Download AWS Tagging Guidelines for Government Entities: Purpose, Audience, and Best Practices and more Exams Architecture in PDF only on Docsity!
Information &
eGovernment
Authority
Governance & Enterprise Architecture Directorate
Version 0. 5 | 23 rd^ August 2021
Standards & Guidelines
for AWS Tagging
Governance & Enterprise Architecture Directorate
- Glossary Table of Contents
- Purpose
- Intended Audience
- Introduction to Tags
- Considerations to Best Practices
- Naming Conventions
- 5.1 General Naming Guidelines
- Tagging Guidelines
- 6.1 Cost Allocation
- 6.2 Automation
- 6.3 Operations Support
- Feedback and Comments
- References & Useful Resources
Governance & Enterprise Architecture Directorate
1. Purpose
Tagging is a feature on Amazon Web Services (AWS) environment that helps managing
organization’s instances, images, and other Amazon EC2 resources. It allows users to assign their
own metadata to each resource in the form of “tags”.
The purpose of this document is to provide a unified standardization of AWS tags across
government entities in order to facilitate systematic tracking, monitoring and reporting in
different areas such as cost allocation, automation, operations support, access control and
security risk management.
2. Intended Audience
Government users who are directly involved in creating, managing and monitoring AWS
resources.
3. Introduction to Tags
A tag is a label that users can assign to an AWS resource. Each tag consists of a key and value,
both of which users define.
Tags enable users to categorize their AWS resources in different ways, for example, by purpose,
owner, or environment, etc. This is useful when there are many resources of the same type
where users can quickly identify a specific resource based on the tags assigned to it.
Figure (a) shows how tagging simply works. In this
example, the user assigned two tags to each
instance; the first tag with a key indicating
ministry owning the instance “ gob: ministry ”
with value set to “ iga ” for Information and
eGovernment Authority, while the second tag
with a key indicating the type of hosting
environment that the instance runs on, to show
whether it is a testing , production or
development environment.
Figure (a) Basic Tagging Example
Governance & Enterprise Architecture Directorate
4. Considerations to Best Practices
iGA has defined the AWS Tagging Standards based on AWS best practices, which include:
- Usage of a standardized, case-sensitive format for tags.
- Maintaining consistently across all resource types.
- Consideration to tag dimensions that support the ability to manage resource access
control, cost tracking, automation, and organization.
- Implementation of automated tools to help manage resource tags. The Resource Groups
Tagging API enables programmatic control of tags, making it easier to automatically
manage, search, and filter tags and resources. It also simplifies backups of tag data
across all supported services with a single API call per AWS Region.
- Consideration to the implications of future changes of tags, especially in relation to tag-
based access control, automation, or upstream billing reports.
5. Naming Conventions
5.1 General Naming Guidelines
The following basic conventions for tag naming and usage should be considered while dealing
with tags on AWS environment:
- Each resource can have a maximum of 50 tags.
- For each resource, each tag key must be unique, and each tag key can have only one
value.
- The maximum tag key length is 128 Unicode characters in UTF-8.
- The maximum tag value length is 256 Unicode characters in UTF-8.
- Allowed characters can vary by AWS service. For information about what characters you
can use to tag resources in a particular AWS service, see its documentation. In general,
allowed characters in tags are letters, numbers, spaces representable in UTF-8, and the
following characters:. : + = @ _ / - (hyphen).
- In terms of capitalization, iGA has decided to avoid capital letters in tag keys.
- The “aws:” prefix is reserved for AWS use. It is not possible to edit or delete tag keys or
values when the tag has a tag key with the “aws:” prefix. Tags with the “aws:” prefix do
not count against your tags per resource limit.
Governance & Enterprise Architecture Directorate Tag Key Name Applicable Value / Examples department computer-communication-networks workload-name name-of-the-work-load technical-contact-name ahmed-mohamed-ali technical-contact-email [email protected] technical-contact-phone + support-vendor-name name-of-the-vendor support-vendor-contact-name contact-name-of-vendor-support support-vendor-contact-email [email protected] support-vendor-contact-phone +9731234567^8
7. Feedback and Comments
For feedback or any comments, please contact the Policies and Standards Team at iGA by email ([email protected]).
8. References & Useful Resources
- Cloud-First Policy
- AWS Landing Zone
- Government Entities Cost Center (available upon request)