)
Without tagging enabled we wouldn’t be able to create a report this granular
TIMING: 5 min – Discussion
Say: Having the tag taxonomy deployed across all the AWS workloads this example will show how to calculate the EC2 compute savings incurred after the implementation of the below scheduling policy in a generic two tier application named Application2 with Prod and Test environments :
In the image Application2 has the tag taxonomy implemented and we will focus on the two following tags to monitor and calculate savings in this example:
ApplicationID
EnvironmentID
TIMING: 2 min – Discussion
Say: Before the schedule is enabled we will see a flat report in cost explorer when filtering by ApplicationID and grouping by EnvironmentID.
TIMING: 2 min – Discussion
Say: After the schedule is implemented in the Test environment we can see the Test workloads being shut down over weekends
TIMING: 2 min – Discussion
Say: In the below graph we can observe the evolution of Application2 before and after schedule.
Could the issue be that there is no standard
Tagging
2022 March Update – Content/new format updates
Venkatesh Ramanathan – venkyram@amazon.com
2021 Content update
Luca Marozzini – marozzin@amazon.com
Enrico Bonaccorsi – bonaccor@amazon.com
Francesc Sala – franrius@amazon.com
How to use billing tags to track Cost Optimization efforts and result. An example for EC2 rightsizing recommendations.
The target is being able to track and assess results achieved with operational cost optimization tuning like EC2 rightsizing cost optimization from EC2 recommendations.
Clarify differences between AWS Anomaly Detection (48 hours, but with not details on resources or how to optimize) and Rightsizing recommendation (14 days with recommendations)
Note. The presenter briefly explains what is the scope of each tag, clarify why the granularity of the RightSizingID is not mandatory.
Note. Consider if worth to add slides related to how to refine the recommendation with screenshot from CW console for longer period of observation and additional metrics.
In this first example we are conservative opting for “Within the same instance family”, this is intended to stimulate the discussion about previous generations vs new generations.
Clarify regarding Cost Anomaly detection that could be able to spot cost saving opportunity for rightsizing before 14 days minimum period required by Rightsizing recommendations.
2021-04-15 last review
Note. Consider if worth to add slides related to how to define proper permission for tag editor to enable Tag editor full access + EC2 tag create/delete access only. This enable user/roles to minimum permission required to edit/create/delete tags only for EC2 resources.
The less you know about the work-load the longer the baseline could be.
1 full day, midnight to midnight hours would be the minimum term (CE)
Leave the instance running for the time required to gather the baseline metrics. Depending by the shape of the history trends this could vary since around few hours up to a week or more.
You want to capture events that happened in the past.
Discuss about recommendations available per single instance. Advise to refine the recommendation based on additional insight the technical team may have.
Clarify regarding availability of 4 different degrees of recommendation provided by the Rightsizing feature.
Note. to add slides for CloudWatch metrics review.
You can easily visualize the history of cost and usage for the EC2 instance using the following filters and group by combination in Amazon Cost Explorer.
Apply filters for:
Service = EC2-Instances
Usage Type Group = EC2: Running Hours
Tag:CostOptimizationID in our example 2021-Q1-EC2-001
Group by:
Instance Type
TIMING: 4 min – Discussion
Say: In the below graph we can observe the evolution of Application2 before and after schedule.
Using the RightsizeId billing tags strategy is now possible track the effectiveness of our cost optimization being able to correlate the cost and usage of the instance with the instance type adopted time by time.
It's advised to not remove the current cost allocation tagging as could be used as baseline in the event further cost optimizations will be required for the same resource.
When you find out the optimal instance size to scale you might want update values of either SourceInstanceType and DestinationInstanceType to be equal.
You might use the condition having both this cost optimisation tags with the same value to exclude those instances from further cost optimisation exercises.