AWS Resource Tags Certification Key Topics

AWS Tags

  • Tags are key/value pairs that can be attached to AWS resources
  • Tags are metadata: that means that they don't actually do anything, they're purely for labeling purposes and helps organizing AWS resources
  • Tagging allows the user to assign her own (words/phrases/labels) metadata to each resource in the form of tags.
  • Tags don't have any semantic meaning to the resources it is assigned and are interpreted strictly as a string of characters
  • Tags can
    • help managing AWS resources & services for e.g. instances, images, security groups etc.
    • help categorize AWS resources in different ways, for e.g., by purpose, owner (Developer, Finance etc), or environment (DEV, TEST, PROD etc).
    • help search and filter the resources
    • be used as a mechanism to organize resource costs on the cost allocation report.
  • Tags are not automatically assigned to your resources, however are (sometimes) inherited for e.g. services such as Auto Scaling, Elastic Beanstalk and CloudFormation can create other resources, such as RDS or EC2 instances, and usually tag that resource with a reference to itself. These tags do count toward the total tag limit for a resource
  • Tags can be defined using the
    • AWS Management Console,
    • AWS CLI
    • Amazon API.
  • Tags can be assigned only to resources that already exist and cannot be assigned when you create a resource; for e.g., when you use the run-instances AWS CLI command.
  • However, when using the AWS Management console, some resource creation screens enable you to specify tags which are applied immediately after the resource is created.
  • Each tag consists of a key and value
    • key and an optional value, both of which are user controlled
    • defining a new tag that has the same key as an existing tag on that resource, the new value overwrites the old value.
    • keys and values can be edited, removed from a resource at any time.
    • value can be defined as an empty string, but can't be set to null.
  • IAM allows you the ability to control which users in your AWS account have permission to create, edit, or delete tags.
  • Common examples of tags are Environment, Application, Owner, Cost Center, Purpose, Stack etc.

Tags Restriction

  • Maximum number of tags per resource - 50
  • Maximum key length - 128 Unicode characters in UTF-8
  • Maximum value length - 256 Unicode characters in UTF-8
  • Tag keys and values are case sensitive.
  • Do not use the aws: prefix in the tag names or values because it is reserved for AWS use. Tags with this prefix can't be edited or deleted and they do not count against the tags per resource limit.
  • Tags allowed characters are: letters, spaces, and numbers representable in UTF-8, plus the following special characters: + - = . _ : / @.

Tagging Strategy

  • AWS does not enforce any tagging naming conventions and can be used as per the user convenience
  • As the number of tags allows per resource are limited, Complex Tagging can be used for e.g. keyName = value1|value2|value3 or keyName = key1|value1;key2|value2

EC2 resources tags

  • For tags on EC2 instances, instances can't terminate, stop, or delete a resource based solely on its tags; the resource identifier must be specified
  • Public or shared resources can be tagged, but the tags assigned are available only to the AWS account and not to the other accounts sharing the resource.
  • All resources can't be tagged, and some can only be tagged using API actions or the command lineEC2 Services Tags Support
  • Resources with tagging restrictions of None can be tagged with API actions, the CLI, and the console.

Cost Allocation Tags

  • Tags can be used as a mechanism to organize the resource costs on the cost allocation report.
  • Cost allocation tags can be used to categorize and track the AWS costs.
  • When tags are applied to AWS resources such as EC2 instances or S3 buckets and activated in the billing console, AWS generates a cost allocation report as a (CSV file) with the usage and costs aggregated by active tags.
  • Tags can be applied so that they represent business categories (such as cost centers, application names, or owners) to organize costs across multiple services.
  • Cost allocation report includes all of the AWS costs for each billing period and includes both tagged and untagged resources
  • Tags can also be used to filter views in Cost Explorer

Access Control Tags

Resource Groups

  • A Resource Group is a collection of resources that share one or more tags
  • Resource groups helps combine information for multiple resources and services on a single screen for e.g. for a Dev Tag there might be multiple resources for ELB, EC2 and RDS. Using Resource Groups all the resources and their status can be views on a single page

Tag Editor

  • Tag Editor allows addition of tags to multiple resources at once
  • Tag Editor allows searching of resources using tags and then add, edit, remove tags for these resources
Loading... Please wait
Buy me a coffeeBuy me a coffee