Skip to content

Tagging Best Practices for Cost Management and Cloud Governance

Enterprises are now, more than ever, living in a multi-cloud environment managing highly complex pricing structures and an onslaught of new cloud services. The key to success is implementing enterprise-grade governance platforms that enable you to efficiently optimize costs across all cloud providers and ensure that you have access to any and all of the cloud services that your company requires.

The tagging of cloud resources is a critical foundation for your cloud governance initiatives. You will need a consistent set of tags that will be specifically used for governance and will apply globally across all of your resources. These global tags will add metadata specific to your organization that helps you better categorize each of your cloud resources for cost allocation, reporting, chargeback and showback, cost optimization, compliance, and security.

Defining Your Tagging Policy

Your cloud governance team should lead a process of defining your global tagging policy. It will be important to work with key stakeholders to get feedback and buy-in. Global tags should be applied consistently by all applications and teams in your organization. Individual teams or applications may add additional tags for their specific needs as well. 

Absent a tagging policy, it is common for teams or individuals within the same organization to use variations of the same tag, which makes it extremely difficult to achieve accurate reporting. To effectively use tags for reporting and governance purposes, it is critical to create a policy that defines consistent naming conventions, including spelling, uppercase/lowercase, and spacing.

Once the required global tags have been specified, adding the global tags should be the responsibility of the resource owners and development teams. Central IT may assist with scripts and tools. Automation is key to implementing tags. For example, if you are using a Cloud Management Platform for provisioning, all templates should be set up to attach the appropriate tags. 

Examples: Recommended Global Tags

Here is a template with a recommended set of global tags that you can customize with your specific tags and naming convention:

Tag TypeExamplesPurpose
Environmentenv = devenv = testenv = stageenv = prodUsed to identify the environment type
Billingbu = bigbucostcenter = salesregion = emeaowner = jsmithOne or more tags used to allocate costs
Applicationapp = bigappsvc =  jenkinsOne or more tags used to define the application or service
Compliancedataresidency = germanycompliance = piicompliance = hipaaOne or more tags used to define compliance requirements
Optimizationschedule = 24×7/GMT+1schedule = 12×5/GMT-8maxruntime = 14daysOne or more tags to use in automated optimization

Tags by Cloud Provider

Each cloud provider has different limits and restrictions on tags.

 AWSAzureGoogle (GCP)
Tags per resource501564
Length of key127 51263
Length of value256 25663
Case sensitiveYes (keys and values)NoLowercase only
Allowed charactersLetters, spaces, numbers, and + – = . _ : / @AlphanumericLowercase letters, numeric characters, underscores, and dashes. International characters are allowed.
NotesDon’t use aws: prefix as that is reserved for AWS.You must “activate” particular tags for cost allocation so that they show up in billing reports.Maximum active tag keys for Billing and Cost Management Reports: 500.Can tag on Azure Resource Manager (ARM) resources only (not classic Azure).Tag at Resource Group or Resource level. Suggest resource level for better cost allocationCombine tags or use JSON string if exceeding the 15 tag limit..Labels are a Beta service.Keys must start with a lowercase letter.Tags are called “Labels” in GCP.There are “network tags” in GCP used to apply firewall rules. These are separate from labels.
Taggable resourcesEC2 ResourcesOther ServicesAll ARM resources can be tagged.List of ARM servicesList
DocumentationTag DocsUser-Defined Tag RestrictionsTag DocsBest PracticesLabel Docs

Implementing Your Tagging Policy

To effectively implement your tagging policy, you will need to create a staged rollout process.

Stage 1: Define Tagging Policy

Your cloud governance team leads a process to define a global tagging policy. It will be important to work with key stakeholders to get feedback and buy-in.

Stage 2: Reporting

Your cloud governance team provides ongoing weekly reports to show the level of coverage for global tags by team or group. These reports help to show current state and also track improvements in tag coverage.

Stage 3: Alerting

Your cloud governance team sets up daily automated alert emails on resources that are missing the required tags. Some organizations may choose to stop at Stage 3 if they have achieved the desired adoption of global tags.

Stage 4: (Optional) Alerting with Automated Termination or Escalation

Alerts on untagged resources give a defined window (24 hours, for example) to tag resources. If not tagged, resources can be terminated (only for non-production workloads) or an escalation can be sent to managers.

Ongoing Monitoring of Tagging

Once you’ve implemented your tagging policy, your cloud governance team should set up ongoing weekly reports to monitor the level of coverage for global tags by team or group. These reports help to show the current state and also track improvements in tag coverage.

The cloud governance and central IT teams should also set up automated “tag checking” to alert on missing tags and enforce the use of tags. Enforcement could, in some cases, include adding default tags or even terminating instances that aren’t tagged correctly.

Good Tagging for Good Governance

Today, a well-designed and disciplined tagging approach is critical to good cloud governance. Putting this foundation in place and using automation to maintain good tag hygiene will support the success of your critical governance initiatives for cloud cost reporting, cloud cost optimization, and cloud security.

This article also appears in InfoWorld & Flexera.

Next Steps

Speak to one of our solutions engineers to discuss you IT goals or to learn more about our solutions. Get in touch.

NextBit helps enterprises optimize & modernize their technology footprint and realize IT’s full potential to accelerate their growth. With our integrated suite of solutions and managed services, our mission is to modernize technology workflows & products, and optimize IT management resulting in optimum cost, speed, and efficiency advantages across an organization’s IT landscape. We deliver cost-effective and practical solutions in the areas of Cloud, Digital Transformation, and Modern IT Management.