Azure Tags – Why Use Tagging?
Optimized tagging can save a lot of headaches. A good resource tagging strategy can save time finding related resources, help application owners, improve cost monitoring and management; and contribute to improved security services by associating resources within logging. Today, we will talk about why we should use tags in Azure, and start expanding on the idea and see what tagging can do to improve our subscriptions.
Let’s jump right in! Tags are name/value pairs that enable you to categorize resources and view consolidated billing by applying the same tag to multiple resources and resource groups. Tag names are case insensitive but tag vlaues are case sensitive.
Now, in my example above there are no tags in that Azure subscription shown. You can check out your own subscriptions tags by going to https://portal.azure.com and use the search bar at the top for ‘tags’, then select Tags. Easy right!
Accepted tagging standards to organize resources are driven from the following reasons:
- Resource Management
- Your IT teams will need to quickly locate resources associated with specific workloads, environments, ownership groups, or other important information. Organizing resources is critical to assigning organizational roles and access permissions for resource management.
- Cost Management and optimization
- Making business groups aware of cloud resource consumption requires IT to understand the resources and workloads each team is using. The following topics are supported by cost-related tags:
- Cloud accounting models
- ROI calculations
- Cost tracking
- Budgets
- Alerts
- Recurring spend tracking and reporting
- Post-Implementation optimizations
- Cost-optimization tactics
- Making business groups aware of cloud resource consumption requires IT to understand the resources and workloads each team is using. The following topics are supported by cost-related tags:
- Operations management
- Visibility for the operations management team regarding business commitments and SLAs is an important aspect of ongoing operations. To be well-managed, tagging for mission criticality tagging is a requirement.
- Security
- Classification of data and security impact is a vital data point for the team, when breaches or other security issues arise. To operate securely, tagging for data classification is required.
- Governance and regulatory compliance
- Maintaining consistency across resources helps identify deviation from agreed-upon policies. Prescriptive guidance for resource tagging demonstrates how one of the patterns below can help when deploying governance practices. Similar patterns are available to evaluate regulatory compliance using tags.
- Automation
- In addition to making resources easier for IT to manage, a proper organizational scheme allows you to take advantage of automation as part of resource creation, operational monitoring, and the creation of DevOps processes.
- Workload optimization
- Tagging can help identify patterns and resolve broad issues. Tag can also help identify the assets required to support a single workload. Tagging all assets associated with each workload enables deeper analysis of your mission-critical workloads to make sound architectural decisions.
So, before we go and just create a bunch of tags, we should understand a few things that are really important. Let’s take the time to plan this correctly, we need to understand the purpose of tagging.
- In our case, we want to use tags to identify the team responsible for a resource, who the owner is, and where the costs for a resource should be billed back to. We’ll add a couple other tags as we develop our strategy here, but this is our basic short-term goal.
- Governance and compliance will be another driver for our tagging. We need to maintain consistency and tagging will help us to identify anything not being created using defined tags. After implementing our tagging strategy, we’ll be able to to evaluate if resources are being created according to policy and confirm if governance policies are being followed. This is our long-term goal.
- Security will benefit from having resources tagged correctly so that systems can be associated and identified more easily. The tagging strategy should include some usability improvements such as: Azure Sentinel playbooks will be able to provide resource tags in alerting messages to speed identification of impacted resources from an event. This will be our goal for security improvement and system efficiencies.
- Data classification will also be included in our tagging strategy so that we can more easily identify the sensitivity of data hosted by the tagged resource. This will be our lofty goal of data classification.
Alright, now that we’ve identified what is is we want to work towards and why we should be using tags, we’re ready to think about the next steps. What tagging strategy should we use and what tags should it really include?
Join me in the next article to break out what tags we can include to meet our goals and build our tagging strategy.
Sources:
https://portal.azure.com
https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/decision-guides/resource-tagging/