Optimize resource organization with AWS tagging best practices

Using resource tags in Amazon Web Services (AWS) can simplify resource management and cost allocation across your organization. These tags are like labels you attach to specific resources, making them easier to find and providing valuable insights into their usage, costs, and performance.

While tagging may seem simple enough, teams often run into trouble by not following strict tag naming conventions or creating multiple tags with the same purpose but different names. Think of proper tagging like brushing your teeth—everyone knows they should do it, but very few do it consistently or correctly.

In this guide, we’ll introduce you to AWS tagging best practices to help you cut costs, automate processes, and maintain compliance. We’ll also explore common use cases of AWS tags, challenges you might face, and tools you can use to improve resource tagging.

What are tags in AWS?

AWS tags are like sticky notes that show important information about a resource. They’re attached to components like servers and databases, helping you identify their owner, creation date, or resource type. This makes it easier to manage and organize your resources based on criteria like cost and ownership and helps you quickly filter through them to improve your resource monitoring.

Each tag consists of a key (category) and a value (specific details). For example, if you want to label EC2 instances, you can use a key like “environment” and values like “development” or “production” to show the purpose of each instance within your workload.

Keep in mind that you shouldn’t store sensitive information like personal data and passwords within AWS tags themselves because they aren’t encrypted. However, you can use them to label sensitive data as “confidential.” 

There are two main types of tags:

User-defined tags

These are the tags you create, define, and implement manually using tools like AWS Management Console, AWS Command Line Interface (CLI), or AWS API. You can tailor them to your specific use case.

AWS-generated tags

These are the tags AWS services like CloudFormation, Elastic Beanstalk, and Auto Scaling automatically assign to your resources when they allocate them. They contain an “aws:” prefix, which you can’t use in user-defined tag keys.

What are AWS tags used for?

AWS tags are a great way to track various aspects of your AWS cloud architecture, such as the amount of resources you use, their costs, and the teams responsible for their consumption. 

In the following section, we’ll explore the main use cases of AWS tags and illustrate them with practical examples.

Optimizing cost allocation

Using AWS tags for cost allocation allows you to assign or distribute resource costs to the right users or departments. This helps you determine which product, application, or workload is using the resources and which environment (testing, development, or production) is generating the costs. It gives you a clearer picture of your company’s spending patterns.

For example, imagine that you could assign a cost allocation tag to each person using your Netflix account. At the end of the month, when you review your watch history, the tags would show you how much time each person spent watching Netflix, helping you split the bill accordingly.

Implementing AWS tags lets you create accurate showback and chargeback models:

1. Showback: Calculates and reports the charges your business unit, application, user, or cost center incurred.

2. Chargeback: Charges the incurred costs to the appropriate team or department by deducting funds from their budget.

This way, you can assign costs to those responsible for a specific resource, promoting accountability within your company and aligning with AWS Well-Architected Framework best practices. You also get a clear view of cash allocation and can easily track the return on your investments, helping you decide where to allocate more resources to increase revenue.

Resource organization

You can filter your resources easily using AWS tags to improve resource organization. Filtering lets you make changes to only select resources while leaving others unaffected. For example, if your development team uses servers like EC2 instances from 9 AM to 5 PM every day, you could tag those instances as “NineToFive,” making them easy to filter, find, and turn off after 5 PM.

Tags can also help you label resources you no longer use, so your support team knows which ones can be removed or archived. 

Automation and governance

Tags can help you identify how often you should back up specific resources (monthly, weekly, or daily) and which resources need patching (updating to improve performance and security) to prevent potential issues.

For example, imagine you have two databases—one holding critical data like customer orders and the other holding less important data like user activity logs. You can tag critical databases as high priority and label them as resources that need daily updates. In contrast, you can tag the less important databases as low priority and add a weekly update tag. 

Classifying data to improve security

AWS tags help you organize and manage resources based on their security requirements. If you’re storing sensitive data like payment transactions, you can tag it as “Confidential” while labeling non-sensitive data like blog content as “Public.” 

You can also pair tags with Identity and Access Management (IAM) to control who can access which resources for extra safety. For example, you might restrict access to resources tagged as “Development” only to the members of your development team.

AWS resource tagging best practices

Tagging makes it much easier to manage your AWS resources, but if done incorrectly, it can create confusion and do more harm than good to your organization. That’s why you should implement tagging best practices in AWS to create an efficient tagging strategy to streamline your workloads.

Choose the tags you need

To manage your resources effectively and keep costs in check, it’s essential to choose the right type of tags based on your workload needs. There are four main tag categories:

1. Technical: These tags help engineers identify and manage resources, making it easier to upgrade or troubleshoot when necessary. They may include a service name, environment, or version number.

2. Business: Stakeholders use these tags to track spending and identify the team or department responsible for the incurred costs. They allow you to determine how much you’re spending on various AWS resources and decide if the price is worth the return you’re getting.

3. Security: These tags help ensure your organization enforces security policies and complies with industry standards. For example, a financial service company may use security tags to label transaction records in line with AWS System and Organization Controls (SOC) to properly handle sensitive data.

4. Automation: You can use these tags to automate tasks like cleaning up temporary data or shutting down unused resources to save money and reduce manual work.

Once you decide which AWS tags you need, you can use the AWS Tag Editor to add and remove tags or edit existing ones, as well as find resources across various AWS Regions that are available for tagging.

Use a clear tag naming convention

Consistency is key when it comes to effective tagging, as even minor discrepancies like inconsistent capitalization can result in entirely different tags. For example, naming one tag “costcenter” and another “CostCenter” leads to two separate tags in AWS. If you only configure the former as a cost allocation tag for financial analysis, the latter wouldn’t show up in financial reports.

The best tag naming practice is to use all lowercase for the words, hyphens to separate words, and a prefix followed by a colon for the organization name. For example, if you had a company called MyCompany and wanted to track whether the environment is development, test, or production, you’d define the tag as “mycompany:environment-type.” In this case, mycompany would be a tag name and environment-type would be a tag key.

The Tag Policies feature within the AWS Organizations service allows you to enforce mandatory tags and ensure consistent tagging by standardizing tag names across your resources. Tag policies can help you: 

• Define tag rules clearly: You can specify the predetermined case rules and tag values that resource tags must follow, like capitalization

• Enforce mandatory tags: Make sure that specified resources (for example, EC2 instances) must have a certain tag, like costcenter

• Prevent non-compliant tagging: Block tagging if resources don’t meet tag policies, like missing a mandatory tag

Automate tag management

You can improve compliance and reduce human errors by automating tagging while creating your resources. For example, AWS CloudFormation allows you to create a template describing the AWS resources you need. It then provisions and configures your resources, allowing you to save time on managing them yourself.

CloudFormation also has a Resource Tags feature that automatically applies tags to supported resources once it allocates them. While you have to define custom tags like environment and costcenter in the template, CloudFormation will automatically apply several tags on its own. These include the stack name, stack ID, and logical ID, and they help you track which resource belongs to which CloudFormation stack (a collection of AWS resources).

Audit and maintain resource tags

You should review your tags quarterly or monthly to check if they’re still accurate and relevant for your operations and update them if necessary. The frequency of your audits will depend on the number of resources you deploy. Monthly checks are suitable for more complex environments that need a dedicated committee to review tags, while quarterly checks are used for reviewing smaller environments. 

You can use AWS Config for compliance auditing. This service tracks your AWS resources, provides a detailed overview of their configurations, and checks whether they comply with your tagging rules. It allows you to automate tag evaluation by setting up rules that flag specific resources as non-compliant if they’re tagged incorrectly or lose a tag.

You can also rely on Tag Editor to search for resources based on criteria like whether they have a specific tag or not. You can then modify, add, or remove tags in bulk to save time and ensure your tagging strategy remains consistent. 

Planning resource tags effectively

Diagramming your AWS architecture and incorporating resource tags into the diagram is a great way to visualize your application’s infrastructure. Using symbols and icons to mark relevant resources, like EC2 instances, and adding notes representing tags, you can plan out your tagging strategy for each resource within your architecture.

Tools like Miro streamline the process of creating AWS cloud architecture diagrams, allowing you to implement AWS tagging best practices together with your team.

How Miro helps streamline your AWS resource tagging

Miro is an Innovation Workspace packed with user-friendly diagramming features for visualizing and designing your AWS cloud architecture. 

You can use it to create custom workflows and collaborate in real time, with an intelligent canvas that provides access to handy widgets and AI capabilities. This allows you to efficiently map out your AWS infrastructure, identify which resources you should tag, and create a resource tagging strategy that aligns with AWS tagging best practices. 

Miro’s powerful AWS Architecture Diagram capabilities include the following features:

• AWS Cloud View app: Use this tool to generate AWS cloud architecture diagrams using data imported directly from your AWS account. It lets you use resource and tag filters to search for relevant tags and create a diagram to visualize them.

• Diagram Focus mode: Leverage advanced features like curated toolbars and layers, as well as the ability to update alignment and distribution to customize diagrams to your specific operation needs.

• AWS shape pack: Search a vast library of standardized AWS shapes to find the ones you need to illustrate your AWS cloud infrastructure components, like EC2 instances. Drag and drop them across your Miro board and use custom text labels to mark your resource tags.

• Real-time and async collaboration features: Create your resource tagging strategy with your team using interactive presentations and live workshops. Rely on async Talktracks to keep everyone updated on the latest tagging policies.

• AWS Cost Calculator: Estimate cloud architecture costs within your Miro board to find cost-saving opportunities. For example, if you have a tag with a key Cost Center and value Marketing, Miro can calculate how much marketing-related resources are costing you, allowing you to make data-driven decisions for potential cost reduction.

• Security and compliance: Leverage user access control and normalized audit logs to enhance the security of your AWS cloud architecture.

You can streamline the design and creation of accurate cloud architecture diagrams using one of Miro’s 26+ adjustable templates. You can also browse 13+ AWS diagramming templates and use them as pre-made blueprints for your cloud projects instead of creating one from scratch.

Get started with the AWS Architecture Diagramming Template, which visually represents a typical AWS framework. Use its shapes to illustrate AWS resources and connectors to show how they're connected to ensure you’re adhering to cloud architecture best practices.

Optimize your AWS cloud architecture with Miro

Ready to take advantage of Miro’s state-of-the-art AWS features to optimize resource tagging and your entire cloud architecture? Sign up for a free Business trial and customize Miro’s pre-designed templates to create an accurate AWS cloud architecture diagram effortlessly. 

Not sure how Miro can help you optimize your AWS cloud architecture? Check out how ClickHouse—a database management system company—used Miro’s powerful features to simplify collaboration and create architecture design diagrams easily.