You may have read our previous blog posts about cloud financial hygiene discussing the importance of cloud financial management, the FinOps Foundation lifecycle and how to use key performance indicators to ensure you remain on track to achieve your goals.
Throughout all these posts, one consistent theme has remained: you need to be armed with data-driven insights and a comprehensive view of all the assets in your multi-cloud estate. This requires a robust tagging strategy that underpins the success of your cloud financial management strategy. Implementing this, however, requires effort and preparation that is often overlooked.
What is tagging?
To put it simply, a cloud tagging strategy consists of applying labels to the things you use to ensure you can identify them later. Imagine applying Post-It® notes to the servers, disks and switches in your data center. You might want to know which infrastructure was supporting production versus development, or label which business services each server was supporting.
Realistically, IT professionals use a configuration management database (CMDB) and create mapping between infrastructure and services in order to infer which environment or service a given device or component is supporting.
Now, if you extend this approach to the cloud (or virtualized computing), you’re no longer having to deal with the physical infrastructure. Instead, you’re interacting with services either programmatically or via a console that enables you to apply many different labels at the time of provisioning or updating the infrastructure. What you would traditionally call a CMDB is now effectively self-documented based on your cloud tagging strategy.
When you apply a tag to any resource in the cloud it has two parts: a key and a value. The key defines the context for the values. You could have a key of environment and values of production, test or development. Cardinality refers to how many unique values a particular key has—so for this example, the environment key has a cardinality of three.
Differences between cloud vendors tags
Each cloud vendor has a slightly different set of rules pertaining to tagging. The following table shows where there are differences between the major vendors. If you have a multi-cloud strategy—or believe there might be a chance you adopt one in the future—consider leveraging a tagging strategy that is supported across all three vendors.
| Vendor | AWS | Azure | Google (GCP) |
|---|---|---|---|
| Tag keys per resource | 50 | 50 | 64 |
| Length of key | 127 | 512 | 63 |
| Length of value | 256 | 256 | 63 |
| Case sensitive | Yes (key and value) | Yes (key and value) | Lowercase only |
| Allowed characters | Letters, spaces, numbers, and + – = . _ : / @ | Alphanumeric | Lowercase letters, numeric characters, underscores, and dashes. International characters are allowed. |
| Vendor documentation | Tagging AWS Resources | Azure Tagging Strategy | GCP Labeling Resources |
Avoid common mistakes
Many organizations develop a tagging strategy based on the needs of a wide variety of stakeholders and their individual reporting needs. The subsequent implementation of this strategy is typically where things start to go wrong. Even very small deviations from well-documented standards can make it difficult to realize reporting needs in an accurate, clear and concise manner.
Consider the following advice to help avoid common pitfalls—either when defining your strategy or during your implementation process:
Cloud Management
Take control of cloud use with out-of-the-box and customized policies to automate cost governance, operations, security and compliance.
- Keep things as simple as possible. Most major vendors provide logical constructs to help you group resources together (such as accounts, subscriptions, projects or resource groups). These boundaries are often well suited for applying tags. Leverage them to separate environments, cost centers, projects, departments and more is not only a best practice, but it also means you only need to label the logical construct and not every resource within that boundary
- When possible, avoid using frequently changing or personally identifiable information. For example, in the case of a tag for a service owner, avoid entering names or email addresses that are likely to change as the organization evolves. Instead, reference a job title or similar that can be used to find the correct person. Reducing the need to change values saves time and potential errors
- Be explicit in your cloud tag management. If you leave any room for interpretation when it comes to your tagging definition, it will be interpreted in every possible way. What should be standard can quickly turn into chaos. We regularly see customers with dozens of different spellings for “environment” and hundreds of values for environments
- Identify what the acceptable tag keys are and avoid capital letters. Only lowercase is supported by Google—so that case-sensitivity doesn’t become part of the problem
- Identify what the acceptable values are whenever possible. For example, for a tag environment, you should specify that production, development, testing and uat are acceptable. It’s not always possible to specify acceptable values for all tags, depending on the context
- Apply and enforce tags when you’re provisioning. Doing this via whatever CI/CD or resource orchestration tooling you choose is the best way to ensure good coverage. Adopt a strategy that uses the cloud vendor logical boundaries (accounts, subscriptions and projects). This way, automating the creation of these constructs enables you to mandate that your critical tags are applied (cost center, owner, environment, etc.), and it ensures any subsequent resources being provisioned can always be charged back or traced to the owner of that infrastructure
- Be consistent with labels. When using containerized workloads, look to adopt the same standard for namespace or pod labels so you can report on costs for both standard infrastructure and containerized workloads in a consistent way
- Monitor for compliance. There will always be edge cases—resources that get provisioned manually during incident resolution or scripts which don’t adhere to your standards. Try to catch and remediate these as soon as possible
Adopt appropriate tooling
Automation is essential for cloud management. Doing anything in the cloud at scale can quickly become impossible without it, and the same is true for implementing and governing your tagging strategy. Flexera Cloud Cost Optimization (CCO) can help you manage your strategy—and the resulting clean, accurate and complete reporting data is fundamental to the next stages of your cloud financial management journey.
CCO can help you automate essential tasks across a multi-cloud environment from a single tool:
- Provisioning of cloud accounts, projects, subscriptions or resource groups to ensure your mandatory tags are applied before any subsequent costs are incurred
- Provisioning of cloud infrastructure to safeguard adherence to standards for tagging, security, architectural best practices and cost compliance
- Allocation of costs to appropriate business dimensions, providing virtually real-time cost visibility to a range of stakeholder groups
- Reporting on non-compliance to your tagging strategy
- Automated remediation of tags or termination of non-compliant resources
- Segmentation of cloud resources and costs based on metadata from third-party data sources, such as a CMDB or other repository
Proper cloud tag management is fundamental to your success. You need visibility into your cloud spend in order to improve insight, management and optimization of that spend. With CCO, you get a comprehensive set of cloud management capabilities designed to implement FinOps processes across your entire cloud environment. Click here to request a cloud cost optimization demo.
